Vulnerabilities > CVE-2014-3610

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
linux
canonical
debian
opensuse
suse
nessus

Summary

The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.

Vulnerable Configurations

Part Description Count
OS
Linux
2158
OS
Canonical
2
OS
Debian
1
OS
Opensuse
1
OS
Suse
1

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1272.NASL
    descriptionThe remote Oracle Linux host is missing a security update for one or more kernel-related packages.
    last seen2020-06-01
    modified2020-06-02
    plugin id85097
    published2015-07-30
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85097
    titleOracle Linux 6 : kernel (ELSA-2015-1272)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2015-1272.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(85097);
      script_version("2.3");
      script_cvs_date("Date: 2018/09/17 21:46:53");
    
      script_cve_id(
        "CVE-2011-5321",
        "CVE-2012-6657",
        "CVE-2014-3184",
        "CVE-2014-3185",
        "CVE-2014-3215",
        "CVE-2014-3610",
        "CVE-2014-3611",
        "CVE-2014-3645",
        "CVE-2014-3646",
        "CVE-2014-3673",
        "CVE-2014-3687",
        "CVE-2014-3688",
        "CVE-2014-3690",
        "CVE-2014-3940",
        "CVE-2014-4652",
        "CVE-2014-4656",
        "CVE-2014-5471",
        "CVE-2014-5472",
        "CVE-2014-6410",
        "CVE-2014-7822",
        "CVE-2014-7825",
        "CVE-2014-7826",
        "CVE-2014-7841",
        "CVE-2014-8133",
        "CVE-2014-8159",
        "CVE-2014-8369",
        "CVE-2014-8709",
        "CVE-2014-8884",
        "CVE-2014-9322",
        "CVE-2014-9419",
        "CVE-2014-9420",
        "CVE-2014-9529",
        "CVE-2014-9584",
        "CVE-2014-9585",
        "CVE-2014-9683",
        "CVE-2015-0239",
        "CVE-2015-1593",
        "CVE-2015-1805",
        "CVE-2015-2830",
        "CVE-2015-2922",
        "CVE-2015-3331",
        "CVE-2015-3339",
        "CVE-2015-3636"
      );
    
      script_name(english:"Oracle Linux 6 : kernel (ELSA-2015-1272)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Oracle Linux host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Oracle Linux host is missing a security update for one or
    more kernel-related packages.");
      script_set_attribute(attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2015-July/005242.html");
      script_set_attribute(attribute:"solution", value:"Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"kernel-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"kernel-abi-whitelists-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"kernel-debug-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"kernel-debug-devel-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"kernel-devel-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"kernel-doc-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"kernel-firmware-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"kernel-headers-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"perf-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"python-perf-2.6.32-573.el6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-141202.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application. (bnc#779488). (CVE-2012-4398) - drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839). (CVE-2013-2889) - The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839). (CVE-2013-2893) - Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839). (CVE-2013-2897) - drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. (bnc#835839). (CVE-2013-2899) - The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#853040, bnc#857643). (CVE-2013-7263) - Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. (bnc#896382). (CVE-2014-3181) - The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. (bnc#896390). (CVE-2014-3184) - Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. (bnc#896391). (CVE-2014-3185) - Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report. (bnc#896392). (CVE-2014-3186) - The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. (bnc#892782). (CVE-2014-3601) - The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. (bnc#899192). (CVE-2014-3610) - arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application. (bnc#899192). (CVE-2014-3646) - arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application. (bnc#899192). (CVE-2014-3647) - The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. (bnc#902346, bnc#902349). (CVE-2014-3673) - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724). (CVE-2014-4508) - * DISPUTED * Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says: The Linux kernel is not affected; media hype. (bnc#883948). (CVE-2014-4608) - kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. (bnc#904013). (CVE-2014-7826) - An SCTP server doing ASCONF would panic on malformed INIT ping-of-death. (bnc#905100). (CVE-2014-7841) - The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets. (bnc#904700). (CVE-2014-8709) - A local user with write access could have used this flaw to crash the kernel or elevate privileges (bnc#905522). The following non-security bugs have been fixed:. (CVE-2014-8884) - Build the KOTD against the SP3 Update project - HID: fix kabi breakage. - NFS: Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n. - NFS: fix inverted test for delegation in nfs4_reclaim_open_state. (bnc#903331) - NFS: remove incorrect Lock reclaim failed! warning. (bnc#903331) - NFSv4: nfs4_open_done first must check that GETATTR decoded a file type. (bnc#899574) - PCI: pciehp: Clear Data Link Layer State Changed during init. (bnc#898295) - PCI: pciehp: Enable link state change notifications. (bnc#898295) - PCI: pciehp: Handle push button event asynchronously. (bnc#898295) - PCI: pciehp: Make check_link_active() non-static. (bnc#898295) - PCI: pciehp: Use link change notifications for hot-plug and removal. (bnc#898295) - PCI: pciehp: Use per-slot workqueues to avoid deadlock. (bnc#898295) - PCI: pciehp: Use symbolic constants, not hard-coded bitmask. (bnc#898295) - PM / hibernate: Iterate over set bits instead of PFNs in swsusp_free(). (bnc#860441) - be2net: Fix invocation of be_close() after be_clear(). (bnc#895468) - block: Fix bogus partition statistics reports. (bnc#885077 / bnc#891211) - block: Fix computation of merged request priority. - btrfs: Fix wrong device size when we are resizing the device. - btrfs: Return right extent when fiemap gives unaligned offset and len. - btrfs: abtract out range locking in clone ioctl(). - btrfs: always choose work from prio_head first. - btrfs: balance delayed inode updates. - btrfs: cache extent states in defrag code path. - btrfs: check file extent type before anything else. (bnc#897694) - btrfs: clone, do not create invalid hole extent map. - btrfs: correctly determine if blocks are shared in btrfs_compare_trees. - btrfs: do not bug_on if we try to cow a free space cache inode. - btrfs: ensure btrfs_prev_leaf does not miss 1 item. - btrfs: ensure readers see new data after a clone operation. - btrfs: fill_holes: Fix slot number passed to hole_mergeable() call. - btrfs: filter invalid arg for btrfs resize. - btrfs: fix EINVAL checks in btrfs_clone. - btrfs: fix EIO on reading file after ioctl clone works on it. - btrfs: fix a crash of clone with inline extents split. - btrfs: fix crash of compressed writes. (bnc#898375) - btrfs: fix crash when starting transaction. - btrfs: fix deadlock with nested trans handles. - btrfs: fix hang on error (such as ENOSPC) when writing extent pages. - btrfs: fix leaf corruption after __btrfs_drop_extents. - btrfs: fix race between balance recovery and root deletion. - btrfs: fix wrong extent mapping for DirectIO. - btrfs: handle a missing extent for the first file extent. - btrfs: limit delalloc pages outside of find_delalloc_range. (bnc#898375) - btrfs: read lock extent buffer while walking backrefs. - btrfs: remove unused wait queue in struct extent_buffer. - btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX. - btrfs: replace error code from btrfs_drop_extents. - btrfs: unlock extent and pages on error in cow_file_range. - btrfs: unlock inodes in correct order in clone ioctl. - btrfs_ioctl_clone: Move clone code into its own function. - cifs: delay super block destruction until all cifsFileInfo objects are gone. (bnc#903653) - drm/i915: Flush the PTEs after updating them before suspend. (bnc#901638) - drm/i915: Undo gtt scratch pte unmapping again. (bnc#901638) - ext3: return 32/64-bit dir name hash according to usage type. (bnc#898554) - ext4: return 32/64-bit dir name hash according to usage type. (bnc#898554) - fix: use after free of xfs workqueues. (bnc#894895) - fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash. (bnc#898554) - futex: Ensure get_futex_key_refs() always implies a barrier (bnc#851603 (futex scalability series)). - futex: Fix a race condition between REQUEUE_PI and task death (bnc#851603 (futex scalability series)). - ipv6: add support of peer address. (bnc#896415) - ipv6: fix a refcnt leak with peer addr. (bnc#896415) - megaraid_sas: Disable fastpath writes for non-RAID0. (bnc#897502) - mm: change __remove_pages() to call release_mem_region_adjustable(). (bnc#891790) - netxen: Fix link event handling. (bnc#873228) - netxen: fix link notification order. (bnc#873228) - nfsd: rename int access to int may_flags in nfsd_open(). (bnc#898554) - nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes). (bnc#898554) - ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page. (bnc#899843) - powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758). - powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758). - powerpc: Add support for the optimised lockref implementation (bsc#893758). - powerpc: Implement arch_spin_is_locked() using arch_spin_value_unlocked() (bsc#893758). - refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)). - remove filesize checks for sync I/O journal commit. (bnc#800255) - resource: add __adjust_resource() for internal use. (bnc#891790) - resource: add release_mem_region_adjustable(). (bnc#891790) - revert PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free(). (bnc#860441) - rpm/mkspec: Generate specfiles according to Factory requirements. - rpm/mkspec: Generate a per-architecture per-package _constraints file - sched: Fix unreleased llc_shared_mask bit during CPU hotplug. (bnc#891368) - scsi_dh_alua: disable ALUA handling for non-disk devices. (bnc#876633) - usb: Do not re-read descriptors for wired devices in usb_authorize_device(). (bnc#904358) - usbback: Do not access request fields in shared ring more than once. - usbhid: add another mouse that needs QUIRK_ALWAYS_POLL. (bnc#888607) - vfs,proc: guarantee unique inodes in /proc. (bnc#868049) - x86, cpu hotplug: Fix stack frame warning incheck_irq_vectors_for_cpu_disable(). (bnc#887418) - x86, ioremap: Speed up check for RAM pages (Boot time optimisations (bnc#895387)). - x86: Add check for number of available vectors before CPU down. (bnc#887418) - x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)). - x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). - xfs: Do not free EFIs before the EFDs are committed (bsc#755743). - xfs: Do not reference the EFI after it is freed (bsc#755743). - xfs: fix cil push sequence after log recovery (bsc#755743). - zcrypt: support for extended number of ap domains (bnc#894058, LTC#117041). - zcrypt: toleration of new crypto adapter hardware (bnc#894058, LTC#117041).
    last seen2020-06-05
    modified2014-12-26
    plugin id80249
    published2014-12-26
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80249
    titleSuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 10037 / 10040)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80249);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-4398", "CVE-2013-2889", "CVE-2013-2893", "CVE-2013-2897", "CVE-2013-2899", "CVE-2013-7263", "CVE-2014-3181", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3186", "CVE-2014-3601", "CVE-2014-3610", "CVE-2014-3646", "CVE-2014-3647", "CVE-2014-3673", "CVE-2014-4508", "CVE-2014-4608", "CVE-2014-7826", "CVE-2014-7841", "CVE-2014-8709", "CVE-2014-8884");
    
      script_name(english:"SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 10037 / 10040)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to
    fix various bugs and security issues.
    
    The following security bugs have been fixed :
    
      - The __request_module function in kernel/kmod.c in the
        Linux kernel before 3.4 did not set a certain killable
        attribute, which allowed local users to cause a denial
        of service (memory consumption) via a crafted
        application. (bnc#779488). (CVE-2012-4398)
    
      - drivers/hid/hid-zpff.c in the Human Interface Device
        (HID) subsystem in the Linux kernel through 3.11, when
        CONFIG_HID_ZEROPLUS is enabled, allowed physically
        proximate attackers to cause a denial of service
        (heap-based out-of-bounds write) via a crafted device.
        (bnc#835839). (CVE-2013-2889)
    
      - The Human Interface Device (HID) subsystem in the Linux
        kernel through 3.11, when CONFIG_LOGITECH_FF,
        CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled,
        allowed physically proximate attackers to cause a denial
        of service (heap-based out-of-bounds write) via a
        crafted device, related to (1) drivers/hid/hid-lgff.c,
        (2) drivers/hid/hid-lg3ff.c, and (3)
        drivers/hid/hid-lg4ff.c. (bnc#835839). (CVE-2013-2893)
    
      - Multiple array index errors in
        drivers/hid/hid-multitouch.c in the Human Interface
        Device (HID) subsystem in the Linux kernel through 3.11,
        when CONFIG_HID_MULTITOUCH is enabled, allowed
        physically proximate attackers to cause a denial of
        service (heap memory corruption, or NULL pointer
        dereference and OOPS) via a crafted device.
        (bnc#835839). (CVE-2013-2897)
    
      - drivers/hid/hid-picolcd_core.c in the Human Interface
        Device (HID) subsystem in the Linux kernel through 3.11,
        when CONFIG_HID_PICOLCD is enabled, allowed physically
        proximate attackers to cause a denial of service (NULL
        pointer dereference and OOPS) via a crafted device.
        (bnc#835839). (CVE-2013-2899)
    
      - The Linux kernel before 3.12.4 updates certain length
        values before ensuring that associated data structures
        have been initialized, which allowed local users to
        obtain sensitive information from kernel stack memory
        via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system
        call, related to net/ipv4/ping.c, net/ipv4/raw.c,
        net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.
        (bnc#853040, bnc#857643). (CVE-2013-7263)
    
      - Multiple stack-based buffer overflows in the
        magicmouse_raw_event function in
        drivers/hid/hid-magicmouse.c in the Magic Mouse HID
        driver in the Linux kernel through 3.16.3 allowed
        physically proximate attackers to cause a denial of
        service (system crash) or possibly execute arbitrary
        code via a crafted device that provides a large amount
        of (1) EHCI or (2) XHCI data associated with an event.
        (bnc#896382). (CVE-2014-3181)
    
      - The report_fixup functions in the HID subsystem in the
        Linux kernel before 3.16.2 allowed physically proximate
        attackers to cause a denial of service (out-of-bounds
        write) via a crafted device that provides a small report
        descriptor, related to (1) drivers/hid/hid-cherry.c, (2)
        drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4)
        drivers/hid/hid-monterey.c, (5)
        drivers/hid/hid-petalynx.c, and (6)
        drivers/hid/hid-sunplus.c. (bnc#896390). (CVE-2014-3184)
    
      - Multiple buffer overflows in the
        command_port_read_callback function in
        drivers/usb/serial/whiteheat.c in the Whiteheat USB
        Serial Driver in the Linux kernel before 3.16.2 allowed
        physically proximate attackers to execute arbitrary code
        or cause a denial of service (memory corruption and
        system crash) via a crafted device that provides a large
        amount of (1) EHCI or (2) XHCI data associated with a
        bulk response. (bnc#896391). (CVE-2014-3185)
    
      - Buffer overflow in the picolcd_raw_event function in
        devices/hid/hid-picolcd_core.c in the PicoLCD HID device
        driver in the Linux kernel through 3.16.3, as used in
        Android on Nexus 7 devices, allowed physically proximate
        attackers to cause a denial of service (system crash) or
        possibly execute arbitrary code via a crafted device
        that sends a large report. (bnc#896392). (CVE-2014-3186)
    
      - The kvm_iommu_map_pages function in virt/kvm/iommu.c in
        the Linux kernel through 3.16.1 miscalculated the number
        of pages during the handling of a mapping failure, which
        allowed guest OS users to (1) cause a denial of service
        (host OS memory corruption) or possibly have unspecified
        other impact by triggering a large gfn value or (2)
        cause a denial of service (host OS memory consumption)
        by triggering a small gfn value that leads to
        permanently pinned pages. (bnc#892782). (CVE-2014-3601)
    
      - The WRMSR processing functionality in the KVM subsystem
        in the Linux kernel through 3.17.2 did not properly
        handle the writing of a non-canonical address to a
        model-specific register, which allowed guest OS users to
        cause a denial of service (host OS crash) by leveraging
        guest OS privileges, related to the wrmsr_interception
        function in arch/x86/kvm/svm.c and the handle_wrmsr
        function in arch/x86/kvm/vmx.c. (bnc#899192).
        (CVE-2014-3610)
    
      - arch/x86/kvm/vmx.c in the KVM subsystem in the Linux
        kernel through 3.17.2 did not have an exit handler for
        the INVVPID instruction, which allowed guest OS users to
        cause a denial of service (guest OS crash) via a crafted
        application. (bnc#899192). (CVE-2014-3646)
    
      - arch/x86/kvm/emulate.c in the KVM subsystem in the Linux
        kernel through 3.17.2 did not properly perform RIP
        changes, which allowed guest OS users to cause a denial
        of service (guest OS crash) via a crafted application.
        (bnc#899192). (CVE-2014-3647)
    
      - The SCTP implementation in the Linux kernel through
        3.17.2 allowed remote attackers to cause a denial of
        service (system crash) via a malformed ASCONF chunk,
        related to net/sctp/sm_make_chunk.c and
        net/sctp/sm_statefuns.c. (bnc#902346, bnc#902349).
        (CVE-2014-3673)
    
      - arch/x86/kernel/entry_32.S in the Linux kernel through
        3.15.1 on 32-bit x86 platforms, when syscall auditing is
        enabled and the sep CPU feature flag is set, allowed
        local users to cause a denial of service (OOPS and
        system crash) via an invalid syscall number, as
        demonstrated by number 1000. (bnc#883724).
        (CVE-2014-4508)
    
      - * DISPUTED * Multiple integer overflows in the
        lzo1x_decompress_safe function in
        lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor
        in the Linux kernel before 3.15.2 allowed
        context-dependent attackers to cause a denial of service
        (memory corruption) via a crafted Literal Run. NOTE: the
        author of the LZO algorithms says: The Linux kernel is
        not affected; media hype. (bnc#883948). (CVE-2014-4608)
    
      - kernel/trace/trace_syscalls.c in the Linux kernel
        through 3.17.2 did not properly handle private syscall
        numbers during use of the ftrace subsystem, which
        allowed local users to gain privileges or cause a denial
        of service (invalid pointer dereference) via a crafted
        application. (bnc#904013). (CVE-2014-7826)
    
      - An SCTP server doing ASCONF would panic on malformed
        INIT ping-of-death. (bnc#905100). (CVE-2014-7841)
    
      - The ieee80211_fragment function in net/mac80211/tx.c in
        the Linux kernel before 3.13.5 did not properly maintain
        a certain tail pointer, which allowed remote attackers
        to obtain sensitive cleartext information by reading
        packets. (bnc#904700). (CVE-2014-8709)
    
      - A local user with write access could have used this flaw
        to crash the kernel or elevate privileges (bnc#905522).
        The following non-security bugs have been fixed:.
        (CVE-2014-8884)
    
      - Build the KOTD against the SP3 Update project
    
      - HID: fix kabi breakage.
    
      - NFS: Provide stub nfs_fscache_wait_on_invalidate() for
        when CONFIG_NFS_FSCACHE=n.
    
      - NFS: fix inverted test for delegation in
        nfs4_reclaim_open_state. (bnc#903331)
    
      - NFS: remove incorrect Lock reclaim failed! warning.
        (bnc#903331)
    
      - NFSv4: nfs4_open_done first must check that GETATTR
        decoded a file type. (bnc#899574)
    
      - PCI: pciehp: Clear Data Link Layer State Changed during
        init. (bnc#898295)
    
      - PCI: pciehp: Enable link state change notifications.
        (bnc#898295)
    
      - PCI: pciehp: Handle push button event asynchronously.
        (bnc#898295)
    
      - PCI: pciehp: Make check_link_active() non-static.
        (bnc#898295)
    
      - PCI: pciehp: Use link change notifications for hot-plug
        and removal. (bnc#898295)
    
      - PCI: pciehp: Use per-slot workqueues to avoid deadlock.
        (bnc#898295)
    
      - PCI: pciehp: Use symbolic constants, not hard-coded
        bitmask. (bnc#898295)
    
      - PM / hibernate: Iterate over set bits instead of PFNs in
        swsusp_free(). (bnc#860441)
    
      - be2net: Fix invocation of be_close() after be_clear().
        (bnc#895468)
    
      - block: Fix bogus partition statistics reports.
        (bnc#885077 / bnc#891211)
    
      - block: Fix computation of merged request priority.
    
      - btrfs: Fix wrong device size when we are resizing the
        device.
    
      - btrfs: Return right extent when fiemap gives unaligned
        offset and len.
    
      - btrfs: abtract out range locking in clone ioctl().
    
      - btrfs: always choose work from prio_head first.
    
      - btrfs: balance delayed inode updates.
    
      - btrfs: cache extent states in defrag code path.
    
      - btrfs: check file extent type before anything else.
        (bnc#897694)
    
      - btrfs: clone, do not create invalid hole extent map.
    
      - btrfs: correctly determine if blocks are shared in
        btrfs_compare_trees.
    
      - btrfs: do not bug_on if we try to cow a free space cache
        inode.
    
      - btrfs: ensure btrfs_prev_leaf does not miss 1 item.
    
      - btrfs: ensure readers see new data after a clone
        operation.
    
      - btrfs: fill_holes: Fix slot number passed to
        hole_mergeable() call.
    
      - btrfs: filter invalid arg for btrfs resize.
    
      - btrfs: fix EINVAL checks in btrfs_clone.
    
      - btrfs: fix EIO on reading file after ioctl clone works
        on it.
    
      - btrfs: fix a crash of clone with inline extents split.
    
      - btrfs: fix crash of compressed writes. (bnc#898375)
    
      - btrfs: fix crash when starting transaction.
    
      - btrfs: fix deadlock with nested trans handles.
    
      - btrfs: fix hang on error (such as ENOSPC) when writing
        extent pages.
    
      - btrfs: fix leaf corruption after __btrfs_drop_extents.
    
      - btrfs: fix race between balance recovery and root
        deletion.
    
      - btrfs: fix wrong extent mapping for DirectIO.
    
      - btrfs: handle a missing extent for the first file
        extent.
    
      - btrfs: limit delalloc pages outside of
        find_delalloc_range. (bnc#898375)
    
      - btrfs: read lock extent buffer while walking backrefs.
    
      - btrfs: remove unused wait queue in struct extent_buffer.
    
      - btrfs: replace EINVAL with ERANGE for resize when
        ULLONG_MAX.
    
      - btrfs: replace error code from btrfs_drop_extents.
    
      - btrfs: unlock extent and pages on error in
        cow_file_range.
    
      - btrfs: unlock inodes in correct order in clone ioctl.
    
      - btrfs_ioctl_clone: Move clone code into its own
        function.
    
      - cifs: delay super block destruction until all
        cifsFileInfo objects are gone. (bnc#903653)
    
      - drm/i915: Flush the PTEs after updating them before
        suspend. (bnc#901638)
    
      - drm/i915: Undo gtt scratch pte unmapping again.
        (bnc#901638)
    
      - ext3: return 32/64-bit dir name hash according to usage
        type. (bnc#898554)
    
      - ext4: return 32/64-bit dir name hash according to usage
        type. (bnc#898554)
    
      - fix: use after free of xfs workqueues. (bnc#894895)
    
      - fs: add new FMODE flags: FMODE_32bithash and
        FMODE_64bithash. (bnc#898554)
    
      - futex: Ensure get_futex_key_refs() always implies a
        barrier (bnc#851603 (futex scalability series)).
    
      - futex: Fix a race condition between REQUEUE_PI and task
        death (bnc#851603 (futex scalability series)).
    
      - ipv6: add support of peer address. (bnc#896415)
    
      - ipv6: fix a refcnt leak with peer addr. (bnc#896415)
    
      - megaraid_sas: Disable fastpath writes for non-RAID0.
        (bnc#897502)
    
      - mm: change __remove_pages() to call
        release_mem_region_adjustable(). (bnc#891790)
    
      - netxen: Fix link event handling. (bnc#873228)
    
      - netxen: fix link notification order. (bnc#873228)
    
      - nfsd: rename int access to int may_flags in nfsd_open().
        (bnc#898554)
    
      - nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes).
        (bnc#898554)
    
      - ocfs2: fix NULL pointer dereference in
        ocfs2_duplicate_clusters_by_page. (bnc#899843)
    
      - powerpc: Add smp_mb() to arch_spin_is_locked()
        (bsc#893758).
    
      - powerpc: Add smp_mb()s to arch_spin_unlock_wait()
        (bsc#893758).
    
      - powerpc: Add support for the optimised lockref
        implementation (bsc#893758).
    
      - powerpc: Implement arch_spin_is_locked() using
        arch_spin_value_unlocked() (bsc#893758).
    
      - refresh patches.xen/xen-blkback-multi-page-ring
        (bnc#897708)).
    
      - remove filesize checks for sync I/O journal commit.
        (bnc#800255)
    
      - resource: add __adjust_resource() for internal use.
        (bnc#891790)
    
      - resource: add release_mem_region_adjustable().
        (bnc#891790)
    
      - revert PM / Hibernate: Iterate over set bits instead of
        PFNs in swsusp_free(). (bnc#860441)
    
      - rpm/mkspec: Generate specfiles according to Factory
        requirements.
    
      - rpm/mkspec: Generate a per-architecture per-package
        _constraints file
    
      - sched: Fix unreleased llc_shared_mask bit during CPU
        hotplug. (bnc#891368)
    
      - scsi_dh_alua: disable ALUA handling for non-disk
        devices. (bnc#876633)
    
      - usb: Do not re-read descriptors for wired devices in
        usb_authorize_device(). (bnc#904358)
    
      - usbback: Do not access request fields in shared ring
        more than once.
    
      - usbhid: add another mouse that needs QUIRK_ALWAYS_POLL.
        (bnc#888607)
    
      - vfs,proc: guarantee unique inodes in /proc. (bnc#868049)
    
      - x86, cpu hotplug: Fix stack frame warning
        incheck_irq_vectors_for_cpu_disable(). (bnc#887418)
    
      - x86, ioremap: Speed up check for RAM pages (Boot time
        optimisations (bnc#895387)).
    
      - x86: Add check for number of available vectors before
        CPU down. (bnc#887418)
    
      - x86: optimize resource lookups for ioremap (Boot time
        optimisations (bnc#895387)).
    
      - x86: use optimized ioresource lookup in ioremap function
        (Boot time optimisations (bnc#895387)).
    
      - xfs: Do not free EFIs before the EFDs are committed
        (bsc#755743).
    
      - xfs: Do not reference the EFI after it is freed
        (bsc#755743).
    
      - xfs: fix cil push sequence after log recovery
        (bsc#755743).
    
      - zcrypt: support for extended number of ap domains
        (bnc#894058, LTC#117041).
    
      - zcrypt: toleration of new crypto adapter hardware
        (bnc#894058, LTC#117041)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=755743"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=779488"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=800255"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=835839"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=851603"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=853040"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=857643"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=860441"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=868049"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=873228"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=876633"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=883724"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=883948"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=885077"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=887418"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=888607"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=891211"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=891368"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=891790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=892782"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=893758"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=894058"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=894895"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=895387"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=895468"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=896382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=896390"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=896391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=896392"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=896415"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=897502"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=897694"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=897708"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=898295"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=898375"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=898554"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=899192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=899574"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=899843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=901638"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=902346"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=902349"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=903331"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=903653"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=904013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=904358"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=904700"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=905100"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=905522"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4398.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2889.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2893.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2897.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2899.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-7263.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3181.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3184.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3185.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3186.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3601.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3610.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3646.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3647.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3673.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-4508.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-4608.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-7826.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-7841.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-8709.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-8884.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Apply SAT patch number 10037 / 10040 as appropriate."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/12/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-extra-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-extra-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-source-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-syms-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-extra-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.5_02_3.0.101_0.42-0.7.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.5_02_3.0.101_0.42-0.7.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-default-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-default-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-default-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-source-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-syms-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-trace-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-trace-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.5_02_3.0.101_0.42-0.7.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.5_02_3.0.101_0.42-0.7.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-man-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-source-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-syms-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-trace-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-trace-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-trace-devel-3.0.101-0.42.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-13773.NASL
    descriptionMore KVM CVE fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-10-29
    plugin id78716
    published2014-10-29
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78716
    titleFedora 20 : kernel-3.16.6-203.fc20 (2014-13773)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2014-13773.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78716);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3646", "CVE-2014-8369");
      script_bugtraq_id(70742, 70743, 70745, 70749);
      script_xref(name:"FEDORA", value:"2014-13773");
    
      script_name(english:"Fedora 20 : kernel-3.16.6-203.fc20 (2014-13773)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "More KVM CVE fixes.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1144825"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1144878"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1144883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1156518"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2014-October/141478.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a2236341"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC20", reference:"kernel-3.16.6-203.fc20")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-14126.NASL
    descriptionLinux v3.17.2. A wide variety of fixes across the tree. Even more KVM CVE fixes CVE fixes for KVM and SCTP. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-11-03
    plugin id78814
    published2014-11-03
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78814
    titleFedora 21 : kernel-3.17.2-300.fc21 (2014-14126)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2014-14126.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78814);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3646", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-3690", "CVE-2014-8369", "CVE-2014-8480", "CVE-2014-8481");
      script_bugtraq_id(70691, 70710, 70712, 70742, 70743, 70745, 70749, 70766, 70768);
      script_xref(name:"FEDORA", value:"2014-14126");
    
      script_name(english:"Fedora 21 : kernel-3.17.2-300.fc21 (2014-14126)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Linux v3.17.2. A wide variety of fixes across the tree. Even more KVM
    CVE fixes CVE fixes for KVM and SCTP.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1144825"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1144878"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1144883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1147850"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1153322"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1155731"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1155745"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1156518"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1156615"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/142663.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7f9fb363"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC21", reference:"kernel-3.17.2-300.fc21")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2417-1.NASL
    descriptionNadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) A flaw was discovered with invept instruction support when using nested EPT in the KVM (Kernel Virtual Machine). An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3645) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673) A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687) It was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688) A flaw was discovered in how the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79433
    published2014-11-25
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79433
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-2417-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2417-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79433);
      script_version("1.15");
      script_cvs_date("Date: 2019/09/19 12:54:30");
    
      script_cve_id("CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-3647", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-3690", "CVE-2014-4608", "CVE-2014-7207", "CVE-2014-7975");
      script_bugtraq_id(68214, 70314, 70691, 70742, 70743, 70745, 70746, 70748, 70766, 70867, 70883);
      script_xref(name:"USN", value:"2417-1");
    
      script_name(english:"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2417-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles
    noncanonical addresses when emulating instructions that change the rip
    (Instruction Pointer). A guest user with access to I/O or the MMIO can
    use this flaw to cause a denial of service (system crash) of the
    guest. (CVE-2014-3647)
    
    A flaw was discovered with the handling of the invept instruction in
    the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An
    unprivileged guest user could exploit this flaw to cause a denial of
    service (system crash) on the guest. (CVE-2014-3646)
    
    A flaw was discovered with invept instruction support when using
    nested EPT in the KVM (Kernel Virtual Machine). An unprivileged guest
    user could exploit this flaw to cause a denial of service (system
    crash) on the guest. (CVE-2014-3645)
    
    Lars Bull reported a race condition in the PIT (programmable interrupt
    timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the
    Linux kernel. A local guest user with access to PIT i/o ports could
    exploit this flaw to cause a denial of service (crash) on the host.
    (CVE-2014-3611)
    
    Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel
    Virtual Machine) handles noncanonical writes to certain MSR registers.
    A privileged guest user can exploit this flaw to cause a denial of
    service (kernel panic) on the host. (CVE-2014-3610)
    
    A flaw in the handling of malformed ASCONF chunks by SCTP (Stream
    Control Transmission Protocol) implementation in the Linux kernel was
    discovered. A remote attacker could exploit this flaw to cause a
    denial of service (system crash). (CVE-2014-3673)
    
    A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream
    Control Transmission Protocol) implementation in the Linux kernel was
    discovered. A remote attacker could exploit this flaw to cause a
    denial of service (panic). (CVE-2014-3687)
    
    It was discovered that excessive queuing by SCTP (Stream Control
    Transmission Protocol) implementation in the Linux kernel can cause
    memory pressure. A remote attacker could exploit this flaw to cause a
    denial of service. (CVE-2014-3688)
    
    A flaw was discovered in how the Linux kernel's KVM (Kernel Virtual
    Machine) subsystem handles the CR4 control register at VM entry on
    Intel processors. A local host OS user can exploit this to cause a
    denial of service (kill arbitrary processes, or system disruption) by
    leveraging /dev/kvm access. (CVE-2014-3690)
    
    Don Bailey discovered a flaw in the LZO decompress algorithm used by
    the Linux kernel. An attacker could exploit this flaw to cause a
    denial of service (memory corruption or OOPS). (CVE-2014-4608)
    
    It was discovered the Linux kernel's implementation of IPv6 did not
    properly validate arguments in the ipv6_select_ident function. A local
    user could exploit this flaw to cause a denial of service (system
    crash) by leveraging tun or macvtap device access. (CVE-2014-7207)
    
    Andy Lutomirski discovered that the Linux kernel was not checking the
    CAP_SYS_ADMIN when remounting filesystems to read-only. A local user
    could exploit this flaw to cause a denial of service (loss of
    writability). (CVE-2014-7975).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2417-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-3647", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-3690", "CVE-2014-4608", "CVE-2014-7207", "CVE-2014-7975");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2417-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-72-generic", pkgver:"3.2.0-72.107")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-72-generic-pae", pkgver:"3.2.0-72.107")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-72-highbank", pkgver:"3.2.0-72.107")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-72-virtual", pkgver:"3.2.0-72.107")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.2-generic / linux-image-3.2-generic-pae / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2462-1.NASL
    descriptionLars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id80510
    published2015-01-14
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80510
    titleUbuntu 10.04 LTS : linux vulnerabilities (USN-2462-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2462-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80510);
      script_version("1.10");
      script_cvs_date("Date: 2019/09/19 12:54:31");
    
      script_cve_id("CVE-2014-3610", "CVE-2014-3611");
      script_bugtraq_id(70742, 70743);
      script_xref(name:"USN", value:"2462-1");
    
      script_name(english:"Ubuntu 10.04 LTS : linux vulnerabilities (USN-2462-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Lars Bull reported a race condition in the PIT (programmable interrupt
    timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the
    Linux kernel. A local guest user with access to PIT i/o ports could
    exploit this flaw to cause a denial of service (crash) on the host.
    (CVE-2014-3611)
    
    Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel
    Virtual Machine) handles noncanonical writes to certain MSR registers.
    A privileged guest user can exploit this flaw to cause a denial of
    service (kernel panic) on the host. (CVE-2014-3610).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2462-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-3610", "CVE-2014-3611");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2462-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-71-386", pkgver:"2.6.32-71.138")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-71-generic", pkgver:"2.6.32-71.138")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-71-generic-pae", pkgver:"2.6.32-71.138")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-71-lpia", pkgver:"2.6.32-71.138")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-71-preempt", pkgver:"2.6.32-71.138")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-71-server", pkgver:"2.6.32-71.138")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-71-versatile", pkgver:"2.6.32-71.138")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-71-virtual", pkgver:"2.6.32-71.138")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-386 / linux-image-2.6-generic / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0869.NASL
    descriptionUpdated kvm packages that fix two security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that KVM
    last seen2020-06-01
    modified2020-06-02
    plugin id83027
    published2015-04-23
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83027
    titleRHEL 5 : kvm (RHSA-2015:0869)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2395-1.NASL
    descriptionNadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) Raphael Geissert reported a NULL pointer dereference in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id78765
    published2014-10-31
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78765
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-2395-1)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0057.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id99163
    published2017-04-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99163
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-3012.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id81966
    published2015-03-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81966
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3012)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0481-1.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel has been updated to fix security issues on kernels on the x86_64 architecture. The following security bugs have been fixed : - CVE-2012-4398: The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application (bnc#779488). - CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (bnc#835839). - CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (bnc#835839). - CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (bnc#835839). - CVE-2013-2929: The Linux kernel before 3.12.2 did not properly use the get_dumpable function, which allowed local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h (bnc#847652). - CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#857643). - CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allowed attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation (bnc#867723). - CVE-2014-0181: The Netlink implementation in the Linux kernel through 3.14.1 did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051). - CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 did not properly count the addition of routes, which allowed remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets (bnc#867531). - CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (bnc#896382). - CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). - CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). - CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (bnc#896392). - CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (bnc#892782). - CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192). - CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). - CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). - CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346). - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter (bnc#902349). - CVE-2014-3688: The SCTP implementation in the Linux kernel before 3.17.4 allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an associations output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351). - CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors did not ensure that the value in the CR4 control register remains the same after a VM entry, which allowed host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU (bnc#902232). - CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run (bnc#883948). - CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allowed local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). - CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry (bnc#892490). - CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry (bnc#892490). - CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013). - CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#905100). - CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313 (bnc#905312). - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which made it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value (bnc#909078). - CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allowed guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601 (bnc#902675). - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application (bnc#903640). - CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). - CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654). - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (bnc#912705). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id83696
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83696
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2015:0481-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2396-1.NASL
    descriptionNadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id78821
    published2014-11-03
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78821
    titleUbuntu 14.10 : linux vulnerabilities (USN-2396-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-141217.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application. (bnc#779488). (CVE-2012-4398) - drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839). (CVE-2013-2889) - The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839). (CVE-2013-2893) - Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839). (CVE-2013-2897) - drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. (bnc#835839). (CVE-2013-2899) - The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#853040, bnc#857643). (CVE-2013-7263) - Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. (bnc#896382). (CVE-2014-3181) - The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. (bnc#896390). (CVE-2014-3184) - Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. (bnc#896391). (CVE-2014-3185) - Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report. (bnc#896392). (CVE-2014-3186) - The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. (bnc#892782). (CVE-2014-3601) - The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. (bnc#899192). (CVE-2014-3610) - arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application. (bnc#899192). (CVE-2014-3646) - arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application. (bnc#899192). (CVE-2014-3647) - The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. (bnc#902346, bnc#902349). (CVE-2014-3673) - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724). (CVE-2014-4508) - * DISPUTED * Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says: The Linux kernel is not affected; media hype. (bnc#883948). (CVE-2014-4608) - kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. (bnc#904013). (CVE-2014-7826) - An SCTP server doing ASCONF would panic on malformed INIT ping-of-death. (bnc#905100). (CVE-2014-7841) - The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets. (bnc#904700). (CVE-2014-8709) - A local user with write access could have used this flaw to crash the kernel or elevate privileges (bnc#905522). The following non-security bugs have been fixed:. (CVE-2014-8884) - Build the KOTD against the SP3 Update project - HID: fix kabi breakage. - NFS: Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n. - NFS: fix inverted test for delegation in nfs4_reclaim_open_state. (bnc#903331) - NFS: remove incorrect Lock reclaim failed! warning. (bnc#903331) - NFSv4: nfs4_open_done first must check that GETATTR decoded a file type. (bnc#899574) - PCI: pciehp: Clear Data Link Layer State Changed during init. (bnc#898295) - PCI: pciehp: Enable link state change notifications. (bnc#898295) - PCI: pciehp: Handle push button event asynchronously. (bnc#898295) - PCI: pciehp: Make check_link_active() non-static. (bnc#898295) - PCI: pciehp: Use link change notifications for hot-plug and removal. (bnc#898295) - PCI: pciehp: Use per-slot workqueues to avoid deadlock. (bnc#898295) - PCI: pciehp: Use symbolic constants, not hard-coded bitmask. (bnc#898295) - PM / hibernate: Iterate over set bits instead of PFNs in swsusp_free(). (bnc#860441) - be2net: Fix invocation of be_close() after be_clear(). (bnc#895468) - block: Fix bogus partition statistics reports. (bnc#885077 / bnc#891211) - block: Fix computation of merged request priority. - btrfs: Fix wrong device size when we are resizing the device. - btrfs: Return right extent when fiemap gives unaligned offset and len. - btrfs: abtract out range locking in clone ioctl(). - btrfs: always choose work from prio_head first. - btrfs: balance delayed inode updates. - btrfs: cache extent states in defrag code path. - btrfs: check file extent type before anything else. (bnc#897694) - btrfs: clone, do not create invalid hole extent map. - btrfs: correctly determine if blocks are shared in btrfs_compare_trees. - btrfs: do not bug_on if we try to cow a free space cache inode. - btrfs: ensure btrfs_prev_leaf does not miss 1 item. - btrfs: ensure readers see new data after a clone operation. - btrfs: fill_holes: Fix slot number passed to hole_mergeable() call. - btrfs: filter invalid arg for btrfs resize. - btrfs: fix EINVAL checks in btrfs_clone. - btrfs: fix EIO on reading file after ioctl clone works on it. - btrfs: fix a crash of clone with inline extents split. - btrfs: fix crash of compressed writes. (bnc#898375) - btrfs: fix crash when starting transaction. - btrfs: fix deadlock with nested trans handles. - btrfs: fix hang on error (such as ENOSPC) when writing extent pages. - btrfs: fix leaf corruption after __btrfs_drop_extents. - btrfs: fix race between balance recovery and root deletion. - btrfs: fix wrong extent mapping for DirectIO. - btrfs: handle a missing extent for the first file extent. - btrfs: limit delalloc pages outside of find_delalloc_range. (bnc#898375) - btrfs: read lock extent buffer while walking backrefs. - btrfs: remove unused wait queue in struct extent_buffer. - btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX. - btrfs: replace error code from btrfs_drop_extents. - btrfs: unlock extent and pages on error in cow_file_range. - btrfs: unlock inodes in correct order in clone ioctl. - btrfs_ioctl_clone: Move clone code into its own function. - cifs: delay super block destruction until all cifsFileInfo objects are gone. (bnc#903653) - drm/i915: Flush the PTEs after updating them before suspend. (bnc#901638) - drm/i915: Undo gtt scratch pte unmapping again. (bnc#901638) - ext3: return 32/64-bit dir name hash according to usage type. (bnc#898554) - ext4: return 32/64-bit dir name hash according to usage type. (bnc#898554) - fix: use after free of xfs workqueues. (bnc#894895) - fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash. (bnc#898554) - futex: Ensure get_futex_key_refs() always implies a barrier (bnc#851603 (futex scalability series)). - futex: Fix a race condition between REQUEUE_PI and task death (bnc#851603 (futex scalability series)). - ipv6: add support of peer address. (bnc#896415) - ipv6: fix a refcnt leak with peer addr. (bnc#896415) - megaraid_sas: Disable fastpath writes for non-RAID0. (bnc#897502) - mm: change __remove_pages() to call release_mem_region_adjustable(). (bnc#891790) - netxen: Fix link event handling. (bnc#873228) - netxen: fix link notification order. (bnc#873228) - nfsd: rename int access to int may_flags in nfsd_open(). (bnc#898554) - nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes). (bnc#898554) - ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page. (bnc#899843) - powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758). - powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758). - powerpc: Add support for the optimised lockref implementation (bsc#893758). - powerpc: Implement arch_spin_is_locked() using arch_spin_value_unlocked() (bsc#893758). - refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)). - remove filesize checks for sync I/O journal commit. (bnc#800255) - resource: add __adjust_resource() for internal use. (bnc#891790) - resource: add release_mem_region_adjustable(). (bnc#891790) - revert PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free(). (bnc#860441) - rpm/mkspec: Generate specfiles according to Factory requirements. - rpm/mkspec: Generate a per-architecture per-package _constraints file - sched: Fix unreleased llc_shared_mask bit during CPU hotplug. (bnc#891368) - scsi_dh_alua: disable ALUA handling for non-disk devices. (bnc#876633) - usb: Do not re-read descriptors for wired devices in usb_authorize_device(). (bnc#904358) - usbback: Do not access request fields in shared ring more than once. - usbhid: add another mouse that needs QUIRK_ALWAYS_POLL. (bnc#888607) - vfs,proc: guarantee unique inodes in /proc. (bnc#868049) - x86, cpu hotplug: Fix stack frame warning incheck_irq_vectors_for_cpu_disable(). (bnc#887418) - x86, ioremap: Speed up check for RAM pages (Boot time optimisations (bnc#895387)). - x86: Add check for number of available vectors before CPU down. (bnc#887418) - x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)). - x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). - xfs: Do not free EFIs before the EFDs are committed (bsc#755743). - xfs: Do not reference the EFI after it is freed (bsc#755743). - xfs: fix cil push sequence after log recovery (bsc#755743). - zcrypt: support for extended number of ap domains (bnc#894058, LTC#117041). - zcrypt: toleration of new crypto adapter hardware (bnc#894058, LTC#117041).
    last seen2020-06-05
    modified2014-12-26
    plugin id80250
    published2014-12-26
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80250
    titleSuSE 11.3 Security Update : Linux kernel (SAT Patch Number 10103)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0004_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. (CVE-2013-2888) - drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap- based out-of-bounds write) via a crafted device. (CVE-2013-2889) - drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap- based out-of-bounds write) via a crafted device. (CVE-2013-2892) - The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (CVE-2013-2930) - Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine. (CVE-2013-4127) - The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (CVE-2013-4162) - The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (CVE-2013-4163) - Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call. (CVE-2013-4343) - The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation. (CVE-2013-4348) - The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network. (CVE-2013-4350) - net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet. (CVE-2013-4387) - The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline. (CVE-2013-4563) - The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. (CVE-2013-4579) - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (CVE-2013-4587) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (CVE-2013-6367) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (CVE-2013-6368) - The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (CVE-2013-6376) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (CVE-2013-6378) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (CVE-2013-6380) - Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. (CVE-2013-6382) - Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system calls. (CVE-2013-7026) - The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7266) - The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7267) - The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7268) - The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7269) - The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7270) - The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7271) - Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data. (CVE-2014-0049) - The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. (CVE-2014-0055) - The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. (CVE-2014-0069) - drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. (CVE-2014-0077) - Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load. (CVE-2014-0100) - A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. (CVE-2014-0101) - The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands. (CVE-2014-0102) - Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. (CVE-2014-0131) - The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. (CVE-2014-0155) - The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application. (CVE-2014-1438) - The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature. (CVE-2014-1690) - The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. (CVE-2014-2309) - net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. (CVE-2014-2523) - It was found that the try_to_unmap_cluster() function in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127146
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127146
    titleNewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0004)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1480.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id124804
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124804
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1480)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3060.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service : - CVE-2014-3610 Lars Bull of Google and Nadav Amit reported a flaw in how KVM handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. - CVE-2014-3611 Lars Bull of Google reported a race condition in the PIT emulation code in KVM. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. - CVE-2014-3645/ CVE-2014-3646 The Advanced Threat Research team at Intel Security discovered that the KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. - CVE-2014-3647 Nadav Amit reported that KVM mishandles noncanonical addresses when emulating instructions that change rip, potentially causing a failed VM-entry. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. - CVE-2014-3673 Liu Wei of Red Hat discovered a flaw in net/core/skbuff.c leading to a kernel panic when receiving malformed ASCONF chunks. A remote attacker could use this flaw to crash the system. - CVE-2014-3687 A flaw in the sctp stack was discovered leading to a kernel panic when receiving duplicate ASCONF chunks. A remote attacker could use this flaw to crash the system. - CVE-2014-3688 It was found that the sctp stack is prone to a remotely triggerable memory pressure issue caused by excessive queueing. A remote attacker could use this flaw to cause denial-of-service conditions on the system. - CVE-2014-3690 Andy Lutomirski discovered that incorrect register handling in KVM may lead to denial of service. - CVE-2014-7207 Several Debian developers reported an issue in the IPv6 networking subsystem. A local user with access to tun or macvtap devices, or a virtual machine connected to such a device, can cause a denial of service (system crash). This update includes a bug fix related to CVE-2014-7207 that disables UFO (UDP Fragmentation Offload) in the macvtap, tun, and virtio_net drivers. This will cause migration of a running VM from a host running an earlier kernel version to a host running this kernel version to fail, if the VM has been assigned a virtio network device. In order to migrate such a VM, it must be shut down first.
    last seen2020-03-17
    modified2014-11-03
    plugin id78784
    published2014-11-03
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78784
    titleDebian DSA-3060-1 : linux - security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1486.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel
    last seen2020-03-19
    modified2019-05-13
    plugin id124810
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124810
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1486)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2491-1.NASL
    descriptionAndy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. (CVE-2014-9322) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) Andy Lutomirski discovered an information leak in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id81164
    published2015-02-04
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81164
    titleUbuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2491-1)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2015-0040.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0040 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id82691
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82691
    titleOracleVM 3.3 : kernel-uek (OVMSA-2015-0040)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0068-1.NASL
    descriptionThe SUSE Linux Enterprise 12 kernel was updated to 3.12.31 to receive various security and bugfixes. Security issues fixed: CVE-2014-9322: A local privilege escalation in the x86_64 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code. - CVE-2014-9090: Various issues in LDT handling in 32bit compatibility mode on the x86_64 platform were fixed, where local attackers could crash the machine. - CVE-2014-8133: Insufficient validation of TLS register usage could leak information from the kernel stack to userspace. - CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. - CVE-2014-3647: Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandled noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO could use this flaw to cause a denial of service (system crash) of the guest. - CVE-2014-3611: A race condition flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id83665
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83665
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0068-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-230.NASL
    descriptionMultiple vulnerabilities has been found and corrected in the Linux kernel : The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (CVE-2014-3610). Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation (CVE-2014-3611). arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application (CVE-2014-3645). arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application (CVE-2014-3646). arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application (CVE-2014-3647). The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (CVE-2014-3673). The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter (CVE-2014-3687). arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU (CVE-2014-3690). kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application (CVE-2014-7825). kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (CVE-2014-7826). The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call (CVE-2014-7970). The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601 (CVE-2014-8369). The updated packages provides a solution for these security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id79610
    published2014-11-28
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79610
    titleMandriva Linux Security Advisory : kernel (MDVSA-2014:230)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-14068.NASL
    descriptionThe 3.14.23 stable update contains a number of important fixes across the tree. Various security fixes for KVM and SCTP Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-11-17
    plugin id79258
    published2014-11-17
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79258
    titleFedora 19 : kernel-3.14.23-100.fc19 (2014-14068)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0869.NASL
    descriptionFrom Red Hat Security Advisory 2015:0869 : Updated kvm packages that fix two security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that KVM
    last seen2020-06-01
    modified2020-06-02
    plugin id83026
    published2015-04-23
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83026
    titleOracle Linux 5 : kvm (ELSA-2015-0869)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0869.NASL
    descriptionUpdated kvm packages that fix two security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that KVM
    last seen2020-06-01
    modified2020-06-02
    plugin id83001
    published2015-04-23
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83001
    titleCentOS 5 : kvm (CESA-2015:0869)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150422_KVM_ON_SL5_X.NASL
    descriptionIt was found that KVM
    last seen2020-03-18
    modified2015-04-23
    plugin id83029
    published2015-04-23
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83029
    titleScientific Linux Security Update : kvm on SL5.x x86_64 (20150422)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2394-1.NASL
    descriptionNadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) Raphael Geissert reported a NULL pointer dereference in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id78764
    published2014-10-31
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78764
    titleUbuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2394-1)

Redhat

advisories
rhsa
idRHSA-2015:0869
rpms
  • kmod-kvm-0:83-270.el5_11
  • kmod-kvm-debug-0:83-270.el5_11
  • kvm-0:83-270.el5_11
  • kvm-debuginfo-0:83-270.el5_11
  • kvm-qemu-img-0:83-270.el5_11
  • kvm-tools-0:83-270.el5_11