Linux Kernel Performance Counters Race Condition Privilege Escalation Vulnerability
2020-11-22T00:00:00
ID ZDI-20-1372 Type zdi Reporter Ryota Shiga(@Ga_ryo_) of Flatt Security Modified 2020-11-26T00:00:00
Description
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of performance counters. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.
{"id": "ZDI-20-1372", "bulletinFamily": "info", "title": "Linux Kernel Performance Counters Race Condition Privilege Escalation Vulnerability", "description": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of performance counters. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.", "published": "2020-11-22T00:00:00", "modified": "2020-11-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.zerodayinitiative.com/advisories/ZDI-20-1372/", "reporter": "Ryota Shiga(@Ga_ryo_) of Flatt Security", "references": ["https://access.redhat.com/security/cve/CVE-2020-14351"], "cvelist": ["CVE-2020-14351"], "type": "zdi", "lastseen": "2020-11-26T01:22:25", "edition": 1, "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-14351"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2021-0686.NASL", "OPENSUSE-2020-1901.NASL", "ORACLELINUX_ELSA-2021-9007.NASL", "ORACLELINUX_ELSA-2021-0558.NASL", "SUSE_SU-2020-3326-1.NASL", "ORACLELINUX_ELSA-2021-9006.NASL", "REDHAT-RHSA-2021-0537.NASL", "EULEROS_SA-2021-1265.NASL", "SUSE_SU-2020-3122-1.NASL", "REDHAT-RHSA-2021-0558.NASL"]}, {"type": "redhat", "idList": ["RHSA-2021:0558", "RHSA-2021:0719", "RHSA-2021:0686", "RHSA-2021:0537"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-0558", "ELSA-2021-9052", "ELSA-2021-9006", "ELSA-2021-9007", "ELSA-2021-9002", "ELSA-2021-9008", "ELSA-2021-9005"]}, {"type": "ubuntu", "idList": ["USN-4657-1", "USN-4660-2", "USN-4659-2", "USN-4659-1", "USN-4660-1", "USN-4658-2", "USN-4658-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:3B00E04C67EFB83F5D044A76DD92B52C", "CFOUNDRY:8CFF4A0AF748B0C857C01324EB35B6D4"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2483-1:37DA1", "DEBIAN:DLA-2494-1:12C95"]}, {"type": "amazon", "idList": ["ALAS-2021-1461", "ALAS2-2020-1566", "ALAS-2020-1462"]}], "modified": "2020-11-26T01:22:25", "rev": 2}, "score": {"value": 3.4, "vector": "NONE", "modified": "2020-11-26T01:22:25", "rev": 2}, "vulnersScore": 3.4}}
{"cve": [{"lastseen": "2021-02-02T07:36:59", "description": "A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-03T17:15:00", "title": "CVE-2020-14351", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14351"], "modified": "2020-12-18T14:15:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux:8.0"], "id": "CVE-2020-14351", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14351", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-02-20T14:09:42", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0537 advisory.\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-16T00:00:00", "title": "RHEL 8 : kernel-rt (RHSA-2021:0537)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25705", "CVE-2020-14351", "CVE-2020-29661"], "modified": "2021-02-16T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "cpe:/a:redhat:enterprise_linux:8::crb", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "cpe:/o:redhat:enterprise_linux:8::baseos", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::realtime", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "cpe:/a:redhat:enterprise_linux:8::nfv", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "cpe:/o:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::highavailability", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "cpe:/a:redhat:enterprise_linux:8::supplementary"], "id": "REDHAT-RHSA-2021-0537.NASL", "href": "https://www.tenable.com/plugins/nessus/146551", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0537. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146551);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\"CVE-2020-14351\", \"CVE-2020-25705\", \"CVE-2020-29661\");\n script_xref(name:\"RHSA\", value:\"2021:0537\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2021:0537)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0537 advisory.\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/330.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/667.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1862849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(330, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::crb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::highavailability\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::nfv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::realtime\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::resilientstorage\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::sap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::sap_hana\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::supplementary\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0537');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-14351', 'CVE-2020-25705', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0537');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'kernel-rt-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-core-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-debug-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-debug-core-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-debug-devel-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-debug-kvm-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-debug-modules-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-devel-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-kvm-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-modules-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-rt-modules-extra-4.18.0-240.15.1.rt7.69.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:30:24", "description": "The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25285: A race condition between hugetlb sysctl handlers in\nmm/hugetlb.c could be used by local attackers to corrupt memory, cause\na NULL pointer dereference, or possibly have unspecified other impact\n(bnc#1176485).\n\nCVE-2020-16120: Fixed permission check to open real file when using\noverlayfs. It was possible to have a file not readable by an\nunprivileged user be copied to a mountpoint controlled by that user\nand then be able to access the file. (bsc#1177470)\n\nCVE-2020-14351: Fixed a race condition in the perf_mmap_close()\nfunction (bsc#1177086).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 3, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3122-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-16120", "CVE-2020-25285", "CVE-2020-14351"], "modified": "2020-12-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-base", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-obs-build"], "id": "SUSE_SU-2020-3122-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143621", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3122-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143621);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-14351\", \"CVE-2020-16120\", \"CVE-2020-25285\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3122-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25285: A race condition between hugetlb sysctl handlers in\nmm/hugetlb.c could be used by local attackers to corrupt memory, cause\na NULL pointer dereference, or possibly have unspecified other impact\n(bnc#1176485).\n\nCVE-2020-16120: Fixed permission check to open real file when using\noverlayfs. It was possible to have a file not readable by an\nunprivileged user be copied to a mountpoint controlled by that user\nand then be able to access the file. (bsc#1177470)\n\nCVE-2020-14351: Fixed a race condition in the perf_mmap_close()\nfunction (bsc#1177086).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14351/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-16120/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25285/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203122-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a311d51b\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-3122=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-3122=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-3122=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP2-2020-3122=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3122=1\n\nSUSE Linux Enterprise High Availability 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-3122=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.34.1.9.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.34.1.9.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-20T13:22:25", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-0558 advisory.\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows\n to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue. (CVE-2020-25705)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-18T00:00:00", "title": "Oracle Linux 8 : kernel (ELSA-2021-0558)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25705", "CVE-2020-14351", "CVE-2020-29661"], "modified": "2021-02-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf", "p-cpe:/a:oracle:linux:bpftool", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel"], "id": "ORACLELINUX_ELSA-2021-0558.NASL", "href": "https://www.tenable.com/plugins/nessus/146568", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-0558.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146568);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\"CVE-2020-14351\", \"CVE-2020-25705\", \"CVE-2020-29661\");\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2021-0558)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-0558 advisory.\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.\n (CVE-2020-29661)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows\n to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue. (CVE-2020-25705)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-0558.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-14351', 'CVE-2020-25705', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-0558');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'bpftool-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'bpftool-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'kernel-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-4.18.0'},\n {'reference':'kernel-abi-whitelists-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_prefix':'kernel-abi-whitelists-4.18.0'},\n {'reference':'kernel-core-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_prefix':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_prefix':'kernel-headers-4.18.0'},\n {'reference':'kernel-headers-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_prefix':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_prefix':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_prefix':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'perf-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8'},\n {'reference':'python3-perf-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8'},\n {'reference':'python3-perf-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-20T14:09:43", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0558 advisory.\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-16T00:00:00", "title": "RHEL 8 : kernel (RHSA-2021:0558)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25705", "CVE-2020-14351", "CVE-2020-29661"], "modified": "2021-02-16T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "cpe:/a:redhat:enterprise_linux:8::crb", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "cpe:/o:redhat:enterprise_linux:8::baseos", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::realtime", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "cpe:/a:redhat:enterprise_linux:8::nfv", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:python3-perf", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::supplementary"], "id": "REDHAT-RHSA-2021-0558.NASL", "href": "https://www.tenable.com/plugins/nessus/146535", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0558. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146535);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\"CVE-2020-14351\", \"CVE-2020-25705\", \"CVE-2020-29661\");\n script_xref(name:\"RHSA\", value:\"2021:0558\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2021:0558)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0558 advisory.\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/330.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/667.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1862849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(330, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::crb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::highavailability\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::nfv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::realtime\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::resilientstorage\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::sap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::sap_hana\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::supplementary\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0558');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-14351', 'CVE-2020-25705', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0558');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'bpftool-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'bpftool-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'bpftool-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-abi-whitelists-4.18.0-240.15.1.el8_3', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-core-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-core-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-core-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-cross-headers-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-cross-headers-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-cross-headers-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-core-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-core-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-core-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-devel-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-devel-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-devel-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-modules-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-modules-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-modules-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-debug-modules-extra-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-devel-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-devel-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-devel-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-modules-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-modules-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-modules-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-modules-extra-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-modules-extra-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-modules-extra-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-tools-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-tools-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-tools-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-tools-libs-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-tools-libs-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-tools-libs-devel-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-zfcpdump-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-zfcpdump-core-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-zfcpdump-devel-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-zfcpdump-modules-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'perf-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'perf-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'perf-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'python3-perf-4.18.0-240.15.1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'python3-perf-4.18.0-240.15.1.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'python3-perf-4.18.0-240.15.1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-07T06:00:14", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0686 advisory.\n\n - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-03T00:00:00", "title": "RHEL 8 : kernel (RHSA-2021:0686)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25705", "CVE-2020-14351", "CVE-2020-29661", "CVE-2020-0444"], "modified": "2021-03-03T00:00:00", "cpe": ["cpe:/o:redhat:rhel_eus:8.1", "cpe:/a:redhat:rhel_eus:8.1::appstream", "cpe:/a:redhat:rhel_eus:8.1::sap_hana", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "cpe:/o:redhat:rhel_e4s:8.1::baseos", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "cpe:/a:redhat:rhel_e4s:8.1::sap_hana", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "cpe:/a:redhat:rhel_e4s:8.1::highavailability", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "cpe:/a:redhat:rhel_eus:8.1::sap", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "cpe:/a:redhat:rhel_eus:8.1::supplementary", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "cpe:/o:redhat:rhel_e4s:8.1", "cpe:/a:redhat:rhel_e4s:8.1::sap", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel", "cpe:/a:redhat:rhel_e4s:8.1::appstream", "cpe:/a:redhat:rhel_eus:8.1::crb", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "cpe:/o:redhat:rhel_eus:8.1::baseos", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "cpe:/a:redhat:rhel_eus:8.1::resilientstorage", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "cpe:/a:redhat:rhel_eus:8.1::highavailability", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core"], "id": "REDHAT-RHSA-2021-0686.NASL", "href": "https://www.tenable.com/plugins/nessus/147011", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0686. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147011);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/05\");\n\n script_cve_id(\n \"CVE-2020-0444\",\n \"CVE-2020-14351\",\n \"CVE-2020-25705\",\n \"CVE-2020-29661\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0686\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2021:0686)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0686 advisory.\n\n - kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)\n\n - kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n - kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\n - kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/99.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/244.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/330.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/667.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1862849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1906525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1920474\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29661\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(99, 244, 330, 416, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.1::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.1::highavailability\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.1::sap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.1::sap_hana\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.1::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.1::crb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.1::highavailability\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.1::resilientstorage\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.1::sap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.1::sap_hana\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.1::supplementary\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_e4s_8_1_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_e4s_8_1_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_1',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_1'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0686');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-0444', 'CVE-2020-14351', 'CVE-2020-25705', 'CVE-2020-29661');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:0686');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'kernel-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-core-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-core-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-core-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-debug-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-debug-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-debug-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-debug-core-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-debug-core-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-debug-core-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-debug-devel-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-debug-devel-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-debug-devel-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-debug-modules-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-debug-modules-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-debug-modules-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-debug-modules-extra-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-devel-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-devel-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-devel-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-modules-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-modules-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-modules-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-modules-extra-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-modules-extra-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-modules-extra-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-zfcpdump-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-zfcpdump-core-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-zfcpdump-devel-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-zfcpdump-modules-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-147.43.1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_e4s_8_1_baseos', 'rhel_e4s_8_1_highavailability', 'rhel_e4s_8_1_sap', 'rhel_e4s_8_1_sap_hana', 'rhel_eus_8_1_appstream', 'rhel_eus_8_1_baseos', 'rhel_eus_8_1_crb', 'rhel_eus_8_1_highavailability', 'rhel_eus_8_1_resilientstorage', 'rhel_eus_8_1_sap', 'rhel_eus_8_1_sap_hana', 'rhel_eus_8_1_supplementary']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-core / kernel-debug / kernel-debug-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-10T09:09:01", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In drivers/target/target_core_xcopy.c in the Linux\n kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote\n attackers to read or write files via directory\n traversal in an XCOPY request, aka CID-2896c93811e3.\n For example, an attack can occur over a network if the\n attacker has access to one iSCSI LUN. The attacker\n gains control over file access because I/O operations\n are proxied via an attacker-selected\n backstore.(CVE-2020-28374)\n\n - mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c in the\n Linux kernel through 5.10.4 might allow remote\n attackers to execute arbitrary code via a long SSID\n value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - In tun_get_user of tun.c, there is possible memory\n corruption due to a use after free. This could lead to\n local escalation of privilege with System execution\n privileges required. User interaction is not required\n for exploitation. (CVE-2021-0342)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability. (CVE-2020-14351)\n\n - fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8,\n when there is an NFS export of a subdirectory of a\n filesystem, allows remote attackers to traverse to\n other parts of the filesystem via READDIRPLUS. NOTE:\n some parties argue that such a subdirectory export is\n not intended to prevent this attack see also the\n exports(5) no_subtree_check default\n behavior.(CVE-2021-3178)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 2, "cvss3": {"score": 6.7, "vector": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-05T00:00:00", "title": "EulerOS : kernel (EulerOS-SA-2021-1265)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-0342", "CVE-2020-36158", "CVE-2020-14351", "CVE-2020-28374", "CVE-2021-3178"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:python3-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "cpe:/o:huawei:euleros:"], "id": "EULEROS_SA-2021-1265.NASL", "href": "https://www.tenable.com/plugins/nessus/146261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146261);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/09\");\n\n script_cve_id(\n \"CVE-2020-14351\",\n \"CVE-2020-28374\",\n \"CVE-2020-36158\",\n \"CVE-2021-0342\",\n \"CVE-2021-3178\"\n );\n\n script_name(english:\"EulerOS : kernel (EulerOS-SA-2021-1265)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In drivers/target/target_core_xcopy.c in the Linux\n kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote\n attackers to read or write files via directory\n traversal in an XCOPY request, aka CID-2896c93811e3.\n For example, an attack can occur over a network if the\n attacker has access to one iSCSI LUN. The attacker\n gains control over file access because I/O operations\n are proxied via an attacker-selected\n backstore.(CVE-2020-28374)\n\n - mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c in the\n Linux kernel through 5.10.4 might allow remote\n attackers to execute arbitrary code via a long SSID\n value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - In tun_get_user of tun.c, there is possible memory\n corruption due to a use after free. This could lead to\n local escalation of privilege with System execution\n privileges required. User interaction is not required\n for exploitation. (CVE-2021-0342)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability. (CVE-2020-14351)\n\n - fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8,\n when there is an NFS export of a subdirectory of a\n filesystem, allows remote attackers to traverse to\n other parts of the filesystem via READDIRPLUS. NOTE:\n some parties argue that such a subdirectory export is\n not intended to prevent this attack see also the\n exports(5) no_subtree_check default\n behavior.(CVE-2021-3178)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1265\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?113ac543\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release (\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS \");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.18.0-147.5.1.2.h340.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.2.h340.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.2.h340.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.2.h340.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:00:11", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9006 advisory.\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows\n to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue. (CVE-2020-25705)\n\n - A flaw was found in the Linux kernels futex implementation. This flaw allows a local attacker to corrupt\n system memory or escalate their privileges when creating a futex on a filesystem that is about to be\n unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system\n availability. (CVE-2020-14381)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-01-13T00:00:00", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9006)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25705", "CVE-2020-14381", "CVE-2020-29569", "CVE-2020-29568", "CVE-2020-14351", "CVE-2020-28374"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-tools", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9006.NASL", "href": "https://www.tenable.com/plugins/nessus/144907", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9006.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144907);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2020-14351\",\n \"CVE-2020-14381\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9006)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9006 advisory.\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows\n to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue. (CVE-2020-25705)\n\n - A flaw was found in the Linux kernels futex implementation. This flaw allows a local attacker to corrupt\n system memory or escalate their privileges when creating a futex on a filesystem that is about to be\n unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system\n availability. (CVE-2020-14381)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9006.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-14351', 'CVE-2020-14381', 'CVE-2020-25705', 'CVE-2020-28374', 'CVE-2020-29568', 'CVE-2020-29569');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9006');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-5.4.17-2036.102.0.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2036.102.0.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.102.0.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.102.0.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.102.0.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.102.0.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.102.0.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.102.0.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2036.102.0.2.el7uek', 'release':'7', 'rpm_prefix':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2036.102.0.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2036.102.0.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2036.102.0.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2036.102.0.2.el7uek', 'cpu':'aarch64', 'release':'7'},\n {'reference':'python-perf-5.4.17-2036.102.0.2.el7uek', 'cpu':'aarch64', 'release':'7'},\n {'reference':'kernel-uek-5.4.17-2036.102.0.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2036.102.0.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.102.0.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.102.0.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.102.0.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.102.0.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.102.0.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.102.0.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2036.102.0.2.el8uek', 'release':'8', 'rpm_prefix':'kernel-uek-doc-5.4.17'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:00:11", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9007 advisory.\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows\n to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue. (CVE-2020-25705)\n\n - A flaw was found in the Linux kernels futex implementation. This flaw allows a local attacker to corrupt\n system memory or escalate their privileges when creating a futex on a filesystem that is about to be\n unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system\n availability. (CVE-2020-14381)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-01-13T00:00:00", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9007)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25705", "CVE-2020-14381", "CVE-2020-29569", "CVE-2020-29568", "CVE-2020-14351", "CVE-2020-28374"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-container", "cpe:/o:oracle:linux:8", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2021-9007.NASL", "href": "https://www.tenable.com/plugins/nessus/144906", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9007.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144906);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2020-14351\",\n \"CVE-2020-14381\",\n \"CVE-2020-25705\",\n \"CVE-2020-28374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9007)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9007 advisory.\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows\n to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source\n port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly\n integrity, because software that relies on UDP source port randomization are indirectly affected as well.\n Kernel versions before 5.10 may be vulnerable to this issue. (CVE-2020-25705)\n\n - A flaw was found in the Linux kernels futex implementation. This flaw allows a local attacker to corrupt\n system memory or escalate their privileges when creating a futex on a filesystem that is about to be\n unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system\n availability. (CVE-2020-14381)\n\n - An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are\n processing watch events using a single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable. (CVE-2020-29568)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9007.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-14351', 'CVE-2020-14381', 'CVE-2020-25705', 'CVE-2020-28374', 'CVE-2020-29568', 'CVE-2020-29569');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9007');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-container-5.4.17-2036.102.0.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2036.102.0.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2036.102.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2036.102.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-uek-container-debug-5.4.17'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-12T14:48:45", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25656: Fixed a concurrency use-after-free in\nvt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers\nin mm/hugetlb.c (bnc#1176485).\n\nCVE-2020-0430: Fixed an OOB read in skb_headlen of\n/include/linux/skbuff.h (bnc#1176723).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function\n(bsc#1177086).\n\nCVE-2020-16120: Fixed a permissions issue in ovl_path_open()\n(bsc#1177470).\n\nCVE-2020-8694: Restricted energy meter to root access (bsc#1170415).\n\nCVE-2020-25705: A ICMP global rate limiting side-channel was removed\nwhich could lead to e.g. the SADDNS attack (bsc#1175721)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 2, "cvss3": {"score": 7.4, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2020-12-09T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3326-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-16120", "CVE-2020-25705", "CVE-2020-25285", "CVE-2020-0430", "CVE-2020-25656", "CVE-2020-14351", "CVE-2020-8694"], "modified": "2020-12-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-default"], "id": "SUSE_SU-2020-3326-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143858", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3326-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143858);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\"CVE-2020-0430\", \"CVE-2020-14351\", \"CVE-2020-16120\", \"CVE-2020-25285\", \"CVE-2020-25656\", \"CVE-2020-25705\", \"CVE-2020-8694\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3326-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25656: Fixed a concurrency use-after-free in\nvt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers\nin mm/hugetlb.c (bnc#1176485).\n\nCVE-2020-0430: Fixed an OOB read in skb_headlen of\n/include/linux/skbuff.h (bnc#1176723).\n\nCVE-2020-14351: Fixed a race in the perf_mmap_close() function\n(bsc#1177086).\n\nCVE-2020-16120: Fixed a permissions issue in ovl_path_open()\n(bsc#1177470).\n\nCVE-2020-8694: Restricted energy meter to root access (bsc#1170415).\n\nCVE-2020-25705: A ICMP global rate limiting side-channel was removed\nwhich could lead to e.g. the SADDNS attack (bsc#1175721)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167030\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0430/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14351/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-16120/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25285/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25656/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25705/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8694/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203326-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4478bf3e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2020-3326=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3326=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3326=1\n\nSUSE Linux Enterprise Live Patching 12-SP5 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-3326=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2020-3326=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25705\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.51.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.51.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-17T12:33:04", "description": "The openSUSE Leap 15.1 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-25668: Fixed concurrency use-after-free in\n con_font_op (bnc#1178123).\n\n - CVE-2020-25656: Fixed race condition in kbd code\n (bnc#1177766).\n\n - CVE-2020-25285: A race condition between hugetlb sysctl\n handlers in mm/hugetlb.c kernel could be used by local\n attackers to corrupt memory, cause a NULL pointer\n dereference, or possibly have unspecified other impact,\n aka CID-17743798d812 (bnc#1176485).\n\n - CVE-2020-0430: In skb_headlen of\n /include/linux/skbuff.h, there is a possible out of\n bounds read due to memory corruption. This could lead to\n local escalation of privilege with no additional\n execution privileges needed. User interaction is not\n needed for exploitation (bnc#1176723).\n\n - CVE-2020-14351: Fixed race in the perf_mmap_close()\n function (bsc#1177086).\n\n - CVE-2020-16120: Fixed verify permissions in\n ovl_path_open() (bsc#1177470).\n\n - CVE-2020-8694: Restrict energy meter to root access to\n avoid side channel attack (bsc#1170415).\n\nThe following non-security bugs were fixed :\n\n - 9P: Cast to loff_t before multiplying (git-fixes).\n\n - ACPI / extlog: Check for RDMSR failure (git-fixes).\n\n - ACPI: debug: do not allow debugging when ACPI is\n disabled (git-fixes).\n\n - ACPI: dock: fix enum-conversion warning (git-fixes).\n\n - ACPI: video: use ACPI backlight for HP 635 Notebook\n (git-fixes).\n\n - ALSA: bebob: potential info leak in hwdep_read()\n (git-fixes).\n\n - ALSA: compress_offload: remove redundant initialization\n (git-fixes).\n\n - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro\n (git-fixes).\n\n - ALSA: core: pcm: simplify locking for timers\n (git-fixes).\n\n - ALSA: core: timer: clarify operator precedence\n (git-fixes).\n\n - ALSA: core: timer: remove redundant assignment\n (git-fixes).\n\n - ALSA: ctl: Workaround for lockdep warning wrt\n card->ctl_files_rwlock (git-fixes).\n\n - ALSA: hda - Do not register a cb func if it is\n registered already (git-fixes).\n\n - ALSA: hda - Fix the return value if cb func is already\n registered (git-fixes).\n\n - ALSA: hda/realtek - Add mute Led support for HP\n Elitebook 845 G7 (git-fixes).\n\n - ALSA: hda/realtek - The front Mic on a HP machine does\n not work (git-fixes).\n\n - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA\n with ALC887 (git-fixes).\n\n - ALSA: hda: auto_parser: remove shadowed variable\n declaration (git-fixes).\n\n - ALSA: hda: prevent undefined shift in\n snd_hdac_ext_bus_get_link() (git-fixes).\n\n - ALSA: hda: use semicolons rather than commas to separate\n statements (git-fixes).\n\n - ALSA: mixart: Correct comment wrt obsoleted tasklet\n usage (git-fixes).\n\n - ALSA: rawmidi: (cosmetic) align function parameters\n (git-fixes).\n\n - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl\n (git-fixes).\n\n - ALSA: usb-audio: Add mixer support for Pioneer DJ\n DJM-250MK2 (git-fixes).\n\n - ALSA: usb-audio: endpoint.c: fix repeated word 'there'\n (git-fixes).\n\n - ALSA: usb-audio: fix spelling mistake 'Frequence' ->\n 'Frequency' (git-fixes).\n\n - ASoC: qcom: lpass-cpu: fix concurrency issue\n (git-fixes).\n\n - ASoC: qcom: lpass-platform: fix memory leak (git-fixes).\n\n - Add cherry-picked ids for already backported DRM radeon\n patches\n\n - Bluetooth: MGMT: Fix not checking if BT_HS is enabled\n (git-fixes).\n\n - Bluetooth: Only mark socket zapped after unlocking\n (git-fixes).\n\n - EDAC/i5100: Fix error handling order in i5100_init_one()\n (bsc#1112178).\n\n - Fix use after free in get_capset_info callback\n (git-fixes).\n\n - HID: roccat: add bounds checking in\n kone_sysfs_write_settings() (git-fixes).\n\n - HID: wacom: Avoid entering wacom_wac_pen_report for pad\n / battery (git-fixes).\n\n - Input: ep93xx_keypad - fix handling of\n platform_get_irq() error (git-fixes).\n\n - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515\n (git-fixes).\n\n - Input: imx6ul_tsc - clean up some errors in\n imx6ul_tsc_resume() (git-fixes).\n\n - Input: omap4-keypad - fix handling of platform_get_irq()\n error (git-fixes).\n\n - Input: sun4i-ps2 - fix handling of platform_get_irq()\n error (git-fixes).\n\n - Input: twl4030_keypad - fix handling of\n platform_get_irq() error (git-fixes).\n\n - NTB: hw: amd: fix an issue about leak system resources\n (git-fixes).\n\n - USB: adutux: fix debugging (git-fixes).\n\n - USB: cdc-acm: handle broken union descriptors\n (git-fixes).\n\n - USB: cdc-wdm: Make wdm_flush() interruptible and add\n wdm_fsync() (git-fixes).\n\n - USB: serial: qcserial: fix altsetting probing\n (git-fixes).\n\n - VMCI: check return value of get_user_pages_fast() for\n errors (git-fixes).\n\n - XEN uses irqdesc::irq_data_common::handler_data to store\n a per interrupt XEN data pointer which contains XEN\n specific information (XSA-332 bsc#1065600).\n\n - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs\n (git-fixes).\n\n - ata: sata_rcar: Fix DMA boundary mask (git-fixes).\n\n - ath10k: Fix the size used in a 'dma_free_coherent()'\n call in an error handling path (git-fixes).\n\n - ath10k: check idx validity in\n __ath10k_htt_rx_ring_fill_n() (git-fixes).\n\n - ath10k: fix VHT NSS calculation when STBC is enabled\n (git-fixes).\n\n - ath10k: provide survey info as accumulated data\n (git-fixes).\n\n - ath10k: start recovery process when payload length\n exceeds max htc length for sdio (git-fixes).\n\n - ath6kl: prevent potential array overflow in\n ath6kl_add_new_sta() (git-fixes).\n\n - ath6kl: wmi: prevent a shift wrapping bug in\n ath6kl_wmi_delete_pstream_cmd() (git-fixes).\n\n - ath9k: Fix potential out of bounds in\n ath9k_htc_txcompletion_cb() (git-fixes).\n\n - ath9k: hif_usb: fix race condition between usb_get_urb()\n and usb_kill_anchored_urbs() (git-fixes).\n\n - backlight: sky81452-backlight: Fix refcount imbalance on\n error (git-fixes).\n\n - blk-mq: order adding requests to hctx->dispatch and\n checking SCHED_RESTART (bsc#1177750).\n\n - block: ensure bdi->io_pages is always initialized\n (bsc#1177749).\n\n - bnxt: do not enable NAPI until rings are ready\n (networking-stable-20_09_11).\n\n - bnxt_en: Check for zero dir entries in NVRAM\n (networking-stable-20_09_11).\n\n - brcm80211: fix possible memleak in\n brcmf_proto_msgbuf_attach (git-fixes).\n\n - brcmfmac: check ndev pointer (git-fixes).\n\n - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy\n (git-fixes).\n\n - btrfs: check the right error variable in\n btrfs_del_dir_entries_in_log (bsc#1177687).\n\n - btrfs: do not force read-only after error in drop\n snapshot (bsc#1176354).\n\n - btrfs: do not set the full sync flag on the inode during\n page release (bsc#1177687).\n\n - btrfs: fix incorrect updating of log root tree\n (bsc#1177687).\n\n - btrfs: fix race between page release and a fast fsync\n (bsc#1177687).\n\n - btrfs: only commit delayed items at fsync if we are\n logging a directory (bsc#1177687).\n\n - btrfs: only commit the delayed inode when doing a full\n fsync (bsc#1177687).\n\n - btrfs: qgroup: fix qgroup meta rsv leak for subvolume\n operations (bsc#1177856).\n\n - btrfs: qgroup: fix wrong qgroup metadata reserve for\n delayed inode (bsc#1177855).\n\n - btrfs: reduce contention on log trees when logging\n checksums (bsc#1177687).\n\n - btrfs: release old extent maps during page release\n (bsc#1177687).\n\n - btrfs: remove no longer needed use of log_writers for\n the log root tree (bsc#1177687).\n\n - btrfs: remove root usage from can_overcommit\n (bsc#1131277).\n\n - btrfs: stop incremening log_batch for the log root tree\n when syncing log (bsc#1177687).\n\n - btrfs: take overcommit into account in\n inc_block_group_ro (bsc#1176560).\n\n - btrfs: tree-checker: fix false alert caused by legacy\n btrfs root item (bsc#1177861).\n\n - bus/fsl_mc: Do not rely on caller to provide non NULL\n mc_io (git-fixes).\n\n - can: c_can: reg_map_(c,d)_can: mark as __maybe_unused\n (git-fixes).\n\n - can: can_create_echo_skb(): fix echo skb generation:\n always use skb_clone() (git-fixes).\n\n - can: dev: __can_get_echo_skb(): fix real payload length\n return value for RTR frames (git-fixes).\n\n - can: dev: can_get_echo_skb(): prevent call to\n kfree_skb() in hard IRQ context (git-fixes).\n\n - can: flexcan: flexcan_chip_stop(): add error handling\n and propagate error value (git-fixes).\n\n - can: peak_canfd: pucan_handle_can_rx(): fix echo\n management when loopback is on (git-fixes).\n\n - can: peak_usb: add range checking in decode operations\n (git-fixes).\n\n - can: peak_usb: peak_usb_get_ts_time(): fix timestamp\n wrapping (git-fixes).\n\n - can: rx-offload: do not call kfree_skb() from IRQ\n context (git-fixes).\n\n - can: softing: softing_card_shutdown(): add braces around\n empty body in an 'if' statement (git-fixes).\n\n - ceph: fix memory leak in ceph_cleanup_snapid_map()\n (bsc#1178234).\n\n - ceph: map snapid to anonymous bdev ID (bsc#1178234).\n\n - ceph: promote to unsigned long long before shifting\n (bsc#1178187).\n\n - clk: at91: clk-main: update key before writing\n AT91_CKGR_MOR (git-fixes).\n\n - clk: at91: remove the checking of parent_name\n (git-fixes).\n\n - clk: bcm2835: add missing release if\n devm_clk_hw_register fails (git-fixes).\n\n - clk: imx8mq: Fix usdhc parents order (git-fixes).\n\n - clk: ti: clockdomain: fix static checker warning\n (git-fixes).\n\n - coredump: fix crash when umh is disabled (bsc#1177753).\n\n - crypto: algif_skcipher - EBUSY on aio should be an error\n (git-fixes).\n\n - crypto: bcm - Verify GCM/CCM key length in setkey\n (git-fixes).\n\n - crypto: ccp - fix error handling (git-fixes).\n\n - crypto: ixp4xx - Fix the size used in a\n 'dma_free_coherent()' call (git-fixes).\n\n - crypto: mediatek - Fix wrong return value in\n mtk_desc_ring_alloc() (git-fixes).\n\n - crypto: omap-sham - fix digcnt register handling with\n export/import (git-fixes).\n\n - cxl: Rework error message for incompatible slots\n (bsc#1055014 git-fixes).\n\n - cypto: mediatek - fix leaks in mtk_desc_ring_alloc\n (git-fixes).\n\n - device property: Do not clear secondary pointer for\n shared primary firmware node (git-fixes).\n\n - device property: Keep secondary firmware node secondary\n by type (git-fixes).\n\n - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status\n (git-fixes).\n\n - drm/amd/display: Do not invoke kgdb_breakpoint()\n unconditionally (git-fixes).\n\n - drm/amd/display: HDMI remote sink need mode validation\n for Linux (git-fixes).\n\n - drm/amdgpu: do not map BO in reserved region\n (git-fixes).\n\n - drm/amdgpu: prevent double kfree ttm->sg (git-fixes).\n\n - drm/bridge/synopsys: dsi: add support for non-continuous\n HS clock (git-fixes).\n\n - drm/brige/megachips: Add checking if\n ge_b850v3_lvds_init() is working correctly (git-fixes).\n\n - drm/gma500: fix error check (git-fixes).\n\n - drm/i915: Force VT'd workarounds when running as a guest\n OS (git-fixes).\n\n - drm/imx: tve remove extraneous type qualifier\n (git-fixes).\n\n - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds()\n (git-fixes).\n\n - drm/nouveau/mem: guard against NULL pointer access in\n mem_del (git-fixes).\n\n - drm/ttm: fix eviction valuable range check (git-fixes).\n\n - eeprom: at25: set minimum read/write access stride to 1\n (git-fixes).\n\n - efivarfs: Replace invalid slashes with exclamation marks\n in dentries (git-fixes).\n\n - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY\n (networking-stable-20_08_24).\n\n - gtp: add GTPA_LINK info to msg sent to userspace\n (networking-stable-20_09_11).\n\n - i2c: imx: Fix external abort on interrupt in exit paths\n (git-fixes).\n\n - ibmveth: Identify ingress large send packets\n (bsc#1178185 ltc#188897).\n\n - ibmveth: Switch order of ibmveth_helper calls\n (bsc#1061843 git-fixes).\n\n - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943\n git-fixes).\n\n - ibmvnic: save changed mac address to adapter->mac_addr\n (bsc#1134760 ltc#177449 git-fixes).\n\n - icmp: randomize the global rate limiter (git-fixes).\n\n - iio:accel:bma180: Fix use of true when should be\n iio_shared_by enum (git-fixes).\n\n - iio:adc:max1118 Fix alignment of timestamp and data leak\n issues (git-fixes).\n\n - iio:adc:ti-adc0832 Fix alignment issue with timestamp\n (git-fixes).\n\n - iio:adc:ti-adc12138 Fix alignment issue with timestamp\n (git-fixes).\n\n - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE\n (git-fixes).\n\n - iio:gyro:itg3200: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:light:si1145: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:magn:hmc5843: Fix passing true where iio_shared_by\n enum required (git-fixes).\n\n - ima: Remove semicolon at the end of\n ima_get_binary_runtime_size() (git-fixes).\n\n - include/linux/swapops.h: correct guards for\n non_swap_entry() (git-fixes (mm/swap)).\n\n - iomap: Make sure iomap_end is called after iomap_begin\n (bsc#1177754).\n\n - ip: fix tos reflection in ack and reset packets\n (networking-stable-20_09_24).\n\n - ipv4: Restore flowi4_oif update before call to\n xfrm_lookup_route (git-fixes).\n\n - ipv4: Update exception handling for multipath routes via\n same device (networking-stable-20_09_24).\n\n - iwlwifi: mvm: split a print to avoid a WARNING in ROC\n (git-fixes).\n\n - kbuild: enforce -Werror=return-type (bsc#1177281).\n\n - leds: bcm6328, bcm6358: use devres LED registering\n function (git-fixes).\n\n - leds: mt6323: move period calculation (git-fixes).\n\n - lib/crc32.c: fix trivial typo in preprocessor condition\n (git-fixes).\n\n - libceph: clear con->out_msg on Policy::stateful_server\n faults (bsc#1178188).\n\n - mac80211: handle lack of sband->bitrates in rates\n (git-fixes).\n\n - mailbox: avoid timer start from callback (git-fixes).\n\n - media: Revert 'media: exynos4-is: Add missed check for\n pinctrl_lookup_state()' (git-fixes).\n\n - media: ati_remote: sanity check for both endpoints\n (git-fixes).\n\n - media: bdisp: Fix runtime PM imbalance on error\n (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak\n (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak due to\n pm_runtime_get_sync (git-fixes).\n\n - media: exynos4-is: Fix several reference count leaks due\n to pm_runtime_get_sync (git-fixes).\n\n - media: firewire: fix memory leak (git-fixes).\n\n - media: m5mols: Check function pointer in\n m5mols_sensor_power (git-fixes).\n\n - media: media/pci: prevent memory leak in bttv_probe\n (git-fixes).\n\n - media: omap3isp: Fix memleak in isp_probe (git-fixes).\n\n - media: platform: Improve queue set up flow for bug\n fixing (git-fixes).\n\n - media: platform: fcp: Fix a reference count leak\n (git-fixes).\n\n - media: platform: s3c-camif: Fix runtime PM imbalance on\n error (git-fixes).\n\n - media: platform: sti: hva: Fix runtime PM imbalance on\n error (git-fixes).\n\n - media: s5p-mfc: Fix a reference count leak (git-fixes).\n\n - media: saa7134: avoid a shift overflow (git-fixes).\n\n - media: st-delta: Fix reference count leak in\n delta_run_work (git-fixes).\n\n - media: sti: Fix reference count leaks (git-fixes).\n\n - media: tc358743: initialize variable (git-fixes).\n\n - media: ti-vpe: Fix a missing check and reference count\n leak (git-fixes).\n\n - media: tuner-simple: fix regression in\n simple_set_radio_freq (git-fixes).\n\n - media: tw5864: check status of tw5864_frameinterval_get\n (git-fixes).\n\n - media: usbtv: Fix refcounting mixup (git-fixes).\n\n - media: uvcvideo: Ensure all probed info is returned to\n v4l2 (git-fixes).\n\n - media: vsp1: Fix runtime PM imbalance on error\n (git-fixes).\n\n - memory: fsl-corenet-cf: Fix handling of\n platform_get_irq() error (git-fixes).\n\n - memory: omap-gpmc: Fix a couple off by ones (git-fixes).\n\n - mfd: sm501: Fix leaks in probe() (git-fixes).\n\n - mic: vop: copy data to kernel space then write to io\n memory (git-fixes).\n\n - misc: mic: scif: Fix error handling path (git-fixes).\n\n - misc: rtsx: Fix memory leak in rtsx_pci_probe\n (git-fixes).\n\n - misc: vop: add round_up(x,4) for vring_size to avoid\n kernel panic (git-fixes).\n\n - mlx5 PPC ringsize workaround (bsc#1173432).\n\n - mlx5: remove support for ib_get_vector_affinity\n (bsc#1174748).\n\n - mm, numa: fix bad pmd by atomically check for\n pmd_trans_huge when marking page tables prot_numa\n (git-fixes (mm/numa)).\n\n - mm/huge_memory.c: use head to check huge zero page\n (git-fixes (mm/thp)).\n\n - mm/ksm.c: do not WARN if page is still mapped in\n remove_stable_node() (git-fixes (mm/hugetlb)).\n\n - mm/mempolicy.c: fix out of bounds write in\n mpol_parse_str() (git-fixes (mm/mempolicy)).\n\n - mm/mempolicy.c: use match_string() helper to simplify\n the code (git-fixes (mm/mempolicy)).\n\n - mm/page-writeback.c: avoid potential division by zero in\n wb_min_max_ratio() (git-fixes (mm/writeback)).\n\n - mm/page-writeback.c: improve arithmetic divisions\n (git-fixes (mm/writeback)).\n\n - mm/page-writeback.c: use div64_ul() for\n u64-by-unsigned-long divide (git-fixes (mm/writeback)).\n\n - mm/page_owner.c: remove drain_all_pages from\n init_early_allocated_pages (git-fixes (mm/debug)).\n\n - mm/rmap: fixup copying of soft dirty and uffd ptes\n (git-fixes (mm/rmap)).\n\n - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n\n (git-fixes (mm/zsmalloc)).\n\n - mm/zsmalloc.c: fix race condition in zs_destroy_pool\n (git-fixes (mm/zsmalloc)).\n\n - mm/zsmalloc.c: fix the migrated zspage statistics\n (git-fixes (mm/zsmalloc)).\n\n - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY\n indefinitely (git-fixes (mm/zsmalloc)).\n\n - mm: hugetlb: switch to css_tryget() in\n hugetlb_cgroup_charge_cgroup() (git-fixes (mm/hugetlb)).\n\n - mmc: sdhci-of-esdhc: set timeout to max before tuning\n (git-fixes).\n\n - mmc: sdio: Check for CISTPL_VERS_1 buffer size\n (git-fixes).\n\n - mtd: lpddr: Fix bad logic in print_drs_error\n (git-fixes).\n\n - mtd: lpddr: fix excessive stack usage with clang\n (git-fixes).\n\n - mtd: mtdoops: Do not write panic data twice (git-fixes).\n\n - mwifiex: Do not use GFP_KERNEL in atomic context\n (git-fixes).\n\n - mwifiex: Remove unnecessary braces from\n HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes).\n\n - mwifiex: do not call del_timer_sync() on uninitialized\n timer (git-fixes).\n\n - mwifiex: fix double free (git-fixes).\n\n - mwifiex: remove function pointer check (git-fixes).\n\n - net/mlx5e: Take common TIR context settings into a\n function (bsc#1177740).\n\n - net/mlx5e: Turn on HW tunnel offload in all TIRs\n (bsc#1177740).\n\n - net: Fix potential wrong skb->protocol in\n skb_vlan_untag() (networking-stable-20_08_24).\n\n - net: disable netpoll on fresh napis\n (networking-stable-20_09_11).\n\n - net: fec: Fix PHY init after\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix phy_device lookup for\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: hns: Fix memleak in hns_nic_dev_probe\n (networking-stable-20_09_11).\n\n - net: ipv6: fix kconfig dependency warning for\n IPV6_SEG6_HMAC (networking-stable-20_09_24).\n\n - net: phy: Avoid NPD upon phy_detach() when driver is\n unbound (networking-stable-20_09_24).\n\n - net: qrtr: fix usage of idr in port assignment to socket\n (networking-stable-20_08_24).\n\n - net: systemport: Fix memleak in bcm_sysport_probe\n (networking-stable-20_09_11).\n\n - net: usb: dm9601: Add USB ID of Keenetic Plus DSL\n (networking-stable-20_09_11).\n\n - net: usb: qmi_wwan: add Cellient MPL200 card\n (git-fixes).\n\n - net: usb: rtl8150: set random MAC address when\n set_ethernet_addr() fails (git-fixes).\n\n - net: wireless: nl80211: fix out-of-bounds access in\n nl80211_del_key() (git-fixes).\n\n - netlabel: fix problems with mapping removal\n (networking-stable-20_09_11).\n\n - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute\n in nfc_genl_fw_download() (git-fixes).\n\n - nl80211: fix non-split wiphy information (git-fixes).\n\n - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).\n\n - nvme-rdma: fix crash when connect rejected\n (bsc#1174748).\n\n - nvme: do not update disk info for multipathed device\n (bsc#1171558).\n\n - p54: avoid accessing the data mapped to streaming DMA\n (git-fixes).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM\n configuration (git-fixes).\n\n - power: supply: test_power: add missing newlines when\n printing parameters by sysfs (git-fixes).\n\n - powerpc/hwirq: Remove stale forward irq_chip declaration\n (bsc#1065729).\n\n - powerpc/icp-hv: Fix missing of_node_put() in success\n path (bsc#1065729).\n\n - powerpc/irq: Drop forward declaration of struct\n irqaction (bsc#1065729).\n\n - powerpc/perf/hv-gpci: Fix starting index value\n (bsc#1065729).\n\n - powerpc/powernv/dump: Fix race while processing OPAL\n dump (bsc#1065729).\n\n - powerpc/powernv/elog: Fix race while processing OPAL\n error log event (bsc#1065729).\n\n - powerpc/pseries: Fix missing of_node_put() in rng_init()\n (bsc#1065729).\n\n - powerpc/pseries: explicitly reschedule during drmem_lmb\n list traversal (bsc#1077428 ltc#163882 git-fixes).\n\n - powerpc: Fix undetected data corruption with P9N DD2.1\n VSX CI load emulation (bsc#1065729).\n\n - pty: do tty_flip_buffer_push without port->lock in\n pty_write (git-fixes).\n\n - pwm: lpss: Add range limit check for the base_unit\n register value (git-fixes).\n\n - pwm: lpss: Fix off by one error in base_unit math in\n pwm_lpss_prepare() (git-fixes).\n\n - regulator: defer probe when trying to get voltage from\n unresolved supply (git-fixes).\n\n - regulator: resolve supply after creating regulator\n (git-fixes).\n\n - ring-buffer: Return 0 on success from\n ring_buffer_resize() (git-fixes).\n\n - rpm/kernel-module-subpackage: make Group tag optional\n (bsc#1163592)\n\n - rtl8xxxu: prevent potential memory leak (git-fixes).\n\n - scsi: ibmvfc: Fix error return in ibmvfc_probe()\n (bsc#1065729).\n\n - scsi: ibmvscsi: Fix potential race after loss of\n transport (bsc#1178166 ltc#188226).\n\n - sctp: not disable bh in the whole sctp_get_port_local()\n (networking-stable-20_09_11).\n\n - spi: fsl-espi: Only process interrupts for expected\n events (git-fixes).\n\n - staging: comedi: cb_pcidas: Allow 2-channel commands for\n AO subdevice (git-fixes).\n\n - staging: octeon: Drop on uncorrectable alignment or FCS\n error (git-fixes).\n\n - staging: octeon: repair 'fixed-link' support\n (git-fixes).\n\n -\n target-rbd-fix-unmap-discard-block-size-conversion.patch\n : (bsc#1177271).\n\n -\n target-use-scsi_set_sense_information-helper-on-misc.pat\n ch: (bsc#1177719).\n\n - tg3: Fix soft lockup when tg3_reset_task() fails\n (networking-stable-20_09_11).\n\n - tipc: fix memory leak caused by tipc_buf_append()\n (git-fixes).\n\n - tipc: fix shutdown() of connection oriented socket\n (networking-stable-20_09_24).\n\n - tipc: fix shutdown() of connectionless socket\n (networking-stable-20_09_11).\n\n - tipc: fix the skb_unshare() in tipc_buf_append()\n (git-fixes).\n\n - tipc: fix uninit skb->data in tipc_nl_compat_dumpit()\n (networking-stable-20_08_24).\n\n - tipc: use skb_unshare() instead in tipc_buf_append()\n (networking-stable-20_09_24).\n\n - tty: ipwireless: fix error handling (git-fixes).\n\n - tty: serial: earlycon dependency (git-fixes).\n\n - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char\n (git-fixes).\n\n - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices\n (git-fixes).\n\n - usb: cdc-acm: fix cooldown mechanism (git-fixes).\n\n - usb: core: Solve race condition in anchor cleanup\n functions (git-fixes).\n\n - usb: dwc2: Fix INTR OUT transfers in DDMA mode\n (git-fixes).\n\n - usb: dwc2: Fix parameter type in function pointer\n prototype (git-fixes).\n\n - usb: dwc3: core: add phy cleanup for probe error\n handling (git-fixes).\n\n - usb: dwc3: core: do not trigger runtime pm when remove\n driver (git-fixes).\n\n - usb: dwc3: ep0: Fix ZLP for OUT ep0 requests\n (git-fixes).\n\n - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus\n gadgets (git-fixes).\n\n - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and\n above (git-fixes).\n\n - usb: gadget: function: printer: fix use-after-free in\n __lock_acquire (git-fixes).\n\n - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as\n well (git-fixes).\n\n - usb: host: fsl-mph-dr-of: check return of dma_set_mask()\n (git-fixes).\n\n - usb: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n\n - usb: ohci: Default to per-port over-current protection\n (git-fixes).\n\n - usb: typec: tcpm: During PR_SWAP, source caps should be\n sent only after tSwapSourceStart (git-fixes).\n\n - usb: typec: tcpm: reset hard_reset_count for any\n disconnect (git-fixes).\n\n - vfs: fix FIGETBSZ ioctl on an overlayfs file\n (bsc#1178202).\n\n - video: fbdev: pvr2fb: initialize variables (git-fixes).\n\n - video: fbdev: sis: fix null ptr dereference (git-fixes).\n\n - video: fbdev: vga16fb: fix setting of pixclock because a\n pass-by-value error (git-fixes).\n\n - w1: mxc_w1: Fix timeout resolution problem leading to\n bus error (git-fixes).\n\n - watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101).\n\n - watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional\n (bsc#1177101).\n\n - wcn36xx: Fix reported 802.11n rx_highest rate\n wcn3660/wcn3680 (git-fixes).\n\n - writeback: Avoid skipping inode writeback (bsc#1177755).\n\n - writeback: Fix sync livelock due to b_dirty_time\n processing (bsc#1177755).\n\n - writeback: Protect inode->i_io_list with inode->i_lock\n (bsc#1177755).\n\n - x86, fakenuma: Fix invalid starting node ID (git-fixes\n (mm/x86/fakenuma)).\n\n - x86/apic: Unify duplicated local apic timer clockevent\n initialization (bsc#1112178).\n\n - x86/fpu: Allow multiple bits in clearcpuid= parameter\n (bsc#1112178).\n\n - x86/unwind/orc: Fix inactive tasks with stack pointer in\n %sp on GCC 10 compiled kernels (bsc#1058115\n bsc#1176907).\n\n - x86/xen: disable Firmware First mode for correctable\n memory errors (bsc#1176713).\n\n - xen/blkback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/events: add a new 'late EOI' evtchn framework\n (XSA-332 bsc#1177411).\n\n - xen/events: add a proper barrier to 2-level uevent\n unmasking (XSA-332 bsc#1177411).\n\n - xen/events: avoid removing an event channel while\n handling it (XSA-331 bsc#1177410).\n\n - xen/events: block rogue events for some time (XSA-332\n bsc#1177411).\n\n - xen/events: defer eoi in case of excessive number of\n events (XSA-332 bsc#1177411).\n\n - xen/events: do not use chip_data for legacy IRQs\n (XSA-332 bsc#1065600).\n\n - xen/events: fix race in evtchn_fifo_unmask() (XSA-332\n bsc#1177411).\n\n - xen/events: switch user event channels to lateeoi model\n (XSA-332 bsc#1177411).\n\n - xen/events: use a common cpu hotplug hook for event\n channels (XSA-332 bsc#1177411).\n\n - xen/gntdev.c: Mark pages as dirty (bsc#1065600).\n\n - xen/netback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/pciback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/scsiback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xfs: avoid infinite loop when cancelling CoW blocks\n after writeback failure (bsc#1178027).\n\n - xfs: do not update mtime on COW faults (bsc#1167030).\n\n - xfs: flush new eof page on truncate to avoid post-eof\n corruption (git-fixes).\n\n - xfs: limit entries returned when counting fsmap records\n (git-fixes).", "edition": 4, "cvss3": {"score": 8.5, "vector": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-11-17T00:00:00", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2020-1901)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-16120", "CVE-2020-25285", "CVE-2020-0430", "CVE-2020-25656", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-8694"], "modified": "2020-11-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo"], "id": "OPENSUSE-2020-1901.NASL", "href": "https://www.tenable.com/plugins/nessus/142921", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1901.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142921);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/16\");\n\n script_cve_id(\"CVE-2020-0430\", \"CVE-2020-14351\", \"CVE-2020-16120\", \"CVE-2020-25285\", \"CVE-2020-25656\", \"CVE-2020-25668\", \"CVE-2020-8694\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2020-1901)\");\n script_summary(english:\"Check for the openSUSE-2020-1901 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Leap 15.1 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-25668: Fixed concurrency use-after-free in\n con_font_op (bnc#1178123).\n\n - CVE-2020-25656: Fixed race condition in kbd code\n (bnc#1177766).\n\n - CVE-2020-25285: A race condition between hugetlb sysctl\n handlers in mm/hugetlb.c kernel could be used by local\n attackers to corrupt memory, cause a NULL pointer\n dereference, or possibly have unspecified other impact,\n aka CID-17743798d812 (bnc#1176485).\n\n - CVE-2020-0430: In skb_headlen of\n /include/linux/skbuff.h, there is a possible out of\n bounds read due to memory corruption. This could lead to\n local escalation of privilege with no additional\n execution privileges needed. User interaction is not\n needed for exploitation (bnc#1176723).\n\n - CVE-2020-14351: Fixed race in the perf_mmap_close()\n function (bsc#1177086).\n\n - CVE-2020-16120: Fixed verify permissions in\n ovl_path_open() (bsc#1177470).\n\n - CVE-2020-8694: Restrict energy meter to root access to\n avoid side channel attack (bsc#1170415).\n\nThe following non-security bugs were fixed :\n\n - 9P: Cast to loff_t before multiplying (git-fixes).\n\n - ACPI / extlog: Check for RDMSR failure (git-fixes).\n\n - ACPI: debug: do not allow debugging when ACPI is\n disabled (git-fixes).\n\n - ACPI: dock: fix enum-conversion warning (git-fixes).\n\n - ACPI: video: use ACPI backlight for HP 635 Notebook\n (git-fixes).\n\n - ALSA: bebob: potential info leak in hwdep_read()\n (git-fixes).\n\n - ALSA: compress_offload: remove redundant initialization\n (git-fixes).\n\n - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro\n (git-fixes).\n\n - ALSA: core: pcm: simplify locking for timers\n (git-fixes).\n\n - ALSA: core: timer: clarify operator precedence\n (git-fixes).\n\n - ALSA: core: timer: remove redundant assignment\n (git-fixes).\n\n - ALSA: ctl: Workaround for lockdep warning wrt\n card->ctl_files_rwlock (git-fixes).\n\n - ALSA: hda - Do not register a cb func if it is\n registered already (git-fixes).\n\n - ALSA: hda - Fix the return value if cb func is already\n registered (git-fixes).\n\n - ALSA: hda/realtek - Add mute Led support for HP\n Elitebook 845 G7 (git-fixes).\n\n - ALSA: hda/realtek - The front Mic on a HP machine does\n not work (git-fixes).\n\n - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA\n with ALC887 (git-fixes).\n\n - ALSA: hda: auto_parser: remove shadowed variable\n declaration (git-fixes).\n\n - ALSA: hda: prevent undefined shift in\n snd_hdac_ext_bus_get_link() (git-fixes).\n\n - ALSA: hda: use semicolons rather than commas to separate\n statements (git-fixes).\n\n - ALSA: mixart: Correct comment wrt obsoleted tasklet\n usage (git-fixes).\n\n - ALSA: rawmidi: (cosmetic) align function parameters\n (git-fixes).\n\n - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl\n (git-fixes).\n\n - ALSA: usb-audio: Add mixer support for Pioneer DJ\n DJM-250MK2 (git-fixes).\n\n - ALSA: usb-audio: endpoint.c: fix repeated word 'there'\n (git-fixes).\n\n - ALSA: usb-audio: fix spelling mistake 'Frequence' ->\n 'Frequency' (git-fixes).\n\n - ASoC: qcom: lpass-cpu: fix concurrency issue\n (git-fixes).\n\n - ASoC: qcom: lpass-platform: fix memory leak (git-fixes).\n\n - Add cherry-picked ids for already backported DRM radeon\n patches\n\n - Bluetooth: MGMT: Fix not checking if BT_HS is enabled\n (git-fixes).\n\n - Bluetooth: Only mark socket zapped after unlocking\n (git-fixes).\n\n - EDAC/i5100: Fix error handling order in i5100_init_one()\n (bsc#1112178).\n\n - Fix use after free in get_capset_info callback\n (git-fixes).\n\n - HID: roccat: add bounds checking in\n kone_sysfs_write_settings() (git-fixes).\n\n - HID: wacom: Avoid entering wacom_wac_pen_report for pad\n / battery (git-fixes).\n\n - Input: ep93xx_keypad - fix handling of\n platform_get_irq() error (git-fixes).\n\n - Input: i8042 - add nopnp quirk for Acer Aspire 5 A515\n (git-fixes).\n\n - Input: imx6ul_tsc - clean up some errors in\n imx6ul_tsc_resume() (git-fixes).\n\n - Input: omap4-keypad - fix handling of platform_get_irq()\n error (git-fixes).\n\n - Input: sun4i-ps2 - fix handling of platform_get_irq()\n error (git-fixes).\n\n - Input: twl4030_keypad - fix handling of\n platform_get_irq() error (git-fixes).\n\n - NTB: hw: amd: fix an issue about leak system resources\n (git-fixes).\n\n - USB: adutux: fix debugging (git-fixes).\n\n - USB: cdc-acm: handle broken union descriptors\n (git-fixes).\n\n - USB: cdc-wdm: Make wdm_flush() interruptible and add\n wdm_fsync() (git-fixes).\n\n - USB: serial: qcserial: fix altsetting probing\n (git-fixes).\n\n - VMCI: check return value of get_user_pages_fast() for\n errors (git-fixes).\n\n - XEN uses irqdesc::irq_data_common::handler_data to store\n a per interrupt XEN data pointer which contains XEN\n specific information (XSA-332 bsc#1065600).\n\n - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs\n (git-fixes).\n\n - ata: sata_rcar: Fix DMA boundary mask (git-fixes).\n\n - ath10k: Fix the size used in a 'dma_free_coherent()'\n call in an error handling path (git-fixes).\n\n - ath10k: check idx validity in\n __ath10k_htt_rx_ring_fill_n() (git-fixes).\n\n - ath10k: fix VHT NSS calculation when STBC is enabled\n (git-fixes).\n\n - ath10k: provide survey info as accumulated data\n (git-fixes).\n\n - ath10k: start recovery process when payload length\n exceeds max htc length for sdio (git-fixes).\n\n - ath6kl: prevent potential array overflow in\n ath6kl_add_new_sta() (git-fixes).\n\n - ath6kl: wmi: prevent a shift wrapping bug in\n ath6kl_wmi_delete_pstream_cmd() (git-fixes).\n\n - ath9k: Fix potential out of bounds in\n ath9k_htc_txcompletion_cb() (git-fixes).\n\n - ath9k: hif_usb: fix race condition between usb_get_urb()\n and usb_kill_anchored_urbs() (git-fixes).\n\n - backlight: sky81452-backlight: Fix refcount imbalance on\n error (git-fixes).\n\n - blk-mq: order adding requests to hctx->dispatch and\n checking SCHED_RESTART (bsc#1177750).\n\n - block: ensure bdi->io_pages is always initialized\n (bsc#1177749).\n\n - bnxt: do not enable NAPI until rings are ready\n (networking-stable-20_09_11).\n\n - bnxt_en: Check for zero dir entries in NVRAM\n (networking-stable-20_09_11).\n\n - brcm80211: fix possible memleak in\n brcmf_proto_msgbuf_attach (git-fixes).\n\n - brcmfmac: check ndev pointer (git-fixes).\n\n - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy\n (git-fixes).\n\n - btrfs: check the right error variable in\n btrfs_del_dir_entries_in_log (bsc#1177687).\n\n - btrfs: do not force read-only after error in drop\n snapshot (bsc#1176354).\n\n - btrfs: do not set the full sync flag on the inode during\n page release (bsc#1177687).\n\n - btrfs: fix incorrect updating of log root tree\n (bsc#1177687).\n\n - btrfs: fix race between page release and a fast fsync\n (bsc#1177687).\n\n - btrfs: only commit delayed items at fsync if we are\n logging a directory (bsc#1177687).\n\n - btrfs: only commit the delayed inode when doing a full\n fsync (bsc#1177687).\n\n - btrfs: qgroup: fix qgroup meta rsv leak for subvolume\n operations (bsc#1177856).\n\n - btrfs: qgroup: fix wrong qgroup metadata reserve for\n delayed inode (bsc#1177855).\n\n - btrfs: reduce contention on log trees when logging\n checksums (bsc#1177687).\n\n - btrfs: release old extent maps during page release\n (bsc#1177687).\n\n - btrfs: remove no longer needed use of log_writers for\n the log root tree (bsc#1177687).\n\n - btrfs: remove root usage from can_overcommit\n (bsc#1131277).\n\n - btrfs: stop incremening log_batch for the log root tree\n when syncing log (bsc#1177687).\n\n - btrfs: take overcommit into account in\n inc_block_group_ro (bsc#1176560).\n\n - btrfs: tree-checker: fix false alert caused by legacy\n btrfs root item (bsc#1177861).\n\n - bus/fsl_mc: Do not rely on caller to provide non NULL\n mc_io (git-fixes).\n\n - can: c_can: reg_map_(c,d)_can: mark as __maybe_unused\n (git-fixes).\n\n - can: can_create_echo_skb(): fix echo skb generation:\n always use skb_clone() (git-fixes).\n\n - can: dev: __can_get_echo_skb(): fix real payload length\n return value for RTR frames (git-fixes).\n\n - can: dev: can_get_echo_skb(): prevent call to\n kfree_skb() in hard IRQ context (git-fixes).\n\n - can: flexcan: flexcan_chip_stop(): add error handling\n and propagate error value (git-fixes).\n\n - can: peak_canfd: pucan_handle_can_rx(): fix echo\n management when loopback is on (git-fixes).\n\n - can: peak_usb: add range checking in decode operations\n (git-fixes).\n\n - can: peak_usb: peak_usb_get_ts_time(): fix timestamp\n wrapping (git-fixes).\n\n - can: rx-offload: do not call kfree_skb() from IRQ\n context (git-fixes).\n\n - can: softing: softing_card_shutdown(): add braces around\n empty body in an 'if' statement (git-fixes).\n\n - ceph: fix memory leak in ceph_cleanup_snapid_map()\n (bsc#1178234).\n\n - ceph: map snapid to anonymous bdev ID (bsc#1178234).\n\n - ceph: promote to unsigned long long before shifting\n (bsc#1178187).\n\n - clk: at91: clk-main: update key before writing\n AT91_CKGR_MOR (git-fixes).\n\n - clk: at91: remove the checking of parent_name\n (git-fixes).\n\n - clk: bcm2835: add missing release if\n devm_clk_hw_register fails (git-fixes).\n\n - clk: imx8mq: Fix usdhc parents order (git-fixes).\n\n - clk: ti: clockdomain: fix static checker warning\n (git-fixes).\n\n - coredump: fix crash when umh is disabled (bsc#1177753).\n\n - crypto: algif_skcipher - EBUSY on aio should be an error\n (git-fixes).\n\n - crypto: bcm - Verify GCM/CCM key length in setkey\n (git-fixes).\n\n - crypto: ccp - fix error handling (git-fixes).\n\n - crypto: ixp4xx - Fix the size used in a\n 'dma_free_coherent()' call (git-fixes).\n\n - crypto: mediatek - Fix wrong return value in\n mtk_desc_ring_alloc() (git-fixes).\n\n - crypto: omap-sham - fix digcnt register handling with\n export/import (git-fixes).\n\n - cxl: Rework error message for incompatible slots\n (bsc#1055014 git-fixes).\n\n - cypto: mediatek - fix leaks in mtk_desc_ring_alloc\n (git-fixes).\n\n - device property: Do not clear secondary pointer for\n shared primary firmware node (git-fixes).\n\n - device property: Keep secondary firmware node secondary\n by type (git-fixes).\n\n - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status\n (git-fixes).\n\n - drm/amd/display: Do not invoke kgdb_breakpoint()\n unconditionally (git-fixes).\n\n - drm/amd/display: HDMI remote sink need mode validation\n for Linux (git-fixes).\n\n - drm/amdgpu: do not map BO in reserved region\n (git-fixes).\n\n - drm/amdgpu: prevent double kfree ttm->sg (git-fixes).\n\n - drm/bridge/synopsys: dsi: add support for non-continuous\n HS clock (git-fixes).\n\n - drm/brige/megachips: Add checking if\n ge_b850v3_lvds_init() is working correctly (git-fixes).\n\n - drm/gma500: fix error check (git-fixes).\n\n - drm/i915: Force VT'd workarounds when running as a guest\n OS (git-fixes).\n\n - drm/imx: tve remove extraneous type qualifier\n (git-fixes).\n\n - drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds()\n (git-fixes).\n\n - drm/nouveau/mem: guard against NULL pointer access in\n mem_del (git-fixes).\n\n - drm/ttm: fix eviction valuable range check (git-fixes).\n\n - eeprom: at25: set minimum read/write access stride to 1\n (git-fixes).\n\n - efivarfs: Replace invalid slashes with exclamation marks\n in dentries (git-fixes).\n\n - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY\n (networking-stable-20_08_24).\n\n - gtp: add GTPA_LINK info to msg sent to userspace\n (networking-stable-20_09_11).\n\n - i2c: imx: Fix external abort on interrupt in exit paths\n (git-fixes).\n\n - ibmveth: Identify ingress large send packets\n (bsc#1178185 ltc#188897).\n\n - ibmveth: Switch order of ibmveth_helper calls\n (bsc#1061843 git-fixes).\n\n - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943\n git-fixes).\n\n - ibmvnic: save changed mac address to adapter->mac_addr\n (bsc#1134760 ltc#177449 git-fixes).\n\n - icmp: randomize the global rate limiter (git-fixes).\n\n - iio:accel:bma180: Fix use of true when should be\n iio_shared_by enum (git-fixes).\n\n - iio:adc:max1118 Fix alignment of timestamp and data leak\n issues (git-fixes).\n\n - iio:adc:ti-adc0832 Fix alignment issue with timestamp\n (git-fixes).\n\n - iio:adc:ti-adc12138 Fix alignment issue with timestamp\n (git-fixes).\n\n - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE\n (git-fixes).\n\n - iio:gyro:itg3200: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:light:si1145: Fix timestamp alignment and prevent\n data leak (git-fixes).\n\n - iio:magn:hmc5843: Fix passing true where iio_shared_by\n enum required (git-fixes).\n\n - ima: Remove semicolon at the end of\n ima_get_binary_runtime_size() (git-fixes).\n\n - include/linux/swapops.h: correct guards for\n non_swap_entry() (git-fixes (mm/swap)).\n\n - iomap: Make sure iomap_end is called after iomap_begin\n (bsc#1177754).\n\n - ip: fix tos reflection in ack and reset packets\n (networking-stable-20_09_24).\n\n - ipv4: Restore flowi4_oif update before call to\n xfrm_lookup_route (git-fixes).\n\n - ipv4: Update exception handling for multipath routes via\n same device (networking-stable-20_09_24).\n\n - iwlwifi: mvm: split a print to avoid a WARNING in ROC\n (git-fixes).\n\n - kbuild: enforce -Werror=return-type (bsc#1177281).\n\n - leds: bcm6328, bcm6358: use devres LED registering\n function (git-fixes).\n\n - leds: mt6323: move period calculation (git-fixes).\n\n - lib/crc32.c: fix trivial typo in preprocessor condition\n (git-fixes).\n\n - libceph: clear con->out_msg on Policy::stateful_server\n faults (bsc#1178188).\n\n - mac80211: handle lack of sband->bitrates in rates\n (git-fixes).\n\n - mailbox: avoid timer start from callback (git-fixes).\n\n - media: Revert 'media: exynos4-is: Add missed check for\n pinctrl_lookup_state()' (git-fixes).\n\n - media: ati_remote: sanity check for both endpoints\n (git-fixes).\n\n - media: bdisp: Fix runtime PM imbalance on error\n (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak\n (git-fixes).\n\n - media: exynos4-is: Fix a reference count leak due to\n pm_runtime_get_sync (git-fixes).\n\n - media: exynos4-is: Fix several reference count leaks due\n to pm_runtime_get_sync (git-fixes).\n\n - media: firewire: fix memory leak (git-fixes).\n\n - media: m5mols: Check function pointer in\n m5mols_sensor_power (git-fixes).\n\n - media: media/pci: prevent memory leak in bttv_probe\n (git-fixes).\n\n - media: omap3isp: Fix memleak in isp_probe (git-fixes).\n\n - media: platform: Improve queue set up flow for bug\n fixing (git-fixes).\n\n - media: platform: fcp: Fix a reference count leak\n (git-fixes).\n\n - media: platform: s3c-camif: Fix runtime PM imbalance on\n error (git-fixes).\n\n - media: platform: sti: hva: Fix runtime PM imbalance on\n error (git-fixes).\n\n - media: s5p-mfc: Fix a reference count leak (git-fixes).\n\n - media: saa7134: avoid a shift overflow (git-fixes).\n\n - media: st-delta: Fix reference count leak in\n delta_run_work (git-fixes).\n\n - media: sti: Fix reference count leaks (git-fixes).\n\n - media: tc358743: initialize variable (git-fixes).\n\n - media: ti-vpe: Fix a missing check and reference count\n leak (git-fixes).\n\n - media: tuner-simple: fix regression in\n simple_set_radio_freq (git-fixes).\n\n - media: tw5864: check status of tw5864_frameinterval_get\n (git-fixes).\n\n - media: usbtv: Fix refcounting mixup (git-fixes).\n\n - media: uvcvideo: Ensure all probed info is returned to\n v4l2 (git-fixes).\n\n - media: vsp1: Fix runtime PM imbalance on error\n (git-fixes).\n\n - memory: fsl-corenet-cf: Fix handling of\n platform_get_irq() error (git-fixes).\n\n - memory: omap-gpmc: Fix a couple off by ones (git-fixes).\n\n - mfd: sm501: Fix leaks in probe() (git-fixes).\n\n - mic: vop: copy data to kernel space then write to io\n memory (git-fixes).\n\n - misc: mic: scif: Fix error handling path (git-fixes).\n\n - misc: rtsx: Fix memory leak in rtsx_pci_probe\n (git-fixes).\n\n - misc: vop: add round_up(x,4) for vring_size to avoid\n kernel panic (git-fixes).\n\n - mlx5 PPC ringsize workaround (bsc#1173432).\n\n - mlx5: remove support for ib_get_vector_affinity\n (bsc#1174748).\n\n - mm, numa: fix bad pmd by atomically check for\n pmd_trans_huge when marking page tables prot_numa\n (git-fixes (mm/numa)).\n\n - mm/huge_memory.c: use head to check huge zero page\n (git-fixes (mm/thp)).\n\n - mm/ksm.c: do not WARN if page is still mapped in\n remove_stable_node() (git-fixes (mm/hugetlb)).\n\n - mm/mempolicy.c: fix out of bounds write in\n mpol_parse_str() (git-fixes (mm/mempolicy)).\n\n - mm/mempolicy.c: use match_string() helper to simplify\n the code (git-fixes (mm/mempolicy)).\n\n - mm/page-writeback.c: avoid potential division by zero in\n wb_min_max_ratio() (git-fixes (mm/writeback)).\n\n - mm/page-writeback.c: improve arithmetic divisions\n (git-fixes (mm/writeback)).\n\n - mm/page-writeback.c: use div64_ul() for\n u64-by-unsigned-long divide (git-fixes (mm/writeback)).\n\n - mm/page_owner.c: remove drain_all_pages from\n init_early_allocated_pages (git-fixes (mm/debug)).\n\n - mm/rmap: fixup copying of soft dirty and uffd ptes\n (git-fixes (mm/rmap)).\n\n - mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n\n (git-fixes (mm/zsmalloc)).\n\n - mm/zsmalloc.c: fix race condition in zs_destroy_pool\n (git-fixes (mm/zsmalloc)).\n\n - mm/zsmalloc.c: fix the migrated zspage statistics\n (git-fixes (mm/zsmalloc)).\n\n - mm/zsmalloc.c: migration can leave pages in ZS_EMPTY\n indefinitely (git-fixes (mm/zsmalloc)).\n\n - mm: hugetlb: switch to css_tryget() in\n hugetlb_cgroup_charge_cgroup() (git-fixes (mm/hugetlb)).\n\n - mmc: sdhci-of-esdhc: set timeout to max before tuning\n (git-fixes).\n\n - mmc: sdio: Check for CISTPL_VERS_1 buffer size\n (git-fixes).\n\n - mtd: lpddr: Fix bad logic in print_drs_error\n (git-fixes).\n\n - mtd: lpddr: fix excessive stack usage with clang\n (git-fixes).\n\n - mtd: mtdoops: Do not write panic data twice (git-fixes).\n\n - mwifiex: Do not use GFP_KERNEL in atomic context\n (git-fixes).\n\n - mwifiex: Remove unnecessary braces from\n HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes).\n\n - mwifiex: do not call del_timer_sync() on uninitialized\n timer (git-fixes).\n\n - mwifiex: fix double free (git-fixes).\n\n - mwifiex: remove function pointer check (git-fixes).\n\n - net/mlx5e: Take common TIR context settings into a\n function (bsc#1177740).\n\n - net/mlx5e: Turn on HW tunnel offload in all TIRs\n (bsc#1177740).\n\n - net: Fix potential wrong skb->protocol in\n skb_vlan_untag() (networking-stable-20_08_24).\n\n - net: disable netpoll on fresh napis\n (networking-stable-20_09_11).\n\n - net: fec: Fix PHY init after\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix phy_device lookup for\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: hns: Fix memleak in hns_nic_dev_probe\n (networking-stable-20_09_11).\n\n - net: ipv6: fix kconfig dependency warning for\n IPV6_SEG6_HMAC (networking-stable-20_09_24).\n\n - net: phy: Avoid NPD upon phy_detach() when driver is\n unbound (networking-stable-20_09_24).\n\n - net: qrtr: fix usage of idr in port assignment to socket\n (networking-stable-20_08_24).\n\n - net: systemport: Fix memleak in bcm_sysport_probe\n (networking-stable-20_09_11).\n\n - net: usb: dm9601: Add USB ID of Keenetic Plus DSL\n (networking-stable-20_09_11).\n\n - net: usb: qmi_wwan: add Cellient MPL200 card\n (git-fixes).\n\n - net: usb: rtl8150: set random MAC address when\n set_ethernet_addr() fails (git-fixes).\n\n - net: wireless: nl80211: fix out-of-bounds access in\n nl80211_del_key() (git-fixes).\n\n - netlabel: fix problems with mapping removal\n (networking-stable-20_09_11).\n\n - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute\n in nfc_genl_fw_download() (git-fixes).\n\n - nl80211: fix non-split wiphy information (git-fixes).\n\n - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).\n\n - nvme-rdma: fix crash when connect rejected\n (bsc#1174748).\n\n - nvme: do not update disk info for multipathed device\n (bsc#1171558).\n\n - p54: avoid accessing the data mapped to streaming DMA\n (git-fixes).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM\n configuration (git-fixes).\n\n - power: supply: test_power: add missing newlines when\n printing parameters by sysfs (git-fixes).\n\n - powerpc/hwirq: Remove stale forward irq_chip declaration\n (bsc#1065729).\n\n - powerpc/icp-hv: Fix missing of_node_put() in success\n path (bsc#1065729).\n\n - powerpc/irq: Drop forward declaration of struct\n irqaction (bsc#1065729).\n\n - powerpc/perf/hv-gpci: Fix starting index value\n (bsc#1065729).\n\n - powerpc/powernv/dump: Fix race while processing OPAL\n dump (bsc#1065729).\n\n - powerpc/powernv/elog: Fix race while processing OPAL\n error log event (bsc#1065729).\n\n - powerpc/pseries: Fix missing of_node_put() in rng_init()\n (bsc#1065729).\n\n - powerpc/pseries: explicitly reschedule during drmem_lmb\n list traversal (bsc#1077428 ltc#163882 git-fixes).\n\n - powerpc: Fix undetected data corruption with P9N DD2.1\n VSX CI load emulation (bsc#1065729).\n\n - pty: do tty_flip_buffer_push without port->lock in\n pty_write (git-fixes).\n\n - pwm: lpss: Add range limit check for the base_unit\n register value (git-fixes).\n\n - pwm: lpss: Fix off by one error in base_unit math in\n pwm_lpss_prepare() (git-fixes).\n\n - regulator: defer probe when trying to get voltage from\n unresolved supply (git-fixes).\n\n - regulator: resolve supply after creating regulator\n (git-fixes).\n\n - ring-buffer: Return 0 on success from\n ring_buffer_resize() (git-fixes).\n\n - rpm/kernel-module-subpackage: make Group tag optional\n (bsc#1163592)\n\n - rtl8xxxu: prevent potential memory leak (git-fixes).\n\n - scsi: ibmvfc: Fix error return in ibmvfc_probe()\n (bsc#1065729).\n\n - scsi: ibmvscsi: Fix potential race after loss of\n transport (bsc#1178166 ltc#188226).\n\n - sctp: not disable bh in the whole sctp_get_port_local()\n (networking-stable-20_09_11).\n\n - spi: fsl-espi: Only process interrupts for expected\n events (git-fixes).\n\n - staging: comedi: cb_pcidas: Allow 2-channel commands for\n AO subdevice (git-fixes).\n\n - staging: octeon: Drop on uncorrectable alignment or FCS\n error (git-fixes).\n\n - staging: octeon: repair 'fixed-link' support\n (git-fixes).\n\n -\n target-rbd-fix-unmap-discard-block-size-conversion.patch\n : (bsc#1177271).\n\n -\n target-use-scsi_set_sense_information-helper-on-misc.pat\n ch: (bsc#1177719).\n\n - tg3: Fix soft lockup when tg3_reset_task() fails\n (networking-stable-20_09_11).\n\n - tipc: fix memory leak caused by tipc_buf_append()\n (git-fixes).\n\n - tipc: fix shutdown() of connection oriented socket\n (networking-stable-20_09_24).\n\n - tipc: fix shutdown() of connectionless socket\n (networking-stable-20_09_11).\n\n - tipc: fix the skb_unshare() in tipc_buf_append()\n (git-fixes).\n\n - tipc: fix uninit skb->data in tipc_nl_compat_dumpit()\n (networking-stable-20_08_24).\n\n - tipc: use skb_unshare() instead in tipc_buf_append()\n (networking-stable-20_09_24).\n\n - tty: ipwireless: fix error handling (git-fixes).\n\n - tty: serial: earlycon dependency (git-fixes).\n\n - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char\n (git-fixes).\n\n - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices\n (git-fixes).\n\n - usb: cdc-acm: fix cooldown mechanism (git-fixes).\n\n - usb: core: Solve race condition in anchor cleanup\n functions (git-fixes).\n\n - usb: dwc2: Fix INTR OUT transfers in DDMA mode\n (git-fixes).\n\n - usb: dwc2: Fix parameter type in function pointer\n prototype (git-fixes).\n\n - usb: dwc3: core: add phy cleanup for probe error\n handling (git-fixes).\n\n - usb: dwc3: core: do not trigger runtime pm when remove\n driver (git-fixes).\n\n - usb: dwc3: ep0: Fix ZLP for OUT ep0 requests\n (git-fixes).\n\n - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus\n gadgets (git-fixes).\n\n - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and\n above (git-fixes).\n\n - usb: gadget: function: printer: fix use-after-free in\n __lock_acquire (git-fixes).\n\n - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as\n well (git-fixes).\n\n - usb: host: fsl-mph-dr-of: check return of dma_set_mask()\n (git-fixes).\n\n - usb: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n\n - usb: ohci: Default to per-port over-current protection\n (git-fixes).\n\n - usb: typec: tcpm: During PR_SWAP, source caps should be\n sent only after tSwapSourceStart (git-fixes).\n\n - usb: typec: tcpm: reset hard_reset_count for any\n disconnect (git-fixes).\n\n - vfs: fix FIGETBSZ ioctl on an overlayfs file\n (bsc#1178202).\n\n - video: fbdev: pvr2fb: initialize variables (git-fixes).\n\n - video: fbdev: sis: fix null ptr dereference (git-fixes).\n\n - video: fbdev: vga16fb: fix setting of pixclock because a\n pass-by-value error (git-fixes).\n\n - w1: mxc_w1: Fix timeout resolution problem leading to\n bus error (git-fixes).\n\n - watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101).\n\n - watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional\n (bsc#1177101).\n\n - wcn36xx: Fix reported 802.11n rx_highest rate\n wcn3660/wcn3680 (git-fixes).\n\n - writeback: Avoid skipping inode writeback (bsc#1177755).\n\n - writeback: Fix sync livelock due to b_dirty_time\n processing (bsc#1177755).\n\n - writeback: Protect inode->i_io_list with inode->i_lock\n (bsc#1177755).\n\n - x86, fakenuma: Fix invalid starting node ID (git-fixes\n (mm/x86/fakenuma)).\n\n - x86/apic: Unify duplicated local apic timer clockevent\n initialization (bsc#1112178).\n\n - x86/fpu: Allow multiple bits in clearcpuid= parameter\n (bsc#1112178).\n\n - x86/unwind/orc: Fix inactive tasks with stack pointer in\n %sp on GCC 10 compiled kernels (bsc#1058115\n bsc#1176907).\n\n - x86/xen: disable Firmware First mode for correctable\n memory errors (bsc#1176713).\n\n - xen/blkback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/events: add a new 'late EOI' evtchn framework\n (XSA-332 bsc#1177411).\n\n - xen/events: add a proper barrier to 2-level uevent\n unmasking (XSA-332 bsc#1177411).\n\n - xen/events: avoid removing an event channel while\n handling it (XSA-331 bsc#1177410).\n\n - xen/events: block rogue events for some time (XSA-332\n bsc#1177411).\n\n - xen/events: defer eoi in case of excessive number of\n events (XSA-332 bsc#1177411).\n\n - xen/events: do not use chip_data for legacy IRQs\n (XSA-332 bsc#1065600).\n\n - xen/events: fix race in evtchn_fifo_unmask() (XSA-332\n bsc#1177411).\n\n - xen/events: switch user event channels to lateeoi model\n (XSA-332 bsc#1177411).\n\n - xen/events: use a common cpu hotplug hook for event\n channels (XSA-332 bsc#1177411).\n\n - xen/gntdev.c: Mark pages as dirty (bsc#1065600).\n\n - xen/netback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/pciback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xen/scsiback: use lateeoi irq binding (XSA-332\n bsc#1177411).\n\n - xfs: avoid infinite loop when cancelling CoW blocks\n after writeback failure (bsc#1178027).\n\n - xfs: do not update mtime on COW faults (bsc#1167030).\n\n - xfs: flush new eof page on truncate to avoid post-eof\n corruption (git-fixes).\n\n - xfs: limit entries returned when counting fsmap records\n (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058115\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1134760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1163592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167030\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177719\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=936888\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25668\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debugsource-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debugsource-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-devel-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-docs-html-4.12.14-lp151.28.79.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-macros-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-debugsource-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-qa-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-vanilla-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-syms-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debugsource-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-4.12.14-lp151.28.79.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.79.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-02-16T14:35:11", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14351", "CVE-2020-25705", "CVE-2020-29661"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n* kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n* kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt: update RT source tree to the RHEL-8.3.z2 source tree (BZ#1908433)", "modified": "2021-02-16T18:39:54", "published": "2021-02-16T12:32:29", "id": "RHSA-2021:0537", "href": "https://access.redhat.com/errata/RHSA-2021:0537", "type": "redhat", "title": "(RHSA-2021:0537) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-16T14:34:57", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14351", "CVE-2020-25705", "CVE-2020-29661"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n* kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n* kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Final fixes + drop alpha_support flag requirement for Tigerlake (BZ#1882620)\n\n* OVS complains Invalid Argument on TCP packets going into conntrack (BZ#1892744)\n\n* BUG: using smp_processor_id() in preemptible [00000000] code: handler106/3082 (BZ#1893281)\n\n* Icelake performance - add intel_idle: Customize IceLake server support to RHEL-8 (BZ#1897183)\n\n* [mlx5] IPV6 TOS rewrite flows are not getting offloaded in HW (BZ#1897688)\n\n* RHEL 8.3 SAS - multipathd fails to re-establish paths during controller random reset (BZ#1900112)\n\n* RHEL8.3 Beta - RHEL8.3 hangs on dbginfo.sh execution, crash dump generated (mm-) (BZ#1903019)\n\n* Win10 guest automatic reboot after migration in Win10 and WSL2 on AMD hosts (BZ#1905084)\n\n* block, dm: fix IO splitting for stacked devices (BZ#1905136)\n\n* Failed to hotplug scsi-hd disks (BZ#1905214)\n\n* PCI quirk needed to prevent GPU hang (BZ#1906516)\n\n* RHEL8.2 - various patches to stabilize the OPAL error log processing and the powernv dump processing (ESS) (BZ#1907301)\n\n* pmtu not working with tunnels as bridge ports and br_netfilter loaded (BZ#1907576)\n\n* [ThinkPad X13/T14/T14s AMD]: Kdump failed (BZ#1907775)\n\n* NFSv4 client improperly handles interrupted slots (BZ#1908312)\n\n* NFSv4.1 client ignores ERR_DELAY during LOCK recovery, could lead to data corruption (BZ#1908313)\n\n* [Regression] RHEL8.2 - [kernel 148.el8] cpu (sys) time regression in SAP HANA 2.0 benchmark benchInsertSubSelectPerformance (BZ#1908519)\n\n* RHEL8: kernel-rt: kernel BUG at kernel/sched/deadline.c:1462! (BZ#1908731)\n\n* SEV VM hang at efi_mokvar_sysfs_init+0xa9/0x19d during boot (BZ#1909243)\n\n* C6gn support requires \"Ensure dirty bit is preserved across pte_wrprotect\" patch (BZ#1909577)\n\n* [Lenovo 8.3 & 8.4 Bug] [Regression] No response from keyboard and mouse when boot from tboot kernel (BZ#1911555)\n\n* Kernel crash with krb5p (BZ#1912478)\n\n* [RHEL8] Need additional backports for FIPS 800-90A DRBG entropy seeding source (BZ#1912872)\n\n* [Hyper-V][RHEL-8] Request to included a commit that adds a timeout to vmbus_wait_for_unload (BZ#1913528)\n\n* Host becomes unresponsive during stress-ng --cyclic test rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: (BZ#1913964)\n\n* RHEL8.4: Backport upstream RCU patches up to v5.6 (BZ#1915638)\n\n* Missing mm backport to fix regression introduced by another mm backport (BZ#1915814)\n\n* [Hyper-V][RHEL-8]video: hyperv_fb: Fix the cache type when mapping the VRAM Edit (BZ#1917711)\n\n* ionic 0000:39:00.0 ens2: IONIC_CMD_Q_INIT (40) failed: IONIC_RC_ERROR (-5) (BZ#1918372)\n\n* [certification] mlx5_core depends on tls triggering TAINT_TECH_PREVIEW even if no ConnectX-6 card is present (BZ#1918743)\n\n* kvm-rhel8.3 [AMD] - system crash observed while powering on virtual machine with attached VF interfaces. (BZ#1919885)\n\nEnhancement(s):\n\n* [Mellanox 8.4 FEAT] mlx5: Add messages when VF-LAG fails to start (BZ#1892344)", "modified": "2021-02-16T18:39:53", "published": "2021-02-16T12:36:08", "id": "RHSA-2021:0558", "href": "https://access.redhat.com/errata/RHSA-2021:0558", "type": "redhat", "title": "(RHSA-2021:0558) Important: kernel security, bug fix, and enhancement update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-03T10:43:08", "bulletinFamily": "unix", "cvelist": ["CVE-2020-0444", "CVE-2020-14351", "CVE-2020-25705", "CVE-2020-29661"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444)\n\n* kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)\n\n* kernel: performance counters race condition use-after-free (CVE-2020-14351)\n\n* kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [Hyper-V][RHEL-8] Request to included a commit that adds a timeout to vmbus_wait_for_unload (BZ#1913530)\n\n* [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap (BZ#1929908)\n\n* rpmbuild cannot build the userspace RPMs in the kernel package when the kernel itself is not built (BZ#1929912)", "modified": "2021-03-03T14:19:42", "published": "2021-03-02T15:00:53", "id": "RHSA-2021:0686", "href": "https://access.redhat.com/errata/RHSA-2021:0686", "type": "redhat", "title": "(RHSA-2021:0686) Important: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-03T23:40:42", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12723", "CVE-2020-14351", "CVE-2020-15436", "CVE-2020-25705", "CVE-2020-29661", "CVE-2020-35513", "CVE-2021-20230", "CVE-2021-3121"], "description": "Red Hat Advanced Cluster Management for Kubernetes 2.0.8 images.\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which resolve some security issues and bugs. See the following Release Notes documentation, which will be updated shortly for this release, for details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html/release_notes/\n\nSecurity fixes:\n\n* multicloud-operators-foundation: gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\nFor more details about the security issue, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug fix:\n\n* RHACM 2.0.8 images (BZ #1915461)", "modified": "2021-03-04T04:31:18", "published": "2021-03-04T04:30:29", "id": "RHSA-2021:0719", "href": "https://access.redhat.com/errata/RHSA-2021:0719", "type": "redhat", "title": "(RHSA-2021:0719) Moderate: Red Hat Advanced Cluster Management 2.0.8 security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-02-17T23:37:17", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25705", "CVE-2020-14351", "CVE-2020-29661"], "description": "[4.18.0-240.15.1_3.OL8]\n- Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7\n[4.18.0-240.15.1_3]\n- [x86] kvm: svm: Initialize prev_ga_tag before use (Vitaly Kuznetsov) [1919885 1909254]\n- [net] tls: move mark_tech_preview to tls_init (Sabrina Dubroca) [1918743 1907477]\n- [video] hyperv_fb: Fix the cache type when mapping the VRAM (Mohammed Gamal) [1917711 1908893]\n- [video] hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (Mohammed Gamal) [1917711 1908893]\n- [net] esp: select CRYPTO_SEQIV (Vladis Dronov) [1912872 1905088]\n- [crypto] treewide: Use fallthrough pseudo-keyword (Vladis Dronov) [1912872 1905088]\n- [crypto] crypto: drbg - always try to free Jitter RNG instance (Vladis Dronov) [1912872 1905088]\n- [crypto] crypto: drbg - should select CTR (Vladis Dronov) [1912872 1905088]\n- [crypto] crypto: ctr - no longer needs CRYPTO_SEQIV (Vladis Dronov) [1912872 1905088]\n- [crypto] crypto: drbg - always seeded with SP800-90B compliant noise source (Vladis Dronov) [1912872 1905088]\n- [crypto] crypto: jitter - SP800-90B compliance (Vladis Dronov) [1912872 1905088]\n- [crypto] crypto: jitter - add header to fix buildwarnings (Vladis Dronov) [1912872 1905088]\n- [crypto] crypto: jitter - fix comments (Vladis Dronov) [1912872 1905088]\n- [crypto] crypto: jitter - update implementation to 2.1.2 (Vladis Dronov) [1912872 1905088]\n- [crypto] crypto: drbg - in-place cipher operation for CTR (Vladis Dronov) [1912872 1905088]\n- [crypto] crypto: drbg - eliminate constant reinitialization of SGL (Vladis Dronov) [1912872 1905088]\n- [netdrv] ionic: start queues before announcing link up (Jonathan Toppins) [1918372 1906250]\n- [drm] drm/i915: Enable Tigerlake support by default (Lyude Paul) [1882620 1877005]\n- [drm] drm/i915: Simplify intel_set_cdclk_{pre, post}_plane_update() calling convention (Lyude Paul) [1882620 1877005]\n- [drm] drm/i915/psr: Program default IO buffer Wake and Fast Wake (Lyude Paul) [1882620 1877005]\n- [kernel] rcu: Force on tick when invoking lots of callbacks (Waiman Long) [1915638 1862812]\n- [kernel] nohz: Add TICK_DEP_BIT_RCU (Waiman Long) [1915638 1862812]\n- [pci] PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (Myron Stowe) [1906516 1888310]\n[4.18.0-240.14.1_3]\n- [netdrv] net: usb: lan78xx: Disable interrupts before calling generic_handle_irq() (Waiman Long) [1915814 1904213]\n- [mm] x86/mm/cpa: Prevent large page split when ftrace flips RW on kernel text (Waiman Long) [1915814 1904213]\n- [mm] x86/mm/cpa: Fix cpa_flush_array() TLB invalidation (Waiman Long) [1915814 1904213]\n- [hv] hv: vmbus: Add timeout to vmbus_wait_for_unload (Mohammed Gamal) [1913528 1888980]\n- [kernel] perf/core: Fix race in the perf_mmap_close() function (Michael Petlan) [1897016 1869925] {CVE-2020-14351}\n- [kernel] perf: Make struct ring_buffer less ambiguous (Michael Petlan) [1897016 1869925] {CVE-2020-14351}\n- [tty] tty: Fix ->pgrp locking in tiocspgrp() (Waiman Long) [1908196 1908197] {CVE-2020-29661}\n- [x86] x86/tboot: Don't disable swiotlb when iommu is forced on (Tony Camuso) [1911555 1883395]\n- [iommu] iommu/vt-d: Avoid panic if iommu init fails in tboot system (Tony Camuso) [1911555 1883395]\n- [kernel] sched/deadline: Fix priority inheritance with multiple scheduling classes (Phil Auld) [1908731 1780490]\n- [kernel] locking/rwsem: Remove reader optimistic spinning (Waiman Long) [1908519 1895046]\n- [kernel] locking/rwsem: Enable reader optimistic lock stealing (Waiman Long) [1908519 1895046]\n- [kernel] locking/rwsem: Prevent potential lock starvation (Waiman Long) [1908519 1895046]\n- [kernel] locking/rwsem: Pass the current atomic count to rwsem_down_read_slowpath() (Waiman Long) [1908519 1895046]\n- [kernel] locking/rwsem: Fold __down_{read,write}*() (Waiman Long) [1908519 1895046]\n- [kernel] locking/rwsem: Introduce rwsem_write_trylock() (Waiman Long) [1908519 1895046]\n- [kernel] locking/rwsem: Better collate rwsem_read_trylock() (Waiman Long) [1908519 1895046]\n- [kernel] rwsem: Implement down_read_interruptible (Waiman Long) [1908519 1895046]\n- [kernel] rwsem: Implement down_read_killable_nested (Waiman Long) [1908519 1895046]\n- [firmware] efi/esrt: Only call efi_mem_reserve() for boot services memory (Kairui Song) [1907775 1878024]\n- [firmware] efi: Drop type and attribute checks in efi_mem_desc_lookup() (Kairui Song) [1907775 1878024]\n- [scsi] scsi: core: Don't start concurrent async scan on same host (Ming Lei) [1905214 1874501]\n[4.18.0-240.13.1_3]\n- [arm64] arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (Andrew Jones) [1909577 1908439]\n- [arm64] arm64: pgtable: Fix pte_accessible() (Andrew Jones) [1909577 1908439]\n- [net] icmp: randomize the global rate limiter (Guillaume Nault) [1906371 1896516] {CVE-2020-25705}\n- [tools] kvm: x86: do not attempt TSC synchronization on guest writes (Paolo Bonzini) [1905084 1898018]\n- [x86] kvm: x86: fix MSR_IA32_TSC read for nested migration (Paolo Bonzini) [1905084 1898018]\n- [x86] kvm: nsvm: delay MSR permission processing to first nested VM run (Paolo Bonzini) [1905084 1898018]\n- [x86] kvm: x86: rename KVM_REQ_GET_VMCS12_PAGES (Paolo Bonzini) [1905084 1898018]\n- [x86] kvm: svm: use __GFP_ZERO instead of clear_page (Paolo Bonzini) [1905084 1898018]\n- [x86] kvm: svm: refactor msr permission bitmap allocation (Paolo Bonzini) [1905084 1898018]\n- [x86] kvm: svm: rename a variable in the svm_create_vcpu (Paolo Bonzini) [1905084 1898018]\n- [x86] kvm: nsvm: Avoid freeing uninitialized pointers in svm_set_nested_state() (Paolo Bonzini) [1905084 1898018]\n- [x86] kvm: svm: nested: Don't allocate VMCB structures on stack (Paolo Bonzini) [1905084 1898018]\n- [x86] kvm: nsvm: more strict SMM checks when returning to nested guest (Paolo Bonzini) [1905084 1898018]\n- [x86] svm: nsvm: setup nested msr permission bitmap on nested state load (Paolo Bonzini) [1905084 1898018]\n- [x86] svm: nsvm: correctly restore GIF on vmexit from nesting after migration (Paolo Bonzini) [1905084 1898018]\n- [x86] kvm: svm: avoid emulation with stale next_rip (Paolo Bonzini) [1905084 1898018]\n- [x86] kvm: nsvm: remove nonsensical EXITINFO1 adjustment on nested NPF (Paolo Bonzini) [1905084 1898018]\n- [x86] kvm: svm: Rename svm_nested_virtualize_tpr() to nested_svm_virtualize_tpr() (Paolo Bonzini) [1905084 1898018]\n- [x86] kvm: svm: Add svm_ prefix to set/clr/is_intercept() (Paolo Bonzini) [1905084 1898018]\n- [x86] kvm: svm: Add vmcb_ prefix to mark_*() functions (Paolo Bonzini) [1905084 1898018]\n- [x86] kvm: svm: Rename struct nested_state to svm_nested_state (Paolo Bonzini) [1905084 1898018]\n- [x86] kvm: nsvm: Check that DR6[63:32] and DR7[64:32] are not set on vmrun of nested guests (Paolo Bonzini) [1905084 1898018]\n- [x86] kvm: x86: Move the check for upper 32 reserved bits of DR6 to separate function (Paolo Bonzini) [1905084 1898018]\n- [netdrv] net/mlx5e: Add IPv6 traffic class (DSCP) header rewrite support (Alaa Hleihel) [1897688 1889981]\n- [netdrv] net/mlx5e: Fix endianness when calculating pedit mask first bit (Alaa Hleihel) [1897688 1889981]\n- [net] openvswitch: fix to make sure flow_lookup() is not preempted (Eelco Chaudron) [1893281 1888237]\n[4.18.0-240.12.1_3]\n- [net] SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (Steve Dickson) [1912478 1884361]\n- [net] SUNRPC: Fix ('SUNRPC: Add '@len' parameter to gss_unwrap()') (Steve Dickson) [1912478 1884361]\n- [mm] x86/ioremap: Map EFI runtime services data as encrypted for SEV (Lenny Szubowicz) [1909243 1883134]\n- [kernel] sched/deadline: Unthrottle PI boosted threads while enqueuing (Daniel Bristot de Oliveira) [1913964 1869760]\n- [kernel] sched/deadline: Fix stale throttling on de-/boosted tasks (Daniel Bristot de Oliveira) [1913964 1869760]\n- [fs] NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (Scott Mayhew) [1908313 1881550]\n- [fs] NFS: Fix interrupted slots by sending a solo SEQUENCE operation (Scott Mayhew) [1908312 1887577]\n- [net] netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal (Antoine Tenart) [1907576 1901026]\n- [powerpc] powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (Diego Domingos) [1907301 1891822]\n- [powerpc] powerpc/powernv/dump: Handle multiple writes to ack attribute (Diego Domingos) [1907301 1891822]\n- [powerpc] powerpc/powernv/dump: Fix race while processing OPAL dump (Diego Domingos) [1907301 1891822]\n- [powerpc] powerpc/opal_elog: Handle multiple writes to ack attribute (Diego Domingos) [1907301 1891822]\n- [powerpc] powerpc/powernv/elog: Fix race while processing OPAL error log event (Diego Domingos) [1907301 1891822]\n- [block] block: fix incorrect branching in blk_max_size_offset() (Mike Snitzer) [1905136 1903722]\n- [md] dm: fix IO splitting (Mike Snitzer) [1905136 1903722]\n- [block] block: fix get_max_io_size() (Mike Snitzer) [1905136 1903722]\n- [block] block: Improve physical block alignment of split bios (Mike Snitzer) [1905136 1903722]\n- [block] block: use gcd() to fix chunk_sectors limit stacking (Mike Snitzer) [1905136 1903722]\n- [netdrv] net/mlx5e: Add LAG warning if bond slave is not lag master (Alaa Hleihel) [1892344 1851709]\n- [netdrv] net/mlx5e: Add LAG warning for unsupported tx type (Alaa Hleihel) [1892344 1851709]\n- [netdrv] net/mlx5e: Return a valid errno if can't get lag device index (Alaa Hleihel) [1892344 1851709]\n- [net] openvswitch: handle DNAT tuple collision (Dumitru Ceara) [1892744 1877128]\n- [mm] mm/page_idle.c: skip offline pages (Chris von Recklinghausen) [1903019 1867490]\n- [include] mm/hotplug: invalid PFNs from pfn_to_online_page() (Waiman Long) [1903019 1878006]\n[4.18.0-240.11.1_3]\n- [scsi] scsi: core: Return BLK_STS_AGAIN for ALUA transitioning (Ewan Milne) [1900112 1867264]\n- [scsi] scsi: scsi_dh_alua: Set 'transitioning' state on Unit Attention (Ewan Milne) [1900112 1867264]\n- [scsi] scsi: scsi_dh_alua: Return BLK_STS_AGAIN for ALUA transitioning state (Ewan Milne) [1900112 1867264]\n- [block] scsi: block: Return status code in blk_mq_end_request() (Ewan Milne) [1900112 1867264]\n- [include] compiler_attributes.h: Add 'fallthrough' pseudo keyword for switch/case use (Ivan Vecera) [1900112 1867168]\n- [net] net: sctp: Rename fallthrough label to unhandled (Ivan Vecera) [1900112 1867168]\n- [idle] intel_idle: Customize IceLake server support (David Arcari) [1897183 1881620]", "edition": 1, "modified": "2021-02-17T00:00:00", "published": "2021-02-17T00:00:00", "id": "ELSA-2021-0558", "href": "http://linux.oracle.com/errata/ELSA-2021-0558.html", "title": "kernel security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T23:27:24", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25705", "CVE-2020-14381", "CVE-2020-29569", "CVE-2020-29568", "CVE-2020-14351", "CVE-2020-28374"], "description": "[5.4.17-2036.102.0.2uek]\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n[5.4.17-2036.102.0.1uek]\n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374}\n[5.4.17-2036.102.0uek]\n- futex: Fix inode life-time issue (Peter Zijlstra) [Orabug: 32233515] {CVE-2020-14381}\n- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233352] {CVE-2020-14351}\n- intel_idle: Customize IceLake server support (Chen Yu) [Orabug: 32218858] \n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210418] \n- vhost scsi: fix lun reset completion handling (Mike Christie) [Orabug: 32167069] \n- vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32167069] \n- vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32167069] \n- vhost scsi: fix cmd completion race (Mike Christie) [Orabug: 32167069] \n- vhost scsi: alloc cmds per vq instead of session (Mike Christie) [Orabug: 32167069] \n- vhost: Create accessors for virtqueues private_data (Eugenio Perez) [Orabug: 32167069] \n- vhost: add helper to check if a vq has been setup (Mike Christie) [Orabug: 32167069] \n- scsi: sd: Allow user to configure command retries (Mike Christie) [Orabug: 32167069] \n- scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug: 32167069] \n- scsi: mpt3sas: Update driver version to 36.100.00.00 (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Handle trigger page after firmware update (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Add persistent MPI trigger page (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Add persistent SCSI sense trigger page (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Add persistent Event trigger page (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Add persistent Master trigger page (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Add persistent trigger pages support (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Sync time periodically between driver and firmware (Suganath Prabu S) [Orabug: 32242279] \n- scsi: mpt3sas: Bump driver version to 35.101.00.00 (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Add module parameter multipath_on_hba (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Handle vSES vphy object during HBA reset (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Add bypass_dirty_port_flag parameter (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Handling HBA vSES device (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Update hba_port objects after host reset (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Get sas_device objects using device's rphy (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Get device objects using sas_address & portID (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Update hba_port's sas_address & phy_mask (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Allocate memory for hba_port objects (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Define hba_port structure (Sreekanth Reddy) [Orabug: 32242279] \n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) [Orabug: 32242279] \n- icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227958] {CVE-2020-25705}\n- perf/x86/intel/uncore: Add box_offsets for free-running counters (Kan Liang) [Orabug: 32020885] \n- perf/x86/intel/uncore: Factor out __snr_uncore_mmio_init_box (Kan Liang) [Orabug: 32020885] \n- perf/x86/intel/uncore: Add Ice Lake server uncore support (Kan Liang) [Orabug: 32020885]", "edition": 2, "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "ELSA-2021-9006", "href": "http://linux.oracle.com/errata/ELSA-2021-9006.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T23:34:59", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25705", "CVE-2020-28915", "CVE-2020-29569", "CVE-2020-29368", "CVE-2020-29568", "CVE-2020-14351", "CVE-2020-15437", "CVE-2020-15436", "CVE-2020-28374"], "description": "[4.14.35-2025.404.1.1]\n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248040] {CVE-2020-28374}\n[4.14.35-2025.404.1]\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260256] {CVE-2020-29569}\n[4.14.35-2025.404.0]\n- vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32201584] \n- vhost/scsi: Use copy_to_iter() to send control queue response (Bijan Mottahedeh) [Orabug: 32201584] \n- vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32201584] \n- scsi: sd: Allow user to configure command retries (Mike Christie) [Orabug: 32201584] \n- scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug: 32201584]\n[4.14.35-2025.403.5]\n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210463] \n- mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() (Andrea Arcangeli) [Orabug: 32212583] {CVE-2020-29368}\n- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233358] {CVE-2020-14351}\n[4.14.35-2025.403.4]\n- icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227961] {CVE-2020-25705}\n- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32159055] \n- hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32159975] \n- hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32159975] \n- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176263] {CVE-2020-28915}\n- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176263] {CVE-2020-28915}\n- block: Fix use-after-free in blkdev_get() (Jason Yan) [Orabug: 32194608] {CVE-2020-15436}\n- serial: 8250: fix null-ptr-deref in serial8250_start_tx() (Yang Yingliang) [Orabug: 32194712] {CVE-2020-15437}\n- staging: rts5208: rename SG_END macro (Arnd Bergmann) [Orabug: 32218496] \n- misc: rtsx: rename SG_END macro (Arnd Bergmann) [Orabug: 32218496]", "edition": 1, "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "ELSA-2021-9005", "href": "http://linux.oracle.com/errata/ELSA-2021-9005.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-17T01:37:58", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19770", "CVE-2019-19816", "CVE-2021-26932", "CVE-2020-29569", "CVE-2021-26930", "CVE-2021-26931", "CVE-2020-25656", "CVE-2020-36158", "CVE-2020-27673", "CVE-2020-29568", "CVE-2020-14351", "CVE-2020-28374", "CVE-2020-25704", "CVE-2020-29660"], "description": "[4.14.35-2047.500.9.1]\n- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492110] {CVE-2021-26930}\n- xen-scsiback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- xen-netback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- xen-blkback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/x86: dont bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n[4.14.35-2047.500.9]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426612] \n- A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 31175013] \n- net/rds: Incorrect RDS protocol version fall back (Ka-Cheong Poon) [Orabug: 32376163] \n- net/rds: Missing RDS/RDMA private data in response to connection request (Ka-Cheong Poon) [Orabug: 32388407]\n[4.14.35-2047.500.8]\n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32341032] \n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372161] \n- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380826] \n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32245078] \n- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350976] \n- net/mlx5: Use a single MSIX vector for all control EQs in VFs (Ariel Levkovich) [Orabug: 32368440] \n- net/mlx5: Fix available EQs FW used to reserve (Denis Drozdov) [Orabug: 32368440] \n- net/mlx5: Use max_num_eqs for calculation of required MSIX vectors (Denis Drozdov) [Orabug: 32368440] \n- net/mlx5: Expose DEVX specification (Yishai Hadas) [Orabug: 32368440] \n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248037] {CVE-2020-28374}\n[4.14.35-2047.500.7]\n- partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32047319] \n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260255] {CVE-2020-29569}\n- lockd: dont use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337717] \n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349205] {CVE-2020-36158}\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355208]\n[4.14.35-2047.500.6]\n- net/rds: Only yield with a valid 'i_connecting_ts' timestamp (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Only increment rdma_resolve_route timeout on error (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Dont block workqueues 'cma_wq' and 'cm.wq' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Dont drop neighbor loopback connection (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Take the GID offset into account for IB devices (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Leave the neighbor cache alone (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Give each connection its own workqueue (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Disassociate ic and cm_id before rdma_destroy_id (Gerd Rausch) [Orabug: 31030774] \n- Revert 'rds: ib: Implement proper cm_id compare' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Add a rdma_cm watchdog timer (Gerd Rausch) [Orabug: 31030774] \n- Revert 'RDS: IB: fix panic with handlers running post teardown' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Release all resources allocated by 'rds_ib_setup_qp' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Change the 'rds_aux_wq' workqueue to loose order (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Dont sleep inside worker threads (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Fix a few race conditions (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Execute 'rdma_destroy_id' in the background (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Delay reconnects from passive side by 3 seconds (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Drop connections when peers perform failover (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Yield to incoming connection requests (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Remove stale comments about random backoff (Gerd Rausch) [Orabug: 31030774]\n[4.14.35-2047.500.5]\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251912] \n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266679] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266679] {CVE-2020-29660}\n[4.14.35-2047.500.4]\n- bnxt_en: Release PCI regions when DMA mask setup fails during probe. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: fix error return code in bnxt_init_board() (Zhang Changzhong) [Orabug: 32223677] \n- bnxt_en: fix error return code in bnxt_init_one() (Zhang Changzhong) [Orabug: 32223677] \n- bnxt_en: Fix counter overflow logic. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: read EEPROM A2h address using page 0 (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Re-write PCI BARs after PCI fatal error. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Set driver default message level. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Enable online self tests for multi-host/NPAR mode. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Eliminate unnecessary RX resets. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Reduce unnecessary message log during RX errors. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Add a software counter for RX ring reset. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Implement RX ring reset in response to buffer errors. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Refactor bnxt_init_one_rx_ring(). (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Refactor bnxt_free_rx_skbs(). (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Update firmware interface spec to 1.10.1.68. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Improve preset max value for ethtool -l. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Handle ethernet link being disabled by firmware. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: add basic infrastructure to support PAM4 link speeds (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: refactor bnxt_get_fw_speed() (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: refactor code to limit speed advertising (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Update firmware interface spec to 1.10.1.65. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Fix wrong flag value passed to HWRM_PORT_QSTATS_EXT fw call. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Fix HWRM_FUNC_QSTATS_EXT firmware call. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Return -EOPNOTSUPP for ETHTOOL_GREGS on VFs. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: return proper error codes in bnxt_show_temp (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Setup default RSS map in all scenarios. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: init RSS table for Minimal-Static VF reservation (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: fix HWRM error when querying VF temperature (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Fix ethtool -S statitics with XDP or TCs enabled. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Dont query FW when netif_running() is false. (Pavan Chebbi) [Orabug: 32223677] \n- bnxt_en: Add support for 'ethtool -d' (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Switch over to use the 64-bit software accumulated counters. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Accumulate all counters. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Retrieve hardware masks for port counters. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Retrieve hardware counter masks from firmware if available. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Allocate additional memory for all statistics blocks. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Refactor statistics code and structures. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Use macros to define port statistics size and offset. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Update firmware interface to 1.10.1.54. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Remove PCIe non-counters from ethtool statistics (Vasundhara Volam) [Orabug: 32223677] \n- net: bnxt: don't complain if TC flower can't be supported (Jakub Kicinski) [Orabug: 32223677] \n- bnxt_en: Fix completion ring sizing with TPA enabled. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Init ethtool link settings after reading updated PHY configuration. (Vasundhara Volam) [Orabug: 32223677] \n- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233354] {CVE-2020-14351}\n- vhost scsi: fix lun reset completion handling (Mike Christie) [Orabug: 32201608] \n- vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32201608] \n- vhost/scsi: Use copy_to_iter() to send control queue response (Bijan Mottahedeh) [Orabug: 32201608] \n- vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32201608] \n- vhost scsi: fix cmd completion race (Mike Christie) [Orabug: 32201608] \n- vhost scsi: alloc cmds per vq instead of session (Mike Christie) [Orabug: 32201608] \n- vhost: add helper to check if a vq has been setup (Mike Christie) [Orabug: 32201608] \n- scsi: sd: Allow user to configure command retries (Mike Christie) [Orabug: 32201608] \n- scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug: 32201608] \n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210458] \n- intel_idle: Customize IceLake server support (Chen Yu) [Orabug: 32219015] \n- qla2xxx: Add missing module version banner (John Donnelly) [Orabug: 32244934] \n- scsi: mpt3sas: Update driver version to 36.100.00.00 (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Handle trigger page after firmware update (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent MPI trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent SCSI sense trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent Event trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent Master trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent trigger pages support (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Sync time periodically between driver and firmware (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Bump driver version to 35.101.00.00 (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Add module parameter multipath_on_hba (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Handle vSES vphy object during HBA reset (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Add bypass_dirty_port_flag parameter (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Handling HBA vSES device (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Update hba_port objects after host reset (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Get sas_device objects using devices rphy (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Get device objects using sas_address & portID (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Update hba_ports sas_address & phy_mask (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Allocate memory for hba_port objects (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Define hba_port structure (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: A small correction in _base_process_reply_queue (Tomas Henzl) [Orabug: 32223781] \n- scsi: mpt3sas: Fix sync irqs (Tomas Henzl) [Orabug: 32223781] \n- scsi: mpt3sas: Detect tampered Aero and Sea adapters (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Dont call disable_irq from IRQ poll handler (Tomas Henzl) [Orabug: 32223781] \n- scsi: mpt3sas: Remove pci-dma-compat wrapper API (Suraj Upadhyay) [Orabug: 32223781] \n- scsi: mpt3sas: Remove superfluous memset() (Li Heng) [Orabug: 32223781] \n- scsi: mpt3sas: Update driver version to 35.100.00.00 (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Postprocessing of target and LUN reset (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add functions to check if any cmd is outstanding on Target and LUN (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Rename and export interrupt mask/unmask functions (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Cancel the running work during host reset (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Dump system registers for debugging (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Memset config_cmds.reply buffer with zeros (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Fix kdoc comments format (Damien Le Moal) [Orabug: 32223781] \n- scsi: mpt3sas: Fix set but unused variable (Damien Le Moal) [Orabug: 32223781] \n- scsi: mpt3sas: Fix error returns in BRM_status_show (Johannes Thumshirn) [Orabug: 32223781] \n- scsi: mpt3sas: Fix unlock imbalance (Damien Le Moal) [Orabug: 32223781] \n- scsi: mpt3sas: Fix spelling mistake (Flavio Suligoi) [Orabug: 32223781]\n[4.14.35-2047.500.3]\n- hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32173883] \n- hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32173883] \n- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32177802] \n- scsi: qla2xxx: Update version to 10.02.00.103-k (Nilesh Javali) [Orabug: 32213922] \n- qla2xxx: back port upstream patch (Quinn Tran) [Orabug: 32213922] \n- scsi: scsi_transport_fc: Add FPIN fc event codes (James Smart) [Orabug: 32213922] \n- scsi: scsi_transport_fc: refactor event posting routines (James Smart) [Orabug: 32213922] \n- Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (Quinn Tran) [Orabug: 32213922] \n- Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Check if FW supports MQ before enabling (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Reduce noisy debug message (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Reduce duplicate code in reporting speed (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Indicate correct supported speeds for Mezz card (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Flush I/O on zone disable (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Flush all sessions on zone disable (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: remove incorrect sparse #ifdef (Linus Torvalds) [Orabug: 32213922] \n- scsi: qla2xxx: Return EBUSY on fcport deletion (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Fix return of uninitialized value in rval (Colin Ian King) [Orabug: 32213922] \n- scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (Tom Rix) [Orabug: 32213922] \n- scsi: qla2xxx: Do not consume srb greedily (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Use constant when it is known (Pavel Machek (CIP)) [Orabug: 32213922] \n- scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (Ye Bin) [Orabug: 32213922] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (Ye Bin) [Orabug: 32213922] \n- scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (Ye Bin) [Orabug: 32213922] \n- scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix crash on session cleanup with unload (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix reset of MPI firmware (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix MPI reset needed message (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix buffer-buffer credit extraction error (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Correct the check for sscanf() return value (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Update version to 10.02.00.102-k (Nilesh Javali) [Orabug: 32213922] \n- scsi: qla2xxx: Add SLER and PI control support (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Add IOCB resource tracking (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Add rport fields in debugfs (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Make tgt_port_database available in initiator mode (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix I/O errors during LIP reset tests (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Performance tweak (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix memory size truncation (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Setup debugfs entries for remote ports (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix I/O failures during remote port toggle testing (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Remove unneeded variable 'rval' (Jason Yan) [Orabug: 32213922] \n- scsi: qla2xxx: Handle incorrect entry_type entries (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Fix the return value (Xianting Tian) [Orabug: 32213922] \n- scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (Tianjia Zhang) [Orabug: 32213922] \n- scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (Tianjia Zhang) [Orabug: 32213922] \n- scsi: qla2xxx: Remove redundant variable initialization (Tianjia Zhang) [Orabug: 32213922] \n- scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (Christophe JAILLET) [Orabug: 32213922] \n- scsi: qla2xxx: Remove pci-dma-compat wrapper API (Suraj Upadhyay) [Orabug: 32213922] \n- scsi: qla2xxx: Remove superfluous memset() (Li Heng) [Orabug: 32213922] \n- scsi: qla2xxx: Fix regression on sparc64 (Rene Rebe) [Orabug: 32213922] \n- scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (Enzo Matsumiya) [Orabug: 32213922] \n- scsi: qla2xxx: Address a set of sparse warnings (Shyam Sundar) [Orabug: 32213922] \n- scsi: qla2xxx: SAN congestion management implementation (Shyam Sundar) [Orabug: 32213922] \n- scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (Shyam Sundar) [Orabug: 32213922] \n- scsi: qla2xxx: Introduce a function for computing the debug message prefix (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Remove a superfluous cast (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Initialize 'n' before using it (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (Bart Van Assche) [Orabug: 32213922] \n- scsi: fc: Update Descriptor definition and add RDF and Link Integrity FPINs (James Smart) [Orabug: 32213922] \n- scsi: fc: add FPIN ELS definition (James Smart) [Orabug: 32213922] \n- staging: rts5208: rename SG_END macro (Arnd Bergmann) [Orabug: 32218536] \n- misc: rtsx: rename SG_END macro (Arnd Bergmann) [Orabug: 32218536] \n- ACPI: NFIT: Add runtime firmware activate support (Dan Williams) [Orabug: 32224144] \n- PM, libnvdimm: Add runtime firmware activation support (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Convert to DEVICE_ATTR_ADMIN_RO() (Dan Williams) [Orabug: 32224144] \n- driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Emulate firmware activation commands (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Prepare nfit_ctl_test() for ND_CMD_CALL emulation (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Add command debug messages (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Cleanup dimm index passing (Dan Williams) [Orabug: 32224144] \n- ACPI: NFIT: Define runtime firmware activation commands (Dan Williams) [Orabug: 32224144] \n- ACPI: NFIT: Move bus_dsm_mask out of generic nvdimm_bus_descriptor (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Validate command family indices (Dan Williams) [Orabug: 32224144] \n- PM: hibernate: Incorporate concurrency handling (Domenico Andreoli) [Orabug: 32224144] \n- libnvdimm: Move nvdimm_bus_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm/of_pmem: Provide a unique name for bus provider (Aneesh Kumar K.V) [Orabug: 32224144] \n- libnvdimm: Move nvdimm_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_mapping_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_region_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_numa_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_device_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move region attribute group definition (Dan Williams) [Orabug: 32224144] \n- libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move attribute groups to device type (Dan Williams) [Orabug: 32224144] \n- acpi/nfit: improve bounds checking for 'func' (Dan Carpenter) [Orabug: 32224144] \n- ACPI/nfit: delete the function to_acpi_nfit_desc (Xiaochun Lee) [Orabug: 32224144]\n[4.14.35-2047.500.2]\n- lockdown: make lockdown mode available in securityfs (Alan Maguire) [Orabug: 32176137] \n- uek-rpm: Dont build emb2 kernel for mips (Dave Kleikamp) [Orabug: 32176895] \n- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177989] \n- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32195765] \n- lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32195765] \n- lib/scatterlist: Add SG_CHAIN and SG_END macros for LSB encodings (Anshuman Khandual) [Orabug: 32195765] \n- lib/scatterlist: Avoid potential scatterlist entry overflow (Tvrtko Ursulin) [Orabug: 32195765] \n- lib/scatterlist: Fix offset type in sg_alloc_table_from_pages (Tvrtko Ursulin) [Orabug: 32195765] \n- rds: fix out-of-tree build broken by tracepoints (Alan Maguire) [Orabug: 32185345] \n- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177547]\n[4.14.35-2047.500.1]\n- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin( )) [Orabug: 32131174] {CVE-2020-25704}\n- perf/core: Fix bad use of igrab() (Song Liu) [Orabug: 32131174] {CVE-2020-25704}\n- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136897] \n- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136897] \n- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136897] \n- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136897] \n- xen/gntdev: fix up blockable calls to mn_invl_range_start (Michal Hocko) [Orabug: 32139243] \n- uek-rpm: Enable Intel Speed Select Technology interface support (Somasundaram Krishnasamy) [Orabug: 32047440] \n- platform/x86: ISST: Add new PCI device ids (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Increase timeout (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Fix wrong unregister type (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Allow additional core-power mailbox commands (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Allow additional TRL MSRs (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Use dev_get_drvdata (Chuhong Yuan) [Orabug: 32047440] \n- platform/x86: ISST: Restore state on resume (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select PUNIT MSR interface (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select mailbox interface via MSRs (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select mailbox interface via PCI (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select mmio interface (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add IOCTL to Translate Linux logical CPU to PUNIT CPU number (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Store per CPU information (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add common API to register and handle ioctls (Srinivas Pandruvada) [Orabug: 32047440]\n[4.14.35-2046]\n- lockdown: By default run in integrity mode. (Konrad Rzeszutek Wilk) [Orabug: 32131560] \n- kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32138009] \n- Revert 'pci: hardcode enumeration' (Dave Aldridge) [Orabug: 32152281] \n- hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152143] \n- hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152143] \n- Revert 'iomap: Fix pipe page leakage during splicing' (George Kennedy) [Orabug: 30848187] \n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Icelakx (Ankur Arora) [Orabug: 32080078] \n- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on AMD Zen (Ankur Arora) [Orabug: 32080078] \n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Broadwellx (Ankur Arora) [Orabug: 32080078] \n- mm, clear_huge_page: use clear_page_uncached() for gigantic pages (Ankur Arora) [Orabug: 32080078] \n- x86/clear_page: add clear_page_uncached() (Ankur Arora) [Orabug: 32080078] \n- x86/asm: add clear_page_nt() (Ankur Arora) [Orabug: 32080078] \n- perf bench: add memset_movnti() (Ankur Arora) [Orabug: 32080078] \n- x86/asm: add memset_movnti() (Ankur Arora) [Orabug: 32080078] \n- x86/cpuid: add X86_FEATURE_NT_GOOD (Ankur Arora) [Orabug: 32080078] \n- Linux 4.14.206 (Greg Kroah-Hartman) \n- powercap: restrict energy meter to root access (Len Brown) \n- Linux 4.14.205 (Greg Kroah-Hartman) [Orabug: 32041544] \n- arm64: dts: marvell: espressobin: add ethernet alias (Tomasz Maciej Nowak) \n- PM: runtime: Resume the device earlier in __device_release_driver() (Rafael J. Wysocki) \n- Revert 'ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE' (Vineet Gupta) \n- ARC: stack unwinding: avoid indefinite looping (Vineet Gupta) \n- usb: mtu3: fix panic in mtu3_gadget_stop() (Macpaul Lin) \n- USB: Add NO_LPM quirk for Kingston flash drive (Alan Stern) \n- USB: serial: option: add Telit FN980 composition 0x1055 (Daniele Palmas) \n- USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (Daniele Palmas) \n- USB: serial: option: add Quectel EC200T module support (Ziyi Cao) \n- USB: serial: cyberjack: fix write-URB completion race (Johan Hovold) \n- serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (Qinglang Miao) \n- serial: 8250_mtk: Fix uart_get_baud_rate warning (Claire Chang) \n- fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (Eddy Wu) \n- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) \n- ACPI: NFIT: Fix comparison to '-ENXIO' (Zhang Qilong) \n- drm/vc4: drv: Add error handding for bind (Hoegeun Kwon) \n- vsock: use ns_capable_noaudit() on socket create (Jeff Vander Stoep) \n- scsi: core: Dont start concurrent async scan on same host (Ming Lei) \n- blk-cgroup: Pre-allocate tree node on blkg_conf_prep (Gabriel Krisman Bertazi) \n- blk-cgroup: Fix memleak on error path (Gabriel Krisman Bertazi) \n- of: Fix reserved-memory overlap detection (Vincent Whitchurch) \n- x86/kexec: Use up-to-dated screen_info copy to fill boot params (Kairui Song) \n- ARM: dts: sun4i-a10: fix cpu_alert temperature (Clement Peron) \n- futex: Handle transient 'ownerless' rtmutex state correctly (Mike Galbraith) \n- tracing: Fix out of bounds write in get_trace_buf (Qiujun Huang) \n- ftrace: Handle tracing when switching between context (Steven Rostedt (VMware)) \n- ftrace: Fix recursion check for NMI test (Steven Rostedt (VMware)) \n- gfs2: Wake up when sd_glock_disposal becomes zero (Alexander Aring) \n- mm: always have io_remap_pfn_range() set pgprot_decrypted() (Jason Gunthorpe) \n- kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (Zqiang) \n- lib/crc32test: remove extra local_irq_disable/enable (Vasily Gorbik) \n- ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (Geoffrey D. Bennett) \n- Fonts: Replace discarded const qualifier (Lee Jones) \n- blktrace: fix debugfs use after free (Luis Chamberlain) {CVE-2019-19770}\n- Blktrace: bail out early if block debugfs is not configured (Liu Bo) \n- sfp: Fix error handing in sfp_probe() (YueHaibing) \n- sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms (Petr Malat) \n- net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (Daniele Palmas) \n- gianfar: Account for Tx PTP timestamp in the skb headroom (Claudiu Manoil) \n- gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (Claudiu Manoil) \n- tipc: fix use-after-free in tipc_bcast_get_mode (Hoang Huu Le) \n- drm/i915: Break up error capture compression loops with cond_resched() (Chris Wilson) \n- Linux 4.14.204 (Greg Kroah-Hartman) \n- staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (Ian Abbott) \n- KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR (Marc Zyngier) \n- device property: Dont clear secondary pointer for shared primary firmware node (Andy Shevchenko) \n- device property: Keep secondary firmware node secondary by type (Andy Shevchenko) \n- ARM: s3c24xx: fix missing system reset (Krzysztof Kozlowski) \n- ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (Krzysztof Kozlowski) \n- arm: dts: mt7623: add missing pause for switchport (Frank Wunderlich) \n- hil/parisc: Disable HIL driver when it gets stuck (Helge Deller) \n- cachefiles: Handle readpage error correctly (Matthew Wilcox (Oracle)) \n- arm64: berlin: Select DW_APB_TIMER_OF (Jisheng Zhang) \n- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) \n- rtc: rx8010: dont modify the global rtc ops (Bartosz Golaszewski) \n- drm/ttm: fix eviction valuable range check. (Dave Airlie) \n- ext4: fix invalid inode checksum (Luo Meng) \n- ext4: fix error handling code in add_new_gdb (Dinghao Liu) \n- ext4: fix leaking sysfs kobject after failed mount (Eric Biggers) \n- vringh: fix __vringh_iov() when riov and wiov are different (Stefano Garzarella) \n- ring-buffer: Return 0 on success from ring_buffer_resize() (Qiujun Huang) \n- 9P: Cast to loff_t before multiplying (Matthew Wilcox (Oracle)) \n- libceph: clear con->out_msg on Policy::stateful_server faults (Ilya Dryomov) \n- ceph: promote to unsigned long long before shifting (Matthew Wilcox (Oracle)) \n- drm/amdgpu: dont map BO in reserved region (Madhav Chauhan) \n- ia64: fix build error with !COREDUMP (Krzysztof Kozlowski) \n- ubi: check kthread_should_stop() after the setting of task state (Zhihao Cheng) \n- perf python scripting: Fix printable strings in python3 scripts (Jiri Olsa) \n- ubifs: dent: Fix some potential memory leaks while iterating entries (Zhihao Cheng) \n- NFSD: Add missing NFSv2 .pc_func methods (Chuck Lever) \n- NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (Olga Kornievskaia) \n- powerpc/powernv/elog: Fix race while processing OPAL error log event. (Mahesh Salgaonkar) \n- powerpc: Warn about use of smt_snooze_delay (Joel Stanley) \n- powerpc/rtas: Restrict RTAS requests from userspace (Andrew Donnellan) \n- s390/stp: add locking to sysfs functions (Sven Schnelle) \n- iio:gyro:itg3200: Fix timestamp alignment and prevent data leak. (Jonathan Cameron) \n- iio:adc:ti-adc12138 Fix alignment issue with timestamp (Jonathan Cameron) \n- iio:adc:ti-adc0832 Fix alignment issue with timestamp (Jonathan Cameron) \n- iio:light:si1145: Fix timestamp alignment and prevent data leak. (Jonathan Cameron) \n- dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (Paul Cercueil) \n- vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) {CVE-2020-25656}\n- vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) \n- drm/i915: Force VTd workarounds when running as a guest OS (Chris Wilson) \n- usb: host: fsl-mph-dr-of: check return of dma_set_mask() (Ran Wang) \n- usb: cdc-acm: fix cooldown mechanism (Jerome Brunet) \n- usb: dwc3: core: dont trigger runtime pm when remove driver (Li Jun) \n- usb: dwc3: core: add phy cleanup for probe error handling (Li Jun) \n- usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (Thinh Nguyen) \n- btrfs: fix use-after-free on readahead extent after failure to create it (Filipe Manana) \n- btrfs: cleanup cow block on error (Josef Bacik) \n- btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send() (Denis Efremov) \n- btrfs: send, recompute reference path after orphanization of a directory (Filipe Manana) \n- btrfs: reschedule if necessary when logging directory items (Filipe Manana) \n- scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() (Helge Deller) \n- w1: mxc_w1: Fix timeout resolution problem leading to bus error (Martin Fuzzey) \n- acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (Wei Huang) \n- ACPI: debug: dont allow debugging when ACPI is disabled (Jamie Iles) \n- ACPI: video: use ACPI backlight for HP 635 Notebook (Alex Hung) \n- ACPI / extlog: Check for RDMSR failure (Ben Hutchings) \n- NFS: fix nfs_path in case of a rename retry (Ashish Sangwan) \n- fs: Dont invalidate page buffers in block_write_full_page() (Jan Kara) \n- leds: bcm6328, bcm6358: use devres LED registering function (Marek Behun) \n- perf/x86/amd/ibs: Fix raw sample data accumulation (Kim Phillips) \n- perf/x86/amd/ibs: Dont include randomized bits in get_ibs_op_count() (Kim Phillips) \n- md/raid5: fix oops during stripe resizing (Song Liu) \n- nvme-rdma: fix crash when connect rejected (Chao Leng) \n- sgl_alloc_order: fix memory leak (Douglas Gilbert) \n- nbd: make the config put is called before the notifying the waiter (Xiubo Li) \n- ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node (Krzysztof Kozlowski) \n- ARM: dts: s5pv210: move PMU node out of clock controller (Krzysztof Kozlowski) \n- ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings (Krzysztof Kozlowski) \n- memory: emif: Remove bogus debugfs error handling (Dan Carpenter) \n- arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes (Yoshihiro Shimoda) \n- gfs2: add validation checks for size of superblock (Anant Thazhemadam) \n- ext4: Detect already used quota file early (Jan Kara) \n- drivers: watchdog: rdc321x_wdt: Fix race condition bugs (Madhuparna Bhowmik) \n- net: 9p: initialize sun_server.sun_path to have addrs value only when addr is valid (Anant Thazhemadam) \n- clk: ti: clockdomain: fix static checker warning (Tero Kristo) \n- bnxt_en: Log unknown link speed appropriately. (Michael Chan) \n- md/bitmap: md_bitmap_get_counter returns wrong blocks (Zhao Heming) \n- power: supply: test_power: add missing newlines when printing parameters by sysfs (Xiongfeng Wang) \n- bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (Diana Craciun) \n- drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values (Xie He) \n- ACPI: Add out of bounds and numa_off protections to pxm_to_node() (Jonathan Cameron) \n- arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE (Zhengyuan Liu) \n- uio: free uio id after uio file node is freed (Lang Dai) \n- USB: adutux: fix debugging (Oliver Neukum) \n- cpufreq: sti-cpufreq: add stih418 support (Alain Volmat) \n- kgdb: Make 'kgdbcon' work properly with 'kgdb_earlycon' (Douglas Anderson) \n- printk: reduce LOG_BUF_SHIFT range for H8300 (John Ogness) \n- drm/bridge/synopsys: dsi: add support for non-continuous HS clock (Antonio Borneo) \n- mmc: via-sdmmc: Fix data race bug (Madhuparna Bhowmik) \n- media: tw5864: check status of tw5864_frameinterval_get (Tom Rix) \n- usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (Badhri Jagan Sridharan) \n- media: platform: Improve queue set up flow for bug fixing (Xia Jiang) \n- media: videodev2.h: RGB BT2020 and HSV are always full range (Hans Verkuil) \n- drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (Nadezda Lutovinova) \n- ath10k: fix VHT NSS calculation when STBC is enabled (Sathishkumar Muruganandam) \n- ath10k: start recovery process when payload length exceeds max htc length for sdio (Wen Gong) \n- video: fbdev: pvr2fb: initialize variables (Tom Rix) \n- xfs: fix realtime bitmap/summary file truncation when growing rt volume (Darrick J. Wong) \n- ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses (Douglas Anderson) \n- um: change sigio_spinlock to a mutex (Johannes Berg) \n- f2fs: fix to check segment boundary during SIT page readahead (Chao Yu) \n- f2fs: add trace exit in exception path (Zhang Qilong) \n- sparc64: remove mm_cpumask clearing to fix kthread_use_mm race (Nicholas Piggin) \n- powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (Nicholas Piggin) \n- powerpc/powernv/smp: Fix spurious DBG() warning (Oliver O Halloran) \n- futex: Fix incorrect should_fail_futex() handling (Mateusz Nosek) \n- mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (Amit Cohen) \n- x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (Jiri Slaby) \n- fscrypt: return -EXDEV for incompatible rename or link into encrypted dir (Eric Biggers) \n- ata: sata_rcar: Fix DMA boundary mask (Geert Uytterhoeven) \n- mtd: lpddr: Fix bad logic in print_drs_error (Gustavo A. R. Silva) \n- p54: avoid accessing the data mapped to streaming DMA (Jia-Ju Bai) \n- fuse: fix page dereference after free (Miklos Szeredi) \n- x86/xen: disable Firmware First mode for correctable memory errors (Juergen Gross) \n- arch/x86/amd/ibs: Fix re-arming IBS Fetch (Kim Phillips) \n- tipc: fix memory leak caused by tipc_buf_append() (Tung Nguyen) \n- ravb: Fix bit fields checking in ravb_hwtstamp_get() (Andrew Gabbasov) \n- gtp: fix an use-before-init in gtp_newlink() (Masahiro Fujiwara) \n- efivarfs: Replace invalid slashes with exclamation marks in dentries. (Michael Schaller) \n- arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (Nick Desaulniers) \n- scripts/setlocalversion: make git describe output more reliable (Rasmus Villemoes) \n- Btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Filipe Manana) [Orabug: 31864725] {CVE-2019-19816}\n- btrfs: fix return value mixup in btrfs_get_extent (Pavel Machek) [Orabug: 31864725] {CVE-2019-19816}\n- btrfs: inode: Verify inode mode to avoid NULL pointer dereference (Qu Wenruo) [Orabug: 31864725] {CVE-2019-19816}\n- hv_netvsc: Set probe mode to sync (Haiyang Zhang) [Orabug: 32120118]", "edition": 2, "modified": "2021-02-16T00:00:00", "published": "2021-02-16T00:00:00", "id": "ELSA-2021-9052", "href": "http://linux.oracle.com/errata/ELSA-2021-9052.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-08T01:30:51", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10711", "CVE-2020-25705", "CVE-2020-14305", "CVE-2020-12464", "CVE-2020-28915", "CVE-2019-14895", "CVE-2019-19037", "CVE-2020-12652", "CVE-2019-19447", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-28974", "CVE-2020-15436", "CVE-2019-20934"], "description": "[4.1.12-124.46.3]\n- mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Ganapathi Bhat) [Orabug: 30781859] {CVE-2019-14895} {CVE-2019-14895}\n- ext4: fix ext4_empty_dir() for directories with holes (Jan Kara) [Orabug: 31265320] {CVE-2019-19037} {CVE-2019-19037}\n- netlabel: cope with NULL catmap (Paolo Abeni) [Orabug: 31350493] {CVE-2020-10711}\n- scsi: mptfusion: Fix double fetch bug in ioctl (Dan Carpenter) [Orabug: 31350941] {CVE-2020-12652}\n- scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() (Dan Carpenter) [Orabug: 31350941] {CVE-2020-12652}\n- USB: core: Fix free-while-in-use bug in the USB S-Glibrary (Alan Stern) [Orabug: 31350967] {CVE-2020-12464}\n- drivers: usb: core: Minimize irq disabling in usb_sg_cancel() (David Mosberger) [Orabug: 31350967] {CVE-2020-12464}\n- drivers: usb: core: Don't disable irqs in usb_sg_wait() during URB submit. (David Mosberger) [Orabug: 31350967] {CVE-2020-12464}\n- ext4: work around deleting a file with i_nlink == 0 safely (Theodore Ts'o) [Orabug: 31351014] {CVE-2019-19447}\n- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 31984319] \n- xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (Josh Abraham) [Orabug: 31984319] \n- ext4: fix fencepost in s_first_meta_bg validation (Theodore Ts'o) [Orabug: 32197511] \n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32202000] \n- sched/fair: Don't free p->numa_faults with concurrent readers (Jann Horn) [Orabug: 32212524] {CVE-2019-20934}\n- netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6 (Vasily Averin) [Orabug: 32222844] {CVE-2020-14305}\n- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233360] {CVE-2020-14351}\n- ext4: fix calculation of meta_bg descriptor backups (Andy Leiserson) [Orabug: 32245133]\n[4.1.12-124.46.2]\n- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 31780626] \n- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176264] {CVE-2020-28915}\n- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176264] {CVE-2020-28915}\n- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177993] \n- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187749] {CVE-2020-28974}\n- block: Fix use-after-free in blkdev_get() (Jason Yan) [Orabug: 32194609] {CVE-2020-15436}\n- icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227971] {CVE-2020-25705}\n[4.1.12-124.46.1]\n- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722767] \n- KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722767] \n- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722767] \n- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722767] \n- xfs: catch inode allocation state mismatch corruption (Gautham Ananthakrishna) [Orabug: 32071488] \n- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122731] {CVE-2020-25668}\n- IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136900] \n- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136900] \n- IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136900] \n- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136900] \n- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136900] \n- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136900]", "edition": 1, "modified": "2021-01-07T00:00:00", "published": "2021-01-07T00:00:00", "id": "ELSA-2021-9002", "href": "http://linux.oracle.com/errata/ELSA-2021-9002.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-01-12T23:26:36", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8695", "CVE-2020-25705", "CVE-2020-14381", "CVE-2020-28915", "CVE-2020-29569", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-29568", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-12352", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-28374", "CVE-2020-25704"], "description": "[5.4.17-2036.102.0.2.el7]\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}\n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374}\n[5.4.17-2036.102.0.el7]\n- futex: Fix inode life-time issue (Peter Zijlstra) [Orabug: 32233515] {CVE-2020-14381}\n- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233352] {CVE-2020-14351}\n- intel_idle: Customize IceLake server support (Chen Yu) [Orabug: 32218858]\n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210418]\n- vhost scsi: fix lun reset completion handling (Mike Christie) [Orabug: 32167069]\n- vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32167069]\n- vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32167069]\n- vhost scsi: fix cmd completion race (Mike Christie) [Orabug: 32167069]\n- vhost scsi: alloc cmds per vq instead of session (Mike Christie) [Orabug: 32167069]\n- vhost: Create accessors for virtqueues private_data (Eugenio Perez) [Orabug: 32167069]\n- vhost: add helper to check if a vq has been setup (Mike Christie) [Orabug: 32167069]\n- scsi: sd: Allow user to configure command retries (Mike Christie) [Orabug: 32167069]\n- scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug: 32167069]\n- scsi: mpt3sas: Update driver version to 36.100.00.00 (Suganath Prabu S) [Orabug: 32242279]\n- scsi: mpt3sas: Handle trigger page after firmware update (Suganath Prabu S) [Orabug: 32242279]\n- scsi: mpt3sas: Add persistent MPI trigger page (Suganath Prabu S) [Orabug: 32242279]\n- scsi: mpt3sas: Add persistent SCSI sense trigger page (Suganath Prabu S) [Orabug: 32242279]\n- scsi: mpt3sas: Add persistent Event trigger page (Suganath Prabu S) [Orabug: 32242279]\n- scsi: mpt3sas: Add persistent Master trigger page (Suganath Prabu S) [Orabug: 32242279]\n- scsi: mpt3sas: Add persistent trigger pages support (Suganath Prabu S) [Orabug: 32242279]\n- scsi: mpt3sas: Sync time periodically between driver and firmware (Suganath Prabu S) [Orabug: 32242279]\n- scsi: mpt3sas: Bump driver version to 35.101.00.00 (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Add module parameter multipath_on_hba (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Handle vSES vphy object during HBA reset (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Add bypass_dirty_port_flag parameter (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Handling HBA vSES device (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Update hba_port objects after host reset (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Get sas_device objects using device's rphy (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Get device objects using sas_address & portID (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Update hba_port's sas_address & phy_mask (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Allocate memory for hba_port objects (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Define hba_port structure (Sreekanth Reddy) [Orabug: 32242279]\n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) [Orabug: 32242279]\n- icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227958] {CVE-2020-25705}\n- perf/x86/intel/uncore: Add box_offsets for free-running counters (Kan Liang) [Orabug: 32020885]\n- perf/x86/intel/uncore: Factor out __snr_uncore_mmio_init_box (Kan Liang) [Orabug: 32020885]\n- perf/x86/intel/uncore: Add Ice Lake server uncore support (Kan Liang) [Orabug: 32020885]\n[5.4.17-2036.101.2.el7]\n- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187738] {CVE-2020-28974}\n- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177966]\n- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915}\n- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915}\n- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32159053]\n- net/rds: rds_ib_remove_one() accesses freed memory (Ka-Cheong Poon) [Orabug: 32213896]\n- hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32159973]\n- hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32159973]\n- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32005752]\n- lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32005752]\n- arm64:uek/config: Enable ZONE_DMA config (Vijay Kumar) [Orabug: 31970521]\n- Revert 'arm64/dts: Serial console fix for RPi4' (Vijay Kumar) [Orabug: 31970521]\n- uek-rpm: aarch64: enable CONFIG_ACPI_APEI_EINJ (Dave Kleikamp) [Orabug: 32182237]\n- NFSD: fix missing refcount in nfsd4_copy by nfsd4_do_async_copy (Dai Ngo) [Orabug: 32177992]\n- NFSD: Fix use-after-free warning when doing inter-server copy (Dai Ngo) [Orabug: 32177992]\n- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177543]\n[5.4.17-2036.101.1.el7]\n- uek-rpm: Enable Intel Speed Select Technology interface support (Somasundaram Krishnasamy) [Orabug: 32161425]\n- platform/x86: ISST: Increase timeout (Srinivas Pandruvada) [Orabug: 32161425]\n- platform/x86: ISST: Fix wrong unregister type (Srinivas Pandruvada) [Orabug: 32161425]\n- platform/x86: ISST: Allow additional core-power mailbox commands (Srinivas Pandruvada) [Orabug: 32161425]\n- IB/mlx4: Convert rej_tmout radix-tree to XArray (Hakon Bugge) [Orabug: 32136895]\n- IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136895]\n- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136895]\n- IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136895]\n- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136895]\n- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136895]\n- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136895]\n- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin()) [Orabug: 32131172] {CVE-2020-25704}\n- vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656}\n- vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656}\n- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122725] {CVE-2020-25668}\n- NFSv4.2: Fix NFS4ERR_STALE error when doing inter server copy (Dai Ngo) [Orabug: 31879682]\n[5.4.17-2036.101.0.el7]\n- hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152142]\n- hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152142]\n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Icelakex (Ankur Arora) [Orabug: 32143850]\n- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on AMD Zen (Ankur Arora) [Orabug: 32143850]\n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Broadwellx (Ankur Arora) [Orabug: 32143850]\n- mm, clear_huge_page: use clear_page_uncached() for gigantic pages (Ankur Arora) [Orabug: 32143850]\n- x86/clear_page: add clear_page_uncached() (Ankur Arora) [Orabug: 32143850]\n- x86/asm: add clear_page_nt() (Ankur Arora) [Orabug: 32143850]\n- perf bench: add memset_movnti() (Ankur Arora) [Orabug: 32143850]\n- x86/asm: add memset_movnti() (Ankur Arora) [Orabug: 32143850]\n- x86/cpuid: add X86_FEATURE_NT_GOOD (Ankur Arora) [Orabug: 32143850]\n- kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32137996]\n- cifs: handle empty list of targets in cifs_reconnect() (Paulo Alcantara) [Orabug: 32124750]\n- cifs: get rid of unused parameter in reconn_setup_dfs_targets() (Paulo Alcantara) [Orabug: 32124750]\n- rds/ib: Fix: (rds: Deregister all FRWR mr with free_mr) (Manjunath Patil) [Orabug: 32113472]\n- net/rds: Force ARP flush upon RDMA_CM_EVENT_ADDR_CHANGE (Gerd Rausch) [Orabug: 32095959]\n- uek-rpm: aarch64: increase CONFIG_NODES_SHIFT from 3 to 6 (Dave Kleikamp) [Orabug: 32075923]\n- rds: Restore MR use-once semantics (Hakon Bugge) [Orabug: 31990092] [Orabug: 32072247]\n- rds: Fix incorrect cmsg status and use-after-free (Hakon Bugge) [Orabug: 32003078] [Orabug: 32072245]\n- rds: Force ordering of {set,clear}_bit operating on m_flags (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- rds: Do not send canceled operations to the transport layer (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- Revert 'RDS: Drop the connection as part of cancel to avoid hangs' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- Revert 'rds: fix warning in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- Revert 'rds: Use correct conn when dropping connections due to cancel' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- Revert 'rds: prevent use-after-free of rds conn in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- Revert 'rds: Use bitmap to designate dropped connections' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- Revert 'UEK6 compiler warning for /net/rds/send.c' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]\n- x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Thomas Gleixner) [Orabug: 32048971]\n- x86/mce/therm_throt: Do not access uninitialized therm_work (Chuansheng Liu) [Orabug: 32048971]\n- x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Arnd Bergmann) [Orabug: 32048971]\n- x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Srinivas Pandruvada) [Orabug: 32048971]\n- x86/mce/therm_throt: Optimize notifications of thermal throttle (Srinivas Pandruvada) [Orabug: 32048971]\n- ocfs2: fix remounting needed after setfacl command (Gang He) [Orabug: 32042684]\n- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042517]\n- net/rds: Refactor sendmsg ancillary data processing (Ka-Cheong Poon) [Orabug: 32027845]\n- Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021285] {CVE-2020-12352}\n- ima: Use ima_hash_algo for collision detection in the measurement list (Roberto Sassu) [Orabug: 31973040]\n- ima: Calculate and extend PCR with digests in ima_template_entry (Roberto Sassu) [Orabug: 31973040]\n- ima: Allocate and initialize tfm for each PCR bank (Roberto Sassu) [Orabug: 31973040]\n- ima: Switch to dynamically allocated buffer for template digests (Roberto Sassu) [Orabug: 31973040]\n- ima: Store template digest directly in ima_template_entry (Roberto Sassu) [Orabug: 31973040]\n- scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (James Smart) [Orabug: 31598148]\n- net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113840]\n- A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095766]\n- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040802] {CVE-2020-8694} {CVE-2020-8695}", "edition": 2, "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "ELSA-2021-9007", "href": "http://linux.oracle.com/errata/ELSA-2021-9007.html", "title": "Unbreakable Enterprise kernel-container security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-13T01:35:49", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8695", "CVE-2020-25705", "CVE-2019-19816", "CVE-2020-28915", "CVE-2020-29569", "CVE-2020-29368", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-29568", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-15437", "CVE-2020-12352", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-15436", "CVE-2020-28374", "CVE-2020-25704"], "description": "[4.14.35-2025.404.1.1.el7]\n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248040]\n {CVE-2020-28374}\n[4.14.35-2025.404.1.el7]\n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260256] {CVE-2020-29569}\n[4.14.35-2025.404.0.el7]\n- vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32201584]\n- vhost/scsi: Use copy_to_iter() to send control queue response (Bijan Mottahedeh) [Orabug: 32201584]\n- vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32201584]\n- scsi: sd: Allow user to configure command retries (Mike Christie) [Orabug: 32201584]\n- scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug: 32201584]\n[4.14.35-2025.403.5.el7]\n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210463]\n- mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() (Andrea Arcangeli) [Orabug: 32212583] {CVE-2020-29368}\n- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233358] {CVE-2020-14351}\n[4.14.35-2025.403.4.el7]\n- icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227961] {CVE-2020-25705}\n- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32159055]\n- hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32159975]\n- hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32159975]\n- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176263] {CVE-2020-28915}\n- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176263] {CVE-2020-28915}\n- block: Fix use-after-free in blkdev_get() (Jason Yan) [Orabug: 32194608] {CVE-2020-15436}\n- serial: 8250: fix null-ptr-deref in serial8250_start_tx() (Yang Yingliang) [Orabug: 32194712] {CVE-2020-15437}\n- staging: rts5208: rename SG_END macro (Arnd Bergmann) [Orabug: 32218496]\n- misc: rtsx: rename SG_END macro (Arnd Bergmann) [Orabug: 32218496]\n[4.14.35-2025.403.3.el7]\n- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32005117]\n- lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32005117]\n- lib/scatterlist: Add SG_CHAIN and SG_END macros for LSB encodings (Anshuman Khandual) [Orabug: 32005117]\n- lib/scatterlist: Avoid potential scatterlist entry overflow (Tvrtko Ursulin) [Orabug: 32005117]\n- lib/scatterlist: Fix offset type in sg_alloc_table_from_pages (Tvrtko Ursulin) [Orabug: 32005117]\n- uek-rpm: Don't build emb2 kernel for mips (Dave Kleikamp) [Orabug: 32176889]\n- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187748] {CVE-2020-28974}\n- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32201999]\n- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177548]\n[4.14.35-2025.403.2.el7]\n- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122729] {CVE-2020-25668}\n- vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 32122952] {CVE-2020-25656}\n- vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122952] {CVE-2020-25656}\n- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin()) [Orabug: 32131175] {CVE-2020-25704}\n- perf/core: Fix bad use of igrab() (Song Liu) [Orabug: 32131175] {CVE-2020-25704}\n- IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136898]\n- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136898]\n- IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136898]\n- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136898]\n- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136898]\n- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136898]\n- xen/gntdev: fix up blockable calls to mn_invl_range_start (Michal Hocko) [Orabug: 32139244]\n[4.14.35-2025.403.1.el7]\n- lockdown: By default run in integrity mode. (Konrad Rzeszutek Wilk) [Orabug: 32131561]\n- Revert 'iomap: Fix pipe page leakage during splicing' (George Kennedy) [Orabug: 32136519]\n- kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32138016]\n- Revert 'pci: hardcode enumeration' (Dave Aldridge) [Orabug: 32152249]\n- hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152144]\n- hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152144]\n[4.14.35-2025.403.0.el7]\n- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32138487] {CVE-2020-8694} {CVE-2020-8695}\n- Btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Filipe Manana) [Orabug: 31864726]\n- btrfs: fix return value mixup in btrfs_get_extent (Pavel Machek) [Orabug: 31864726]\n- btrfs: inode: Verify inode mode to avoid NULL pointer dereference (Qu Wenruo) [Orabug: 31864726] {CVE-2019-19816}\n- x86/apic: Get rid of multi CPU affinity (Thomas Gleixner) [Orabug: 31975320]\n- hv_netvsc: Set probe mode to sync (Haiyang Zhang) [Orabug: 32132413]\n- net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113843]\n- perf symbols: Check if we read regular file in dso__load() (Jiri Olsa) [Orabug: 30696035]\n- rds: Restore MR use-once semantics (Hakon Bugge) [Orabug: 31990092] [Orabug: 31990095]\n- rds: Fix incorrect cmsg status and use-after-free (Hakon Bugge) [Orabug: 32003078] [Orabug: 32003081]\n- dm cache: remove all obsolete writethrough-specific code (Mike Snitzer) [Orabug: 32010352]\n- dm cache: pass cache structure to mode functions (Mike Snitzer) [Orabug: 32010352]\n- dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue() (Ming Lei) [Orabug: 32010352]\n- bcache: allocate meta data pages as compound pages (Coly Li) [Orabug: 32010352]\n- md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (ChangSyun Peng) [Orabug: 32010352]\n- bcache: fix super block seq numbers comparision in register_cache_set() (Coly Li) [Orabug: 32010352]\n- md-cluster: fix wild pointer of unlock_all_bitmaps() (Zhao Heming) [Orabug: 32010352]\n- dm: use noio when sending kobject event (Mikulas Patocka) [Orabug: 32010352]\n- dm zoned: assign max_io_len correctly (Hou Tao) [Orabug: 32010352]\n- md: add feature flag MD_FEATURE_RAID0_LAYOUT (NeilBrown) [Orabug: 32010352]\n- dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone (Hannes Reinecke) [Orabug: 32010352]\n- dm mpath: switch paths in dm_blk_ioctl() code path (Martin Wilck) [Orabug: 32010352]\n- dm crypt: avoid truncating the logical block size (Eric Biggers) [Orabug: 32010352]\n- md: don't flush workqueue unconditionally in md_open (Guoqing Jiang) [Orabug: 32010352]\n- x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Thomas Gleixner) [Orabug: 32010658]\n- x86/mce/therm_throt: Do not access uninitialized therm_work (Chuansheng Liu) [Orabug: 32010658]\n- x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Arnd Bergmann) [Orabug: 32010658]\n- x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Srinivas Pandruvada) [Orabug: 32010658]\n- x86/mce/therm_throt: Optimize notifications of thermal throttle (Srinivas Pandruvada) [Orabug: 32010658]\n- jiffies: add utility function to calculate delta in ms (Matteo Croce) [Orabug: 32010658]\n- rds: Force ordering of {set,clear}_bit operating on m_flags (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]\n- rds: Do not send canceled operations to the transport layer (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]\n- Revert 'RDS: Drop the connection as part of cancel to avoid hangs' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]\n- Revert 'rds: fix warning in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]\n- Revert 'rds: Use correct conn when dropping connections due to cancel' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]\n- Revert 'rds: prevent use-after-free of rds conn in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]\n- Revert 'rds: Use bitmap to designate dropped connections' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]\n- Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021288] {CVE-2020-12352}\n- x86/kvm: move kvm_load/put_guest_xcr0 into atomic context (WANG Chao) [Orabug: 32021855]\n- arm64: Corrects warning: ISO C90 forbids mixed declarations and code (John Donnelly) [Orabug: 32040061]\n- hwrng: cavium: Corrects warning: unused variable 'dev_id' (John Donnelly) [Orabug: 32040066]\n- Lock down /proc/kcore (redux!) (Konrad Rzeszutek Wilk) [Orabug: 32053127]\n- lockdown: Lock down perf when in confidentiality mode (David Howells) [Orabug: 32053127]\n- Lock down kprobes (redux!) (Konrad Rzeszutek Wilk) [Orabug: 32053127]\n- debugfs: whitelist spectre mitigation when locked down (Eric Snowberg) [Orabug: 32053127]\n- debugfs: Return -EPERM when locked down (Eric Snowberg) [Orabug: 32053127]\n- debugfs: Restrict debugfs when the kernel is locked down (David Howells) [Orabug: 32053127]\n- lockdown: Add __kernel_is_confidentiality_mode to figure out whether .. (Konrad Rzeszutek Wilk) [Orabug: 32053127]\n- dtrace: Restrict access when the kernel is locked down in confidentiality mode (Konrad Rzeszutek Wilk) [Orabug: 32053127]\n- bpf: Restrict bpf when kernel lockdown is in confidentiality mode (David Howells) [Orabug: 32053127]\n- security: Add a static lockdown policy LSM [diet-version] (Matthew Garrett) [Orabug: 32053127]\n- net/rds: Check for NULL rid_dev_rem_complete (Ka-Cheong Poon) [Orabug: 32058618]\n- scsi: Corrects warning: passing argument 1 of 'wwn_to_u64' mismatch (John Donnelly) [Orabug: 32059622]\n- ipvlan: Corrects warning: label 'unregister_netdev' defined but not used (John Donnelly) [Orabug: 32059740]\n- mm, compaction: raise compaction priority after it withdrawns (Vlastimil Babka) [Orabug: 32065218]\n- mm, reclaim: cleanup should_continue_reclaim() (Vlastimil Babka) [Orabug: 32065218]\n- mm, reclaim: make should_continue_reclaim perform dryrun detection (Hillf Danton) [Orabug: 32065218]\n- KVM: Drop 'const' attribute from old memslot in commit_memory_region() (Sean Christopherson) [Orabug: 32068898]\n- octeontx2-pf: Return proper RSS indirection table size always (Sunil Goutham) [Orabug: 32095651]\n- octeontx2-af: Free RVU REE irq properly (Smadar Fuks) [Orabug: 32095651]\n- octeontx2-af: Free RVU NIX IRQs properly. (Rakesh Babu) [Orabug: 32095651]\n- octeontx2-af: Fix the BPID mask (Subbaraya Sundeep) [Orabug: 32095651]\n- octeontx2-pf: Fix receive buffer size calculation (Sunil Goutham) [Orabug: 32095651]\n- octeontx2-af: Fix updating wrong multicast list index in NIX_RX_ACTION (Naveen Mamindlapalli) [Orabug: 32095651]", "edition": 1, "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "ELSA-2021-9008", "href": "http://linux.oracle.com/errata/ELSA-2021-9008.html", "title": "Unbreakable Enterprise kernel-container security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-12-02T08:46:21", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10135", "CVE-2020-25705", "CVE-2020-27152", "CVE-2020-28915", "CVE-2020-14351", "CVE-2020-0423", "CVE-2020-4788"], "description": "It was discovered that a race condition existed in the binder IPC \nimplementation in the Linux kernel, leading to a use-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2020-0423)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered \nthat legacy pairing and secure-connections pairing authentication in the \nBluetooth protocol could allow an unauthenticated user to complete \nauthentication without pairing credentials via adjacent access. A \nphysically proximate attacker could use this to impersonate a previously \npaired Bluetooth device. (CVE-2020-10135)\n\nIt was discovered that a race condition existed in the perf subsystem of \nthe Linux kernel, leading to a use-after-free vulnerability. An attacker \nwith access to the perf subsystem could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2020-14351)\n\nKeyu Man discovered that the ICMP global rate limiter in the Linux kernel \ncould be used to assist in scanning open UDP ports. A remote attacker could \nuse to facilitate attacks on UDP based services that depend on source port \nrandomization. (CVE-2020-25705)\n\nIt was discovered that the KVM hypervisor in the Linux kernel did not \nproperly handle interrupts in certain situations. A local attacker in a \nguest VM could possibly use this to cause a denial of service (host system \ncrash). (CVE-2020-27152)\n\nIt was discovered that the framebuffer implementation in the Linux kernel \ndid not properly perform range checks in certain situations. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2020-28915)\n\nIt was discovered that Power 9 processors could be coerced to expose \ninformation from the L1 cache in certain situations. A local attacker could \nuse this to expose sensitive information. (CVE-2020-4788)", "edition": 1, "modified": "2020-12-02T00:00:00", "published": "2020-12-02T00:00:00", "id": "USN-4659-1", "href": "https://ubuntu.com/security/notices/USN-4659-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-14T04:48:44", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10135", "CVE-2020-25705", "CVE-2020-27152", "CVE-2020-28915", "CVE-2020-14351", "CVE-2020-0423", "CVE-2020-4788"], "description": "USN-4659-1 fixed vulnerabilities in the Linux kernel. Unfortunately, \nthat update introduced a regression in the software raid10 driver \nwhen used with fstrim that could lead to data corruption. This update \nfixes the problem.\n\nOriginal advisory details:\n\nIt was discovered that a race condition existed in the binder IPC \nimplementation in the Linux kernel, leading to a use-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2020-0423)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered \nthat legacy pairing and secure-connections pairing authentication in the \nBluetooth protocol could allow an unauthenticated user to complete \nauthentication without pairing credentials via adjacent access. A \nphysically proximate attacker could use this to impersonate a previously \npaired Bluetooth device. (CVE-2020-10135)\n\nIt was discovered that a race condition existed in the perf subsystem of \nthe Linux kernel, leading to a use-after-free vulnerability. An attacker \nwith access to the perf subsystem could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2020-14351)\n\nKeyu Man discovered that the ICMP global rate limiter in the Linux kernel \ncould be used to assist in scanning open UDP ports. A remote attacker could \nuse to facilitate attacks on UDP based services that depend on source port \nrandomization. (CVE-2020-25705)\n\nIt was discovered that the KVM hypervisor in the Linux kernel did not \nproperly handle interrupts in certain situations. A local attacker in a \nguest VM could possibly use this to cause a denial of service (host system \ncrash). (CVE-2020-27152)\n\nIt was discovered that the framebuffer implementation in the Linux kernel \ndid not properly perform range checks in certain situations. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2020-28915)\n\nIt was discovered that Power 9 processors could be coerced to expose \ninformation from the L1 cache in certain situations. A local attacker could \nuse this to expose sensitive information. (CVE-2020-4788)", "edition": 1, "modified": "2020-12-13T00:00:00", "published": "2020-12-13T00:00:00", "id": "USN-4659-2", "href": "https://ubuntu.com/security/notices/USN-4659-2", "title": "Linux kernel regression", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-14T04:47:37", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25645", "CVE-2020-25641", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25211", "CVE-2020-28915", "CVE-2020-25284", "CVE-2020-14390", "CVE-2020-14351", "CVE-2020-4788"], "description": "USN-4660-1 fixed vulnerabilities in the Linux kernel. Unfortunately, \nthat update introduced a regression in the software raid10 driver \nwhen used with fstrim that could lead to data corruption. This update \nfixes the problem.\n\nOriginal advisory details:\n\nIt was discovered that a race condition existed in the perf subsystem of \nthe Linux kernel, leading to a use-after-free vulnerability. An attacker \nwith access to the perf subsystem could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2020-14351)\n\nIt was discovered that the frame buffer implementation in the Linux kernel \ndid not properly handle some edge cases in software scrollback. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2020-14390)\n\nIt was discovered that the netfilter connection tracker for netlink in the \nLinux kernel did not properly perform bounds checking in some situations. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2020-25211)\n\nIt was discovered that the Rados block device (rbd) driver in the Linux \nkernel did not properly perform privilege checks for access to rbd devices \nin some situations. A local attacker could use this to map or unmap rbd \nblock devices. (CVE-2020-25284)\n\nIt was discovered that a race condition existed in the hugetlb sysctl \nimplementation in the Linux kernel. A privileged attacker could use this to \ncause a denial of service (system crash). (CVE-2020-25285)\n\nIt was discovered that the block layer subsystem in the Linux kernel did \nnot properly handle zero-length requests. A local attacker could use this \nto cause a denial of service. (CVE-2020-25641)\n\nIt was discovered that the HDLC PPP implementation in the Linux kernel did \nnot properly validate input in some situations. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2020-25643)\n\nIt was discovered that the GENEVE tunnel implementation in the Linux kernel \nwhen combined with IPSec did not properly select IP routes in some \nsituations. An attacker could use this to expose sensitive information \n(unencrypted network traffic). (CVE-2020-25645)\n\nIt was discovered that the framebuffer implementation in the Linux kernel \ndid not properly perform range checks in certain situations. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2020-28915)\n\nIt was discovered that Power 9 processors could be coerced to expose \ninformation from the L1 cache in certain situations. A local attacker could \nuse this to expose sensitive information. (CVE-2020-4788)", "edition": 1, "modified": "2020-12-13T00:00:00", "published": "2020-12-13T00:00:00", "id": "USN-4660-2", "href": "https://ubuntu.com/security/notices/USN-4660-2", "title": "Linux kernel regression", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2020-12-03T06:41:38", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25645", "CVE-2020-25641", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25211", "CVE-2020-28915", "CVE-2020-25284", "CVE-2020-14390", "CVE-2020-14351", "CVE-2020-4788"], "description": "It was discovered that a race condition existed in the perf subsystem of \nthe Linux kernel, leading to a use-after-free vulnerability. An attacker \nwith access to the perf subsystem could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2020-14351)\n\nIt was discovered that the frame buffer implementation in the Linux kernel \ndid not properly handle some edge cases in software scrollback. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2020-14390)\n\nIt was discovered that the netfilter connection tracker for netlink in the \nLinux kernel did not properly perform bounds checking in some situations. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2020-25211)\n\nIt was discovered that the Rados block device (rbd) driver in the Linux \nkernel did not properly perform privilege checks for access to rbd devices \nin some situations. A local attacker could use this to map or unmap rbd \nblock devices. (CVE-2020-25284)\n\nIt was discovered that a race condition existed in the hugetlb sysctl \nimplementation in the Linux kernel. A privileged attacker could use this to \ncause a denial of service (system crash). (CVE-2020-25285)\n\nIt was discovered that the block layer subsystem in the Linux kernel did \nnot properly handle zero-length requests. A local attacker could use this \nto cause a denial of service. (CVE-2020-25641)\n\nIt was discovered that the HDLC PPP implementation in the Linux kernel did \nnot properly validate input in some situations. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2020-25643)\n\nIt was discovered that the GENEVE tunnel implementation in the Linux kernel \nwhen combined with IPSec did not properly select IP routes in some \nsituations. An attacker could use this to expose sensitive information \n(unencrypted network traffic). (CVE-2020-25645)\n\nIt was discovered that the framebuffer implementation in the Linux kernel \ndid not properly perform range checks in certain situations. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2020-28915)\n\nIt was discovered that Power 9 processors could be coerced to expose \ninformation from the L1 cache in certain situations. A local attacker could \nuse this to expose sensitive information. (CVE-2020-4788)", "edition": 1, "modified": "2020-12-03T00:00:00", "published": "2020-12-03T00:00:00", "id": "USN-4660-1", "href": "https://ubuntu.com/security/notices/USN-4660-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2020-12-04T02:53:23", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10135", "CVE-2020-25645", "CVE-2020-25705", "CVE-2020-25643", "CVE-2020-25211", "CVE-2020-28915", "CVE-2020-25284", "CVE-2020-14390", "CVE-2020-14351", "CVE-2020-0423", "CVE-2020-4788"], "description": "It was discovered that a race condition existed in the binder IPC \nimplementation in the Linux kernel, leading to a use-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2020-0423)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered \nthat legacy pairing and secure-connections pairing authentication in the \nBluetooth protocol could allow an unauthenticated user to complete \nauthentication without pairing credentials via adjacent access. A \nphysically proximate attacker could use this to impersonate a previously \npaired Bluetooth device. (CVE-2020-10135)\n\nIt was discovered that a race condition existed in the perf subsystem of \nthe Linux kernel, leading to a use-after-free vulnerability. An attacker \nwith access to the perf subsystem could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2020-14351)\n\nIt was discovered that the frame buffer implementation in the Linux kernel \ndid not properly handle some edge cases in software scrollback. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2020-14390)\n\nIt was discovered that the netfilter connection tracker for netlink in the \nLinux kernel did not properly perform bounds checking in some situations. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2020-25211)\n\nIt was discovered that the Rados block device (rbd) driver in the Linux \nkernel did not properly perform privilege checks for access to rbd devices \nin some situations. A local attacker could use this to map or unmap rbd \nblock devices. (CVE-2020-25284)\n\nIt was discovered that the HDLC PPP implementation in the Linux kernel did \nnot properly validate input in some situations. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2020-25643)\n\nIt was discovered that the GENEVE tunnel implementation in the Linux kernel \nwhen combined with IPSec did not properly select IP routes in some \nsituations. An attacker could use this to expose sensitive information \n(unencrypted network traffic). (CVE-2020-25645)\n\nKeyu Man discovered that the ICMP global rate limiter in the Linux kernel \ncould be used to assist in scanning open UDP ports. A remote attacker could \nuse to facilitate attacks on UDP based services that depend on source port \nrandomization. (CVE-2020-25705)\n\nIt was discovered that the framebuffer implementation in the Linux kernel \ndid not properly perform range checks in certain situations. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2020-28915)\n\nIt was discovered that Power 9 processors could be coerced to expose \ninformation from the L1 cache in certain situations. A local attacker could \nuse this to expose sensitive information. (CVE-2020-4788)", "edition": 2, "modified": "2020-12-03T00:00:00", "published": "2020-12-03T00:00:00", "id": "USN-4658-1", "href": "https://ubuntu.com/security/notices/USN-4658-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2020-12-14T04:46:16", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10135", "CVE-2020-25645", "CVE-2020-25705", "CVE-2020-25643", "CVE-2020-25211", "CVE-2020-28915", "CVE-2020-25284", "CVE-2020-14390", "CVE-2020-14351", "CVE-2020-0423", "CVE-2020-4788"], "description": "USN-4658-1 fixed vulnerabilities in the Linux kernel. Unfortunately, \nthat update introduced a regression in the software raid10 driver \nwhen used with fstrim that could lead to data corruption. This update \nfixes the problem.\n\nOriginal advisory details:\n\nIt was discovered that a race condition existed in the binder IPC \nimplementation in the Linux kernel, leading to a use-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2020-0423)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered \nthat legacy pairing and secure-connections pairing authentication in the \nBluetooth protocol could allow an unauthenticated user to complete \nauthentication without pairing credentials via adjacent access. A \nphysically proximate attacker could use this to impersonate a previously \npaired Bluetooth device. (CVE-2020-10135)\n\nIt was discovered that a race condition existed in the perf subsystem of \nthe Linux kernel, leading to a use-after-free vulnerability. An attacker \nwith access to the perf subsystem could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2020-14351)\n\nIt was discovered that the frame buffer implementation in the Linux kernel \ndid not properly handle some edge cases in software scrollback. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2020-14390)\n\nIt was discovered that the netfilter connection tracker for netlink in the \nLinux kernel did not properly perform bounds checking in some situations. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2020-25211)\n\nIt was discovered that the Rados block device (rbd) driver in the Linux \nkernel did not properly perform privilege checks for access to rbd devices \nin some situations. A local attacker could use this to map or unmap rbd \nblock devices. (CVE-2020-25284)\n\nIt was discovered that the HDLC PPP implementation in the Linux kernel did \nnot properly validate input in some situations. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2020-25643)\n\nIt was discovered that the GENEVE tunnel implementation in the Linux kernel \nwhen combined with IPSec did not properly select IP routes in some \nsituations. An attacker could use this to expose sensitive information \n(unencrypted network traffic). (CVE-2020-25645)\n\nKeyu Man discovered that the ICMP global rate limiter in the Linux kernel \ncould be used to assist in scanning open UDP ports. A remote attacker could \nuse to facilitate attacks on UDP based services that depend on source port \nrandomization. (CVE-2020-25705)\n\nIt was discovered that the framebuffer implementation in the Linux kernel \ndid not properly perform range checks in certain situations. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2020-28915)\n\nIt was discovered that Power 9 processors could be coerced to expose \ninformation from the L1 cache in certain situations. A local attacker could \nuse this to expose sensitive information. (CVE-2020-4788)", "edition": 1, "modified": "2020-12-13T00:00:00", "published": "2020-12-13T00:00:00", "id": "USN-4658-2", "href": "https://ubuntu.com/security/notices/USN-4658-2", "title": "Linux kernel regression", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2020-12-02T08:38:47", "bulletinFamily": "unix", "cvelist": ["CVE-2020-10135", "CVE-2020-25645", "CVE-2020-25705", "CVE-2020-25643", "CVE-2020-25211", "CVE-2020-28915", "CVE-2020-25284", "CVE-2020-0427", "CVE-2020-14390", "CVE-2020-14351", "CVE-2020-12352", "CVE-2020-4788"], "description": "Elena Petrova discovered that the pin controller device tree implementation \nin the Linux kernel did not properly handle string references. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2020-0427)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered \nthat legacy pairing and secure-connections pairing authentication in the \nBluetooth protocol could allow an unauthenticated user to complete \nauthentication without pairing credentials via adjacent access. A \nphysically proximate attacker could use this to impersonate a previously \npaired Bluetooth device. (CVE-2020-10135)\n\nAndy Nguyen discovered that the Bluetooth A2MP implementation in the Linux \nkernel did not properly initialize memory in some situations. A physically \nproximate remote attacker could use this to expose sensitive information \n(kernel memory). (CVE-2020-12352)\n\nIt was discovered that a race condition existed in the perf subsystem of \nthe Linux kernel, leading to a use-after-free vulnerability. An attacker \nwith access to the perf subsystem could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2020-14351)\n\nIt was discovered that the frame buffer implementation in the Linux kernel \ndid not properly handle some edge cases in software scrollback. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2020-14390)\n\nIt was discovered that the netfilter connection tracker for netlink in the \nLinux kernel did not properly perform bounds checking in some situations. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2020-25211)\n\nIt was discovered that the Rados block device (rbd) driver in the Linux \nkernel did not properly perform privilege checks for access to rbd devices \nin some situations. A local attacker could use this to map or unmap rbd \nblock devices. (CVE-2020-25284)\n\nIt was discovered that the HDLC PPP implementation in the Linux kernel did \nnot properly validate input in some situations. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2020-25643)\n\nIt was discovered that the GENEVE tunnel implementation in the Linux kernel \nwhen combined with IPSec did not properly select IP routes in some \nsituations. An attacker could use this to expose sensitive information \n(unencrypted network traffic). (CVE-2020-25645)\n\nKeyu Man discovered that the ICMP global rate limiter in the Linux kernel \ncould be used to assist in scanning open UDP ports. A remote attacker could \nuse to facilitate attacks on UDP based services that depend on source port \nrandomization. (CVE-2020-25705)\n\nIt was discovered that the framebuffer implementation in the Linux kernel \ndid not properly perform range checks in certain situations. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2020-28915)\n\nIt was discovered that Power 9 processors could be coerced to expose \ninformation from the L1 cache in certain situations. A local attacker could \nuse this to expose sensitive information. (CVE-2020-4788)", "edition": 1, "modified": "2020-12-02T00:00:00", "published": "2020-12-02T00:00:00", "id": "USN-4657-1", "href": "https://ubuntu.com/security/notices/USN-4657-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}], "cloudfoundry": [{"lastseen": "2021-02-11T05:28:37", "bulletinFamily": "software", "cvelist": ["CVE-2020-25645", "CVE-2020-25641", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25211", "CVE-2020-28915", "CVE-2020-25284", "CVE-2020-14390", "CVE-2020-14351", "CVE-2020-4788"], "description": "## Severity\n\nUnknown\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n\n## Description\n\nUSN-4660-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This update fixes the problem.\n\nOriginal advisory details:\n\nIt was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14351)\n\nIt was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14390)\n\nIt was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25211)\n\nIt was discovered that the Rados block device (rbd) driver in the Linux kernel did not properly perform privilege checks for access to rbd devices in some situations. A local attacker could use this to map or unmap rbd block devices. (CVE-2020-25284)\n\nIt was discovered that a race condition existed in the hugetlb sysctl implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-25285)\n\nIt was discovered that the block layer subsystem in the Linux kernel did not properly handle zero-length requests. A local attacker could use this to cause a denial of service. (CVE-2020-25641)\n\nIt was discovered that the HDLC PPP implementation in the Linux kernel did not properly validate input in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25643)\n\nIt was discovered that the GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not properly select IP routes in some situations. An attacker could use this to expose sensitive information (unencrypted network traffic). (CVE-2020-25645)\n\nIt was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28915)\n\nIt was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. (CVE-2020-4788)\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is unknown unless otherwise noted._\n\n * Xenial Stemcells \n * 315.x versions prior to 315.204\n * 456.x versions prior to 456.131\n * 621.x versions prior to 621.95\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Xenial Stemcells \n * Upgrade 315.x versions to 315.204 or greater\n * Upgrade 456.x versions to 456.131 or greater\n * Upgrade 621.x versions to 621.95 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4660-2/>)\n\n## History\n\n2021-02-10: Initial vulnerability report published.\n", "edition": 1, "modified": "2021-02-10T00:00:00", "published": "2021-02-10T00:00:00", "id": "CFOUNDRY:8CFF4A0AF748B0C857C01324EB35B6D4", "href": "https://www.cloudfoundry.org/blog/usn-4660-2/", "title": "USN-4660-2: Linux kernel regression | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2021-01-13T05:39:38", "bulletinFamily": "software", "cvelist": ["CVE-2020-25645", "CVE-2020-25641", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25211", "CVE-2020-28915", "CVE-2020-25284", "CVE-2020-14390", "CVE-2020-14351", "CVE-2020-4788"], "description": "## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n\n## Description\n\nIt was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14351)\n\nIt was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-14390)\n\nIt was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25211)\n\nIt was discovered that the Rados block device (rbd) driver in the Linux kernel did not properly perform privilege checks for access to rbd devices in some situations. A local attacker could use this to map or unmap rbd block devices. (CVE-2020-25284)\n\nIt was discovered that a race condition existed in the hugetlb sysctl implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2020-25285)\n\nIt was discovered that the block layer subsystem in the Linux kernel did not properly handle zero-length requests. A local attacker could use this to cause a denial of service. (CVE-2020-25641)\n\nIt was discovered that the HDLC PPP implementation in the Linux kernel did not properly validate input in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25643)\n\nIt was discovered that the GENEVE tunnel implementation in the Linux kernel when combined with IPSec did not properly select IP routes in some situations. An attacker could use this to expose sensitive information (unencrypted network traffic). (CVE-2020-25645)\n\nIt was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28915)\n\nIt was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. (CVE-2020-4788)\n\nCVEs contained in this USN include: CVE-2020-25285, CVE-2020-25641, CVE-2020-28915, CVE-2020-4788, CVE-2020-14351, CVE-2020-25284, CVE-2020-25211, CVE-2020-25645, CVE-2020-25643, CVE-2020-14390.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Xenial Stemcells \n * 315.x versions prior to 315.203\n * 456.x versions prior to 456.130\n * 621.x versions prior to 621.94\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Xenial Stemcells \n * Upgrade 315.x versions to 315.203 or greater\n * Upgrade 456.x versions to 456.130 or greater\n * Upgrade 621.x versions to 621.94 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4660-1/>)\n * [CVE-2020-25285](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25285>)\n * [CVE-2020-25641](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25641>)\n * [CVE-2020-28915](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28915>)\n * [CVE-2020-4788](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-4788>)\n * [CVE-2020-14351](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14351>)\n * [CVE-2020-25284](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25284>)\n * [CVE-2020-25211](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25211>)\n * [CVE-2020-25645](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25645>)\n * [CVE-2020-25643](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-25643>)\n * [CVE-2020-14390](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-14390>)\n\n## History\n\n2021-01-13: Initial vulnerability report published.\n", "edition": 1, "modified": "2021-01-12T00:00:00", "published": "2021-01-12T00:00:00", "id": "CFOUNDRY:3B00E04C67EFB83F5D044A76DD92B52C", "href": "https://www.cloudfoundry.org/blog/usn-4660-1/", "title": "USN-4660-1: Linux kernel vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}], "debian": [{"lastseen": "2021-02-02T13:14:02", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25645", "CVE-2020-25705", "CVE-2020-27675", "CVE-2020-25669", "CVE-2020-0427", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2494-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Ben Hutchings\nDecember 18, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : linux\nVersion : 4.9.246-2\nCVE ID : CVE-2020-0427 CVE-2020-8694 CVE-2020-14351 CVE-2020-25645 \n CVE-2020-25656 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 \n CVE-2020-25705 CVE-2020-27673 CVE-2020-27675 CVE-2020-28974\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service or information leaks.\n\nCVE-2020-0427\n\n Elena Petrova reported a bug in the pinctrl subsystem that can\n lead to a use-after-free after a device is renamed. The security\n impact of this is unclear.\n\nCVE-2020-8694\n\n Multiple researchers discovered that the powercap subsystem\n allowed all users to read CPU energy meters, by default. On\n systems using Intel CPUs, this provided a side channel that could\n leak sensitive information between user processes, or from the\n kernel to user processes. The energy meters are now readable only\n by root, by default.\n\n This issue can be mitigated by running:\n\n chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj\n\n This needs to be repeated each time the system is booted with\n an unfixed kernel version.\n\nCVE-2020-14351\n\n A race condition was discovered in the performance events\n subsystem, which could lead to a use-after-free. A local user\n permitted to access performance events could use this to cause a\n denial of service (crash or memory corruption) or possibly for\n privilege escalation.\n\n Debian's kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n\nCVE-2020-25645\n\n A flaw was discovered in the interface driver for GENEVE\n encapsulated traffic when combined with IPsec. If IPsec is\n configured to encrypt traffic for the specific UDP port used by the\n GENEVE tunnel, tunneled data isn't correctly routed over the\n encrypted link and sent unencrypted instead.\n\nCVE-2020-25656\n\n Yuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with the CAP_SYS_TTY_CONFIG capability could use this\n to cause a denial of service (crash or memory corruption) or\n possibly for privilege escalation.\n\nCVE-2020-25668\n\n Yuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with access to a virtual terminal, or with the\n CAP_SYS_TTY_CONFIG capability, could use this to cause a denial of\n service (crash or memory corruption) or possibly for privilege\n escalation.\n\nCVE-2020-25669\n\n Bodong Zhao discovered a bug in the Sun keyboard driver (sunkbd)\n that could lead to a use-after-free. On a system using this\n driver, a local user could use this to cause a denial of service\n (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-25704\n\n kiyin(\u5c39\u4eae) discovered a potential memory leak in the performance\n events subsystem. A local user permitted to access performance\n events could use this to cause a denial of service (memory\n exhaustion).\n\n Debian's kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n\nCVE-2020-25705\n\n Keyu Man reported that strict rate-limiting of ICMP packet\n transmission provided a side-channel that could help networked\n attackers to carry out packet spoofing. In particular, this made\n it practical for off-path networked attackers to "poison" DNS\n caches with spoofed responses ("SAD DNS" attack).\n\n This issue has been mitigated by randomising whether packets are\n counted against the rate limit.\n\nCVE-2020-27673 / XSA-332\n\n Julien Grall from Arm discovered a bug in the Xen event handling\n code. Where Linux was used in a Xen dom0, unprivileged (domU)\n guests could cause a denial of service (excessive CPU usage or\n hang) in dom0.\n\nCVE-2020-27675 / XSA-331\n\n Jinoh Kang of Theori discovered a race condition in the Xen event\n handling code. Where Linux was used in a Xen dom0, unprivileged\n (domU) guests could cause a denial of service (crash) in dom0.\n\nCVE-2020-28974\n\n Yuan Ming discovered a bug in the virtual terminal (vt) driver\n that could lead to an out-of-bounds read. A local user with\n access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG\n capability, could possibly use this to obtain sensitive\n information from the kernel or to cause a denial of service\n (crash).\n\n The specific ioctl operation affected by this bug\n (KD_FONT_OP_COPY) has been disabled, as it is not believed that\n any programs depended on it.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.246-2.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams\n", "edition": 3, "modified": "2020-12-18T12:14:21", "published": "2020-12-18T12:14:21", "id": "DEBIAN:DLA-2494-1:12C95", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202012/msg00027.html", "title": "[SECURITY] [DLA 2494-1] linux security update", "type": "debian", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-02-13T01:18:47", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25705", "CVE-2019-19770", "CVE-2020-27675", "CVE-2019-19816", "CVE-2019-19039", "CVE-2020-25669", "CVE-2020-28941", "CVE-2019-19377", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-0423", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2483-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Ben Hutchings\nDecember 05, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : linux-4.19\nVersion : 4.19.160-2~deb9u1\nCVE ID : CVE-2019-19039 CVE-2019-19377 CVE-2019-19770 CVE-2019-19816\n CVE-2020-0423 CVE-2020-8694 CVE-2020-14351 CVE-2020-25656\n CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25705\n CVE-2020-27673 CVE-2020-27675 CVE-2020-28941 CVE-2020-28974\nDebian Bug : 949863 968623 971058\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service or information leaks.\n\nCVE-2019-19039\n\n "Team bobfuzzer" reported a bug in Btrfs that could lead to an\n assertion failure (WARN). A user permitted to mount and access\n arbitrary filesystems could use this to cause a denial of service\n (crash) if the panic_on_warn kernel parameter is set.\n\nCVE-2019-19377\n\n "Team bobfuzzer" reported a bug in Btrfs that could lead to a\n use-after-free. A user permitted to mount and access arbitrary\n filesystems could use this to cause a denial of service (crash or\n memory corruption) or possibly for privilege escalation.\n\nCVE-2019-19770\n\n The syzbot tool discovered a race condition in the block I/O\n tracer (blktrace) that could lead to a system crash. Since\n blktrace can only be controlled by privileged users, the security\n impact of this is unclear.\n\nCVE-2019-19816\n\n "Team bobfuzzer" reported a bug in Btrfs that could lead to an\n out-of-bounds write. A user permitted to mount and access\n arbitrary filesystems could use this to cause a denial of service\n (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-0423\n\n A race condition was discovered in the Android binder driver, that\n could result in a use-after-free. On systems using this driver, a\n local user could use this to cause a denial of service (crash or\n memory corruption) or possibly for privilege escalation.\n\nCVE-2020-8694\n\n Multiple researchers discovered that the powercap subsystem\n allowed all users to read CPU energy meters, by default. On\n systems using Intel CPUs, this provided a side channel that could\n leak sensitive information between user processes, or from the\n kernel to user processes. The energy meters are now readable only\n by root, by default.\n\n This issue can be mitigated by running:\n\n chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj\n\n This needs to be repeated each time the system is booted with\n an unfixed kernel version.\n\nCVE-2020-14351\n\n A race condition was discovered in the performance events\n subsystem, which could lead to a use-after-free. A local user\n permitted to access performance events could use this to cause a\n denial of service (crash or memory corruption) or possibly for\n privilege escalation.\n\n Debian's kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n\nCVE-2020-25656\n\n Yuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with the CAP_SYS_TTY_CONFIG capability could use this\n to cause a denial of service (crash or memory corruption) or\n possibly for privilege escalation.\n\nCVE-2020-25668\n\n Yuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with access to a virtual terminal, or with the\n CAP_SYS_TTY_CONFIG capability, could use this to cause a denial of\n service (crash or memory corruption) or possibly for privilege\n escalation.\n\nCVE-2020-25669\n\n Bodong Zhao discovered a bug in the Sun keyboard driver (sunkbd)\n that could lead to a use-after-free. On a system using this\n driver, a local user could use this to cause a denial of service\n (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-25704\n\n kiyin(\u5c39\u4eae) discovered a potential memory leak in the performance\n events subsystem. A local user permitted to access performance\n events could use this to cause a denial of service (memory\n exhaustion).\n\n Debian's kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n\nCVE-2020-25705\n\n Keyu Man reported that strict rate-limiting of ICMP packet\n transmission provided a side-channel that could help networked\n attackers to carry out packet spoofing. In particular, this made\n it practical for off-path networked attackers to "poison" DNS\n caches with spoofed responses ("SAD DNS" attack).\n\n This issue has been mitigated by randomising whether packets are\n counted against the rate limit.\n\nCVE-2020-27673 / XSA-332\n\n Julien Grall from Arm discovered a bug in the Xen event handling\n code. Where Linux was used in a Xen dom0, unprivileged (domU)\n guests could cause a denial of service (excessive CPU usage or\n hang) in dom0.\n\nCVE-2020-27675 / XSA-331\n\n Jinoh Kang of Theori discovered a race condition in the Xen event\n handling code. Where Linux was used in a Xen dom0, unprivileged\n (domU) guests could cause a denial of service (crash) in dom0.\n\nCVE-2020-28941\n\n Shisong Qin and Bodong Zhao discovered a bug in the Speakup screen\n reader subsystem. Speakup assumed that it would only be bound to\n one terminal (tty) device at a time, but did not enforce this. A\n local user could exploit this bug to cause a denial of service\n (crash or memory exhaustion).\n\nCVE-2020-28974\n\n Yuan Ming discovered a bug in the virtual terminal (vt) driver\n that could lead to an out-of-bounds read. A local user with\n access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG\n capability, could possibly use this to obtain sensitive\n information from the kernel or to cause a denial of service\n (crash).\n\n The specific ioctl operation affected by this bug\n (KD_FONT_OP_COPY) has been disabled, as it is not believed that\n any programs depended on it.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.160-2~deb9u1.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams\n", "edition": 3, "modified": "2020-12-10T11:55:59", "published": "2020-12-10T11:55:59", "id": "DEBIAN:DLA-2483-1:37DA1", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202012/msg00015.html", "title": "[SECURITY] [DLA 2483-1] linux-4.19 security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2021-01-15T01:28:26", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19770", "CVE-2020-27675", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-28941", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "**Issue Overview:**\n\nA use-after-free flaw was found in the debugfs_remove function in the Linux kernel. The flaw could allow a local attacker with special user (or root) privilege to crash the system at the time of file or directory removal. This vulnerability can lead to a kernel information leak. The highest threat from this vulnerability is to system availability. ([CVE-2019-19770 __](<https://access.redhat.com/security/cve/CVE-2019-19770>))\n\nA flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ([CVE-2020-14351 __](<https://access.redhat.com/security/cve/CVE-2020-14351>))\n\nA flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. ([CVE-2020-25656 __](<https://access.redhat.com/security/cve/CVE-2020-25656>))\n\nA flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. ([CVE-2020-25668 __](<https://access.redhat.com/security/cve/CVE-2020-25668>))\n\nThe function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. \nThough the dangling pointer is set to NULL in sunkbd_disconnect, there is still a alias in sunkbd_reinit so that causing Use After Free. ([CVE-2020-25669 __](<https://access.redhat.com/security/cve/CVE-2020-25669>))\n\nA flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. ([CVE-2020-25704 __](<https://access.redhat.com/security/cve/CVE-2020-25704>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. ([CVE-2020-27673 __](<https://access.redhat.com/security/cve/CVE-2020-27673>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. ([CVE-2020-27675 __](<https://access.redhat.com/security/cve/CVE-2020-27675>))\n\nA flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. ([CVE-2020-27777 __](<https://access.redhat.com/security/cve/CVE-2020-27777>))\n\nAn issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. ([CVE-2020-28941 __](<https://access.redhat.com/security/cve/CVE-2020-28941>))\n\nAn out-of-bounds (OOB) SLAB memory access flaw was found in the Linux kernel's fbcon driver module. A bounds check failure allows a local attacker with special user privileges to gain access to out-of-bounds memory, leading to a system crash or leaking of internal kernel information. The highest threat from this vulnerability is to system availability. ([CVE-2020-28974 __](<https://access.redhat.com/security/cve/CVE-2020-28974>))\n\nA flaw was found in the Linux kernel's implementation of Intel's Running Average Power Limit (RAPL) implementation. A local attacker could infer secrets by measuring power usage and also infer private data by observing the power usage of calculations performed on the data. ([CVE-2020-8694 __](<https://access.redhat.com/security/cve/CVE-2020-8694>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-debuginfo-common-i686-4.14.209-117.337.amzn1.i686 \n kernel-tools-devel-4.14.209-117.337.amzn1.i686 \n kernel-headers-4.14.209-117.337.amzn1.i686 \n kernel-tools-4.14.209-117.337.amzn1.i686 \n perf-4.14.209-117.337.amzn1.i686 \n kernel-devel-4.14.209-117.337.amzn1.i686 \n kernel-tools-debuginfo-4.14.209-117.337.amzn1.i686 \n kernel-debuginfo-4.14.209-117.337.amzn1.i686 \n perf-debuginfo-4.14.209-117.337.amzn1.i686 \n kernel-4.14.209-117.337.amzn1.i686 \n \n src: \n kernel-4.14.209-117.337.amzn1.src \n \n x86_64: \n kernel-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-devel-4.14.209-117.337.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.14.209-117.337.amzn1.x86_64 \n kernel-debuginfo-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-4.14.209-117.337.amzn1.x86_64 \n kernel-headers-4.14.209-117.337.amzn1.x86_64 \n perf-debuginfo-4.14.209-117.337.amzn1.x86_64 \n kernel-devel-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-debuginfo-4.14.209-117.337.amzn1.x86_64 \n perf-4.14.209-117.337.amzn1.x86_64 \n \n \n", "edition": 1, "modified": "2021-01-12T22:51:00", "published": "2021-01-12T22:51:00", "id": "ALAS-2021-1461", "href": "https://alas.aws.amazon.com/ALAS-2021-1461.html", "title": "Medium: kernel", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-19T03:32:38", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19770", "CVE-2020-27675", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-28941", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "**Issue Overview:**\n\nA use-after-free flaw was found in the debugfs_remove function in the Linux kernel. The flaw could allow a local attacker with special user (or root) privilege to crash the system at the time of file or directory removal. This vulnerability can lead to a kernel information leak. The highest threat from this vulnerability is to system availability. ([CVE-2019-19770 __](<https://access.redhat.com/security/cve/CVE-2019-19770>))\n\nA flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ([CVE-2020-14351 __](<https://access.redhat.com/security/cve/CVE-2020-14351>))\n\nA flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. ([CVE-2020-25656 __](<https://access.redhat.com/security/cve/CVE-2020-25656>))\n\nA flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. ([CVE-2020-25668 __](<https://access.redhat.com/security/cve/CVE-2020-25668>))\n\nThe function sunkbd_reinit having been scheduled by sunkbd_interrupt before the struct sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit thus causing UAF. ([CVE-2020-25669 __](<https://access.redhat.com/security/cve/CVE-2020-25669>))\n\nA flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. ([CVE-2020-25704 __](<https://access.redhat.com/security/cve/CVE-2020-25704>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. ([CVE-2020-27673 __](<https://access.redhat.com/security/cve/CVE-2020-27673>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. ([CVE-2020-27675 __](<https://access.redhat.com/security/cve/CVE-2020-27675>))\n\nThe Linux kernel for powerpc has an issue with the Run-Time Abstraction Services (RTAS) interface, allowing root (or CAP_SYS_ADMIN users) in a VM to overwrite some parts of memory, including kernel memory. ([CVE-2020-27777 __](<https://access.redhat.com/security/cve/CVE-2020-27777>))\n\nAn issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. ([CVE-2020-28941 __](<https://access.redhat.com/security/cve/CVE-2020-28941>))\n\nAn out-of-bounds (OOB) SLAB memory access flaw was found in the Linux kernel's fbcon driver module. A bounds check failure allows a local attacker with special user privileges to gain access to out-of-bounds memory, leading to a system crash or leaking of internal kernel information. The highest threat from this vulnerability is to system availability. ([CVE-2020-28974 __](<https://access.redhat.com/security/cve/CVE-2020-28974>))\n\nA slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. ([CVE-2020-28974 __](<https://access.redhat.com/security/cve/CVE-2020-28974>))\n\nA flaw was found in the Linux kernel's implementation of Intel's Running Average Power Limit (RAPL) implementation. A local attacker could infer secrets by measuring power usage and also infer private data by observing the power usage of calculations performed on the data. ([CVE-2020-8694 __](<https://access.redhat.com/security/cve/CVE-2020-8694>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-debuginfo-common-i686-4.14.209-117.337.amzn1.i686 \n kernel-tools-devel-4.14.209-117.337.amzn1.i686 \n kernel-headers-4.14.209-117.337.amzn1.i686 \n kernel-tools-4.14.209-117.337.amzn1.i686 \n perf-4.14.209-117.337.amzn1.i686 \n kernel-devel-4.14.209-117.337.amzn1.i686 \n kernel-tools-debuginfo-4.14.209-117.337.amzn1.i686 \n kernel-debuginfo-4.14.209-117.337.amzn1.i686 \n perf-debuginfo-4.14.209-117.337.amzn1.i686 \n kernel-4.14.209-117.337.amzn1.i686 \n \n src: \n kernel-4.14.209-117.337.amzn1.src \n \n x86_64: \n kernel-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-devel-4.14.209-117.337.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.14.209-117.337.amzn1.x86_64 \n kernel-debuginfo-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-4.14.209-117.337.amzn1.x86_64 \n kernel-headers-4.14.209-117.337.amzn1.x86_64 \n perf-debuginfo-4.14.209-117.337.amzn1.x86_64 \n kernel-devel-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-debuginfo-4.14.209-117.337.amzn1.x86_64 \n perf-4.14.209-117.337.amzn1.x86_64 \n \n \n", "edition": 1, "modified": "2020-12-16T20:31:00", "published": "2020-12-16T20:31:00", "id": "ALAS-2020-1462", "href": "https://alas.aws.amazon.com/ALAS-2020-1462.html", "title": "Medium: kernel", "type": "amazon", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-12-23T15:22:29", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19770", "CVE-2020-27675", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-28941", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "**Issue Overview:**\n\nA use-after-free flaw was found in the debugfs_remove function in the Linux kernel. The flaw could allow a local attacker with special user (or root) privilege to crash the system at the time of file or directory removal. This vulnerability can lead to a kernel information leak. The highest threat from this vulnerability is to system availability. ([CVE-2019-19770 __](<https://access.redhat.com/security/cve/CVE-2019-19770>))\n\nA flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ([CVE-2020-14351 __](<https://access.redhat.com/security/cve/CVE-2020-14351>))\n\nA flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. ([CVE-2020-25656 __](<https://access.redhat.com/security/cve/CVE-2020-25656>))\n\nA flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. ([CVE-2020-25668 __](<https://access.redhat.com/security/cve/CVE-2020-25668>))\n\nThe function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. \nThough the dangling pointer is set to NULL in sunkbd_disconnect, there is still a alias in sunkbd_reinit so that causing Use After Free. ([CVE-2020-25669 __](<https://access.redhat.com/security/cve/CVE-2020-25669>))\n\nA flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. ([CVE-2020-25704 __](<https://access.redhat.com/security/cve/CVE-2020-25704>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. ([CVE-2020-27673 __](<https://access.redhat.com/security/cve/CVE-2020-27673>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. ([CVE-2020-27675 __](<https://access.redhat.com/security/cve/CVE-2020-27675>))\n\nThe Linux kernel for powerpc has an issue with the Run-Time Abstraction Services (RTAS) interface, allowing root (or CAP_SYS_ADMIN users) in a VM to overwrite some parts of memory, including kernel memory. \nThis issue impacts guests running on top of PowerVM or KVM hypervisors (pseries platform), and does *not* impact bare-metal machines (powernv platform). ([CVE-2020-27777 __](<https://access.redhat.com/security/cve/CVE-2020-27777>))\n\nAn issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. ([CVE-2020-28941 __](<https://access.redhat.com/security/cve/CVE-2020-28941>))\n\nA slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. ([CVE-2020-28974 __](<https://access.redhat.com/security/cve/CVE-2020-28974>))\n\nA flaw was found in the Linux kernel's implementation of Intel's Running Average Power Limit (RAPL) implementation. A local attacker could infer secrets by measuring power usage and also infer private data by observing the power usage of calculations performed on the data. ([CVE-2020-8694 __](<https://access.redhat.com/security/cve/CVE-2020-8694>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n kernel-4.14.209-160.335.amzn2.aarch64 \n kernel-headers-4.14.209-160.335.amzn2.aarch64 \n kernel-debuginfo-common-aarch64-4.14.209-160.335.amzn2.aarch64 \n perf-4.14.209-160.335.amzn2.aarch64 \n perf-debuginfo-4.14.209-160.335.amzn2.aarch64 \n python-perf-4.14.209-160.335.amzn2.aarch64 \n python-perf-debuginfo-4.14.209-160.335.amzn2.aarch64 \n kernel-tools-4.14.209-160.335.amzn2.aarch64 \n kernel-tools-devel-4.14.209-160.335.amzn2.aarch64 \n kernel-tools-debuginfo-4.14.209-160.335.amzn2.aarch64 \n kernel-devel-4.14.209-160.335.amzn2.aarch64 \n kernel-debuginfo-4.14.209-160.335.amzn2.aarch64 \n \n i686: \n kernel-headers-4.14.209-160.335.amzn2.i686 \n \n src: \n kernel-4.14.209-160.335.amzn2.src \n \n x86_64: \n kernel-4.14.209-160.335.amzn2.x86_64 \n kernel-headers-4.14.209-160.335.amzn2.x86_64 \n kernel-debuginfo-common-x86_64-4.14.209-160.335.amzn2.x86_64 \n perf-4.14.209-160.335.amzn2.x86_64 \n perf-debuginfo-4.14.209-160.335.amzn2.x86_64 \n python-perf-4.14.209-160.335.amzn2.x86_64 \n python-perf-debuginfo-4.14.209-160.335.amzn2.x86_64 \n kernel-tools-4.14.209-160.335.amzn2.x86_64 \n kernel-tools-devel-4.14.209-160.335.amzn2.x86_64 \n kernel-tools-debuginfo-4.14.209-160.335.amzn2.x86_64 \n kernel-devel-4.14.209-160.335.amzn2.x86_64 \n kernel-debuginfo-4.14.209-160.335.amzn2.x86_64 \n kernel-livepatch-4.14.209-160.335-1.0-0.amzn2.x86_64 \n \n \n", "edition": 2, "modified": "2020-12-08T20:55:00", "published": "2020-12-08T20:55:00", "id": "ALAS2-2020-1566", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1566.html", "title": "Important: kernel", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
