Vulnerabilities > CVE-2014-3647

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

Vulnerable Configurations

Part Description Count
OS
Linux
2158
OS
Redhat
2
OS
Canonical
1
OS
Debian
1
OS
Opensuse
1
OS
Suse
1
OS
Oracle
1

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1071-1.NASL
    descriptionThe SUSE Linux Enterprise 12 kernel was updated to version 3.12.43 to receive various security and bugfixes. Following security bugs were fixed : - CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bsc#899192). - CVE-2014-8086: Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allowed local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag (bsc#900881). - CVE-2014-8159: The InfiniBand (IB) implementation did not properly restrict use of User Verbs for registration of memory regions, which allowed local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/ (bsc#914742). - CVE-2015-1465: The IPv4 implementation in the Linux kernel before 3.18.8 did not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allowed remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets (bsc#916225). - CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 used an incorrect data type in a sysctl table, which allowed local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry (bsc#919007). - CVE-2015-2042: net/rds/sysctl.c in the Linux kernel before 3.19 used an incorrect data type in a sysctl table, which allowed local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry (bsc#919018). - CVE-2015-2666: Fixed a flaw that allowed crafted microcode to overflow the kernel stack (bsc#922944). - CVE-2015-2830: Fixed int80 fork from 64-bit tasks mishandling (bsc#926240). - CVE-2015-2922: Fixed possible denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements (bsc#922583). - CVE-2015-3331: Fixed buffer overruns in RFC4106 implementation using AESNI (bsc#927257). - CVE-2015-3332: Fixed TCP Fast Open local DoS (bsc#928135). - CVE-2015-3339: Fixed race condition flaw between the chown() and execve() system calls which could have lead to local privilege escalation (bsc#928130). - CVE-2015-3636: Fixed use-after-free in ping sockets which could have lead to local privilege escalation (bsc#929525). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84227
    published2015-06-17
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84227
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:1071-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:1071-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84227);
      script_version("2.12");
      script_cvs_date("Date: 2019/09/11 11:22:12");
    
      script_cve_id("CVE-2014-3647", "CVE-2014-8086", "CVE-2014-8159", "CVE-2015-1465", "CVE-2015-2041", "CVE-2015-2042", "CVE-2015-2666", "CVE-2015-2830", "CVE-2015-2922", "CVE-2015-3331", "CVE-2015-3332", "CVE-2015-3339", "CVE-2015-3636");
      script_bugtraq_id(70376, 70748, 72435, 72729, 72730, 73060, 73183, 73699, 74232, 74235, 74243, 74315, 74450);
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:1071-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 kernel was updated to version 3.12.43 to
    receive various security and bugfixes.
    
    Following security bugs were fixed :
    
      - CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM
        subsystem in the Linux kernel through 3.17.2 did not
        properly perform RIP changes, which allowed guest OS
        users to cause a denial of service (guest OS crash) via
        a crafted application (bsc#899192).
    
      - CVE-2014-8086: Race condition in the
        ext4_file_write_iter function in fs/ext4/file.c in the
        Linux kernel through 3.17 allowed local users to cause a
        denial of service (file unavailability) via a
        combination of a write action and an F_SETFL fcntl
        operation for the O_DIRECT flag (bsc#900881).
    
      - CVE-2014-8159: The InfiniBand (IB) implementation did
        not properly restrict use of User Verbs for registration
        of memory regions, which allowed local users to access
        arbitrary physical memory locations, and consequently
        cause a denial of service (system crash) or gain
        privileges, by leveraging permissions on a uverbs device
        under /dev/infiniband/ (bsc#914742).
    
      - CVE-2015-1465: The IPv4 implementation in the Linux
        kernel before 3.18.8 did not properly consider the
        length of the Read-Copy Update (RCU) grace period for
        redirecting lookups in the absence of caching, which
        allowed remote attackers to cause a denial of service
        (memory consumption or system crash) via a flood of
        packets (bsc#916225).
    
      - CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux
        kernel before 3.19 used an incorrect data type in a
        sysctl table, which allowed local users to obtain
        potentially sensitive information from kernel memory or
        possibly have unspecified other impact by accessing a
        sysctl entry (bsc#919007).
    
      - CVE-2015-2042: net/rds/sysctl.c in the Linux kernel
        before 3.19 used an incorrect data type in a sysctl
        table, which allowed local users to obtain potentially
        sensitive information from kernel memory or possibly
        have unspecified other impact by accessing a sysctl
        entry (bsc#919018).
    
      - CVE-2015-2666: Fixed a flaw that allowed crafted
        microcode to overflow the kernel stack (bsc#922944).
    
      - CVE-2015-2830: Fixed int80 fork from 64-bit tasks
        mishandling (bsc#926240).
    
      - CVE-2015-2922: Fixed possible denial of service (DoS)
        attack against IPv6 network stacks due to improper
        handling of Router Advertisements (bsc#922583).
    
      - CVE-2015-3331: Fixed buffer overruns in RFC4106
        implementation using AESNI (bsc#927257).
    
      - CVE-2015-3332: Fixed TCP Fast Open local DoS
        (bsc#928135).
    
      - CVE-2015-3339: Fixed race condition flaw between the
        chown() and execve() system calls which could have lead
        to local privilege escalation (bsc#928130).
    
      - CVE-2015-3636: Fixed use-after-free in ping sockets
        which could have lead to local privilege escalation
        (bsc#929525).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=899192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=900881"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=909312"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=913232"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=914742"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=915540"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=916225"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=917125"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=919007"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=919018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=920262"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=921769"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=922583"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=922734"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=922944"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=924664"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=924803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=924809"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=925567"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=926156"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=926240"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=926314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=927084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=927115"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=927116"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=927257"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=927285"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=927308"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=927455"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=928122"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=928130"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=928135"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=928141"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=928708"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=929092"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=929145"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=929525"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=929883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=930224"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=930226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=930669"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=930786"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=931014"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=931130"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3647/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-8086/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-8159/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-1465/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2041/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2042/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2666/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2830/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2922/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3331/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3332/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3339/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3636/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20151071-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ea406797"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12 :
    
    zypper in -t patch SUSE-SLE-WE-12-2015-269=1
    
    SUSE Linux Enterprise Software Development Kit 12 :
    
    zypper in -t patch SUSE-SLE-SDK-12-2015-269=1
    
    SUSE Linux Enterprise Server 12 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-2015-269=1
    
    SUSE Linux Enterprise Module for Public Cloud 12 :
    
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-269=1
    
    SUSE Linux Enterprise Live Patching 12 :
    
    zypper in -t patch SUSE-SLE-Live-Patching-12-2015-269=1
    
    SUSE Linux Enterprise Desktop 12 :
    
    zypper in -t patch SUSE-SLE-DESKTOP-12-2015-269=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-base-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-devel-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"s390x", reference:"kernel-default-man-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-base-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-base-debuginfo-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-debuginfo-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-debugsource-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-devel-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-syms-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-default-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-default-debuginfo-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-default-debugsource-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-default-devel-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-default-extra-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-default-extra-debuginfo-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-syms-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-xen-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.43-52.6.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-xen-devel-3.12.43-52.6.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-141202.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application. (bnc#779488). (CVE-2012-4398) - drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839). (CVE-2013-2889) - The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839). (CVE-2013-2893) - Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839). (CVE-2013-2897) - drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. (bnc#835839). (CVE-2013-2899) - The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#853040, bnc#857643). (CVE-2013-7263) - Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. (bnc#896382). (CVE-2014-3181) - The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. (bnc#896390). (CVE-2014-3184) - Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. (bnc#896391). (CVE-2014-3185) - Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report. (bnc#896392). (CVE-2014-3186) - The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. (bnc#892782). (CVE-2014-3601) - The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. (bnc#899192). (CVE-2014-3610) - arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application. (bnc#899192). (CVE-2014-3646) - arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application. (bnc#899192). (CVE-2014-3647) - The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. (bnc#902346, bnc#902349). (CVE-2014-3673) - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724). (CVE-2014-4508) - * DISPUTED * Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says: The Linux kernel is not affected; media hype. (bnc#883948). (CVE-2014-4608) - kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. (bnc#904013). (CVE-2014-7826) - An SCTP server doing ASCONF would panic on malformed INIT ping-of-death. (bnc#905100). (CVE-2014-7841) - The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets. (bnc#904700). (CVE-2014-8709) - A local user with write access could have used this flaw to crash the kernel or elevate privileges (bnc#905522). The following non-security bugs have been fixed:. (CVE-2014-8884) - Build the KOTD against the SP3 Update project - HID: fix kabi breakage. - NFS: Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n. - NFS: fix inverted test for delegation in nfs4_reclaim_open_state. (bnc#903331) - NFS: remove incorrect Lock reclaim failed! warning. (bnc#903331) - NFSv4: nfs4_open_done first must check that GETATTR decoded a file type. (bnc#899574) - PCI: pciehp: Clear Data Link Layer State Changed during init. (bnc#898295) - PCI: pciehp: Enable link state change notifications. (bnc#898295) - PCI: pciehp: Handle push button event asynchronously. (bnc#898295) - PCI: pciehp: Make check_link_active() non-static. (bnc#898295) - PCI: pciehp: Use link change notifications for hot-plug and removal. (bnc#898295) - PCI: pciehp: Use per-slot workqueues to avoid deadlock. (bnc#898295) - PCI: pciehp: Use symbolic constants, not hard-coded bitmask. (bnc#898295) - PM / hibernate: Iterate over set bits instead of PFNs in swsusp_free(). (bnc#860441) - be2net: Fix invocation of be_close() after be_clear(). (bnc#895468) - block: Fix bogus partition statistics reports. (bnc#885077 / bnc#891211) - block: Fix computation of merged request priority. - btrfs: Fix wrong device size when we are resizing the device. - btrfs: Return right extent when fiemap gives unaligned offset and len. - btrfs: abtract out range locking in clone ioctl(). - btrfs: always choose work from prio_head first. - btrfs: balance delayed inode updates. - btrfs: cache extent states in defrag code path. - btrfs: check file extent type before anything else. (bnc#897694) - btrfs: clone, do not create invalid hole extent map. - btrfs: correctly determine if blocks are shared in btrfs_compare_trees. - btrfs: do not bug_on if we try to cow a free space cache inode. - btrfs: ensure btrfs_prev_leaf does not miss 1 item. - btrfs: ensure readers see new data after a clone operation. - btrfs: fill_holes: Fix slot number passed to hole_mergeable() call. - btrfs: filter invalid arg for btrfs resize. - btrfs: fix EINVAL checks in btrfs_clone. - btrfs: fix EIO on reading file after ioctl clone works on it. - btrfs: fix a crash of clone with inline extents split. - btrfs: fix crash of compressed writes. (bnc#898375) - btrfs: fix crash when starting transaction. - btrfs: fix deadlock with nested trans handles. - btrfs: fix hang on error (such as ENOSPC) when writing extent pages. - btrfs: fix leaf corruption after __btrfs_drop_extents. - btrfs: fix race between balance recovery and root deletion. - btrfs: fix wrong extent mapping for DirectIO. - btrfs: handle a missing extent for the first file extent. - btrfs: limit delalloc pages outside of find_delalloc_range. (bnc#898375) - btrfs: read lock extent buffer while walking backrefs. - btrfs: remove unused wait queue in struct extent_buffer. - btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX. - btrfs: replace error code from btrfs_drop_extents. - btrfs: unlock extent and pages on error in cow_file_range. - btrfs: unlock inodes in correct order in clone ioctl. - btrfs_ioctl_clone: Move clone code into its own function. - cifs: delay super block destruction until all cifsFileInfo objects are gone. (bnc#903653) - drm/i915: Flush the PTEs after updating them before suspend. (bnc#901638) - drm/i915: Undo gtt scratch pte unmapping again. (bnc#901638) - ext3: return 32/64-bit dir name hash according to usage type. (bnc#898554) - ext4: return 32/64-bit dir name hash according to usage type. (bnc#898554) - fix: use after free of xfs workqueues. (bnc#894895) - fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash. (bnc#898554) - futex: Ensure get_futex_key_refs() always implies a barrier (bnc#851603 (futex scalability series)). - futex: Fix a race condition between REQUEUE_PI and task death (bnc#851603 (futex scalability series)). - ipv6: add support of peer address. (bnc#896415) - ipv6: fix a refcnt leak with peer addr. (bnc#896415) - megaraid_sas: Disable fastpath writes for non-RAID0. (bnc#897502) - mm: change __remove_pages() to call release_mem_region_adjustable(). (bnc#891790) - netxen: Fix link event handling. (bnc#873228) - netxen: fix link notification order. (bnc#873228) - nfsd: rename int access to int may_flags in nfsd_open(). (bnc#898554) - nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes). (bnc#898554) - ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page. (bnc#899843) - powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758). - powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758). - powerpc: Add support for the optimised lockref implementation (bsc#893758). - powerpc: Implement arch_spin_is_locked() using arch_spin_value_unlocked() (bsc#893758). - refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)). - remove filesize checks for sync I/O journal commit. (bnc#800255) - resource: add __adjust_resource() for internal use. (bnc#891790) - resource: add release_mem_region_adjustable(). (bnc#891790) - revert PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free(). (bnc#860441) - rpm/mkspec: Generate specfiles according to Factory requirements. - rpm/mkspec: Generate a per-architecture per-package _constraints file - sched: Fix unreleased llc_shared_mask bit during CPU hotplug. (bnc#891368) - scsi_dh_alua: disable ALUA handling for non-disk devices. (bnc#876633) - usb: Do not re-read descriptors for wired devices in usb_authorize_device(). (bnc#904358) - usbback: Do not access request fields in shared ring more than once. - usbhid: add another mouse that needs QUIRK_ALWAYS_POLL. (bnc#888607) - vfs,proc: guarantee unique inodes in /proc. (bnc#868049) - x86, cpu hotplug: Fix stack frame warning incheck_irq_vectors_for_cpu_disable(). (bnc#887418) - x86, ioremap: Speed up check for RAM pages (Boot time optimisations (bnc#895387)). - x86: Add check for number of available vectors before CPU down. (bnc#887418) - x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)). - x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). - xfs: Do not free EFIs before the EFDs are committed (bsc#755743). - xfs: Do not reference the EFI after it is freed (bsc#755743). - xfs: fix cil push sequence after log recovery (bsc#755743). - zcrypt: support for extended number of ap domains (bnc#894058, LTC#117041). - zcrypt: toleration of new crypto adapter hardware (bnc#894058, LTC#117041).
    last seen2020-06-05
    modified2014-12-26
    plugin id80249
    published2014-12-26
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80249
    titleSuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 10037 / 10040)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80249);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-4398", "CVE-2013-2889", "CVE-2013-2893", "CVE-2013-2897", "CVE-2013-2899", "CVE-2013-7263", "CVE-2014-3181", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3186", "CVE-2014-3601", "CVE-2014-3610", "CVE-2014-3646", "CVE-2014-3647", "CVE-2014-3673", "CVE-2014-4508", "CVE-2014-4608", "CVE-2014-7826", "CVE-2014-7841", "CVE-2014-8709", "CVE-2014-8884");
    
      script_name(english:"SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 10037 / 10040)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to
    fix various bugs and security issues.
    
    The following security bugs have been fixed :
    
      - The __request_module function in kernel/kmod.c in the
        Linux kernel before 3.4 did not set a certain killable
        attribute, which allowed local users to cause a denial
        of service (memory consumption) via a crafted
        application. (bnc#779488). (CVE-2012-4398)
    
      - drivers/hid/hid-zpff.c in the Human Interface Device
        (HID) subsystem in the Linux kernel through 3.11, when
        CONFIG_HID_ZEROPLUS is enabled, allowed physically
        proximate attackers to cause a denial of service
        (heap-based out-of-bounds write) via a crafted device.
        (bnc#835839). (CVE-2013-2889)
    
      - The Human Interface Device (HID) subsystem in the Linux
        kernel through 3.11, when CONFIG_LOGITECH_FF,
        CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled,
        allowed physically proximate attackers to cause a denial
        of service (heap-based out-of-bounds write) via a
        crafted device, related to (1) drivers/hid/hid-lgff.c,
        (2) drivers/hid/hid-lg3ff.c, and (3)
        drivers/hid/hid-lg4ff.c. (bnc#835839). (CVE-2013-2893)
    
      - Multiple array index errors in
        drivers/hid/hid-multitouch.c in the Human Interface
        Device (HID) subsystem in the Linux kernel through 3.11,
        when CONFIG_HID_MULTITOUCH is enabled, allowed
        physically proximate attackers to cause a denial of
        service (heap memory corruption, or NULL pointer
        dereference and OOPS) via a crafted device.
        (bnc#835839). (CVE-2013-2897)
    
      - drivers/hid/hid-picolcd_core.c in the Human Interface
        Device (HID) subsystem in the Linux kernel through 3.11,
        when CONFIG_HID_PICOLCD is enabled, allowed physically
        proximate attackers to cause a denial of service (NULL
        pointer dereference and OOPS) via a crafted device.
        (bnc#835839). (CVE-2013-2899)
    
      - The Linux kernel before 3.12.4 updates certain length
        values before ensuring that associated data structures
        have been initialized, which allowed local users to
        obtain sensitive information from kernel stack memory
        via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system
        call, related to net/ipv4/ping.c, net/ipv4/raw.c,
        net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.
        (bnc#853040, bnc#857643). (CVE-2013-7263)
    
      - Multiple stack-based buffer overflows in the
        magicmouse_raw_event function in
        drivers/hid/hid-magicmouse.c in the Magic Mouse HID
        driver in the Linux kernel through 3.16.3 allowed
        physically proximate attackers to cause a denial of
        service (system crash) or possibly execute arbitrary
        code via a crafted device that provides a large amount
        of (1) EHCI or (2) XHCI data associated with an event.
        (bnc#896382). (CVE-2014-3181)
    
      - The report_fixup functions in the HID subsystem in the
        Linux kernel before 3.16.2 allowed physically proximate
        attackers to cause a denial of service (out-of-bounds
        write) via a crafted device that provides a small report
        descriptor, related to (1) drivers/hid/hid-cherry.c, (2)
        drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4)
        drivers/hid/hid-monterey.c, (5)
        drivers/hid/hid-petalynx.c, and (6)
        drivers/hid/hid-sunplus.c. (bnc#896390). (CVE-2014-3184)
    
      - Multiple buffer overflows in the
        command_port_read_callback function in
        drivers/usb/serial/whiteheat.c in the Whiteheat USB
        Serial Driver in the Linux kernel before 3.16.2 allowed
        physically proximate attackers to execute arbitrary code
        or cause a denial of service (memory corruption and
        system crash) via a crafted device that provides a large
        amount of (1) EHCI or (2) XHCI data associated with a
        bulk response. (bnc#896391). (CVE-2014-3185)
    
      - Buffer overflow in the picolcd_raw_event function in
        devices/hid/hid-picolcd_core.c in the PicoLCD HID device
        driver in the Linux kernel through 3.16.3, as used in
        Android on Nexus 7 devices, allowed physically proximate
        attackers to cause a denial of service (system crash) or
        possibly execute arbitrary code via a crafted device
        that sends a large report. (bnc#896392). (CVE-2014-3186)
    
      - The kvm_iommu_map_pages function in virt/kvm/iommu.c in
        the Linux kernel through 3.16.1 miscalculated the number
        of pages during the handling of a mapping failure, which
        allowed guest OS users to (1) cause a denial of service
        (host OS memory corruption) or possibly have unspecified
        other impact by triggering a large gfn value or (2)
        cause a denial of service (host OS memory consumption)
        by triggering a small gfn value that leads to
        permanently pinned pages. (bnc#892782). (CVE-2014-3601)
    
      - The WRMSR processing functionality in the KVM subsystem
        in the Linux kernel through 3.17.2 did not properly
        handle the writing of a non-canonical address to a
        model-specific register, which allowed guest OS users to
        cause a denial of service (host OS crash) by leveraging
        guest OS privileges, related to the wrmsr_interception
        function in arch/x86/kvm/svm.c and the handle_wrmsr
        function in arch/x86/kvm/vmx.c. (bnc#899192).
        (CVE-2014-3610)
    
      - arch/x86/kvm/vmx.c in the KVM subsystem in the Linux
        kernel through 3.17.2 did not have an exit handler for
        the INVVPID instruction, which allowed guest OS users to
        cause a denial of service (guest OS crash) via a crafted
        application. (bnc#899192). (CVE-2014-3646)
    
      - arch/x86/kvm/emulate.c in the KVM subsystem in the Linux
        kernel through 3.17.2 did not properly perform RIP
        changes, which allowed guest OS users to cause a denial
        of service (guest OS crash) via a crafted application.
        (bnc#899192). (CVE-2014-3647)
    
      - The SCTP implementation in the Linux kernel through
        3.17.2 allowed remote attackers to cause a denial of
        service (system crash) via a malformed ASCONF chunk,
        related to net/sctp/sm_make_chunk.c and
        net/sctp/sm_statefuns.c. (bnc#902346, bnc#902349).
        (CVE-2014-3673)
    
      - arch/x86/kernel/entry_32.S in the Linux kernel through
        3.15.1 on 32-bit x86 platforms, when syscall auditing is
        enabled and the sep CPU feature flag is set, allowed
        local users to cause a denial of service (OOPS and
        system crash) via an invalid syscall number, as
        demonstrated by number 1000. (bnc#883724).
        (CVE-2014-4508)
    
      - * DISPUTED * Multiple integer overflows in the
        lzo1x_decompress_safe function in
        lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor
        in the Linux kernel before 3.15.2 allowed
        context-dependent attackers to cause a denial of service
        (memory corruption) via a crafted Literal Run. NOTE: the
        author of the LZO algorithms says: The Linux kernel is
        not affected; media hype. (bnc#883948). (CVE-2014-4608)
    
      - kernel/trace/trace_syscalls.c in the Linux kernel
        through 3.17.2 did not properly handle private syscall
        numbers during use of the ftrace subsystem, which
        allowed local users to gain privileges or cause a denial
        of service (invalid pointer dereference) via a crafted
        application. (bnc#904013). (CVE-2014-7826)
    
      - An SCTP server doing ASCONF would panic on malformed
        INIT ping-of-death. (bnc#905100). (CVE-2014-7841)
    
      - The ieee80211_fragment function in net/mac80211/tx.c in
        the Linux kernel before 3.13.5 did not properly maintain
        a certain tail pointer, which allowed remote attackers
        to obtain sensitive cleartext information by reading
        packets. (bnc#904700). (CVE-2014-8709)
    
      - A local user with write access could have used this flaw
        to crash the kernel or elevate privileges (bnc#905522).
        The following non-security bugs have been fixed:.
        (CVE-2014-8884)
    
      - Build the KOTD against the SP3 Update project
    
      - HID: fix kabi breakage.
    
      - NFS: Provide stub nfs_fscache_wait_on_invalidate() for
        when CONFIG_NFS_FSCACHE=n.
    
      - NFS: fix inverted test for delegation in
        nfs4_reclaim_open_state. (bnc#903331)
    
      - NFS: remove incorrect Lock reclaim failed! warning.
        (bnc#903331)
    
      - NFSv4: nfs4_open_done first must check that GETATTR
        decoded a file type. (bnc#899574)
    
      - PCI: pciehp: Clear Data Link Layer State Changed during
        init. (bnc#898295)
    
      - PCI: pciehp: Enable link state change notifications.
        (bnc#898295)
    
      - PCI: pciehp: Handle push button event asynchronously.
        (bnc#898295)
    
      - PCI: pciehp: Make check_link_active() non-static.
        (bnc#898295)
    
      - PCI: pciehp: Use link change notifications for hot-plug
        and removal. (bnc#898295)
    
      - PCI: pciehp: Use per-slot workqueues to avoid deadlock.
        (bnc#898295)
    
      - PCI: pciehp: Use symbolic constants, not hard-coded
        bitmask. (bnc#898295)
    
      - PM / hibernate: Iterate over set bits instead of PFNs in
        swsusp_free(). (bnc#860441)
    
      - be2net: Fix invocation of be_close() after be_clear().
        (bnc#895468)
    
      - block: Fix bogus partition statistics reports.
        (bnc#885077 / bnc#891211)
    
      - block: Fix computation of merged request priority.
    
      - btrfs: Fix wrong device size when we are resizing the
        device.
    
      - btrfs: Return right extent when fiemap gives unaligned
        offset and len.
    
      - btrfs: abtract out range locking in clone ioctl().
    
      - btrfs: always choose work from prio_head first.
    
      - btrfs: balance delayed inode updates.
    
      - btrfs: cache extent states in defrag code path.
    
      - btrfs: check file extent type before anything else.
        (bnc#897694)
    
      - btrfs: clone, do not create invalid hole extent map.
    
      - btrfs: correctly determine if blocks are shared in
        btrfs_compare_trees.
    
      - btrfs: do not bug_on if we try to cow a free space cache
        inode.
    
      - btrfs: ensure btrfs_prev_leaf does not miss 1 item.
    
      - btrfs: ensure readers see new data after a clone
        operation.
    
      - btrfs: fill_holes: Fix slot number passed to
        hole_mergeable() call.
    
      - btrfs: filter invalid arg for btrfs resize.
    
      - btrfs: fix EINVAL checks in btrfs_clone.
    
      - btrfs: fix EIO on reading file after ioctl clone works
        on it.
    
      - btrfs: fix a crash of clone with inline extents split.
    
      - btrfs: fix crash of compressed writes. (bnc#898375)
    
      - btrfs: fix crash when starting transaction.
    
      - btrfs: fix deadlock with nested trans handles.
    
      - btrfs: fix hang on error (such as ENOSPC) when writing
        extent pages.
    
      - btrfs: fix leaf corruption after __btrfs_drop_extents.
    
      - btrfs: fix race between balance recovery and root
        deletion.
    
      - btrfs: fix wrong extent mapping for DirectIO.
    
      - btrfs: handle a missing extent for the first file
        extent.
    
      - btrfs: limit delalloc pages outside of
        find_delalloc_range. (bnc#898375)
    
      - btrfs: read lock extent buffer while walking backrefs.
    
      - btrfs: remove unused wait queue in struct extent_buffer.
    
      - btrfs: replace EINVAL with ERANGE for resize when
        ULLONG_MAX.
    
      - btrfs: replace error code from btrfs_drop_extents.
    
      - btrfs: unlock extent and pages on error in
        cow_file_range.
    
      - btrfs: unlock inodes in correct order in clone ioctl.
    
      - btrfs_ioctl_clone: Move clone code into its own
        function.
    
      - cifs: delay super block destruction until all
        cifsFileInfo objects are gone. (bnc#903653)
    
      - drm/i915: Flush the PTEs after updating them before
        suspend. (bnc#901638)
    
      - drm/i915: Undo gtt scratch pte unmapping again.
        (bnc#901638)
    
      - ext3: return 32/64-bit dir name hash according to usage
        type. (bnc#898554)
    
      - ext4: return 32/64-bit dir name hash according to usage
        type. (bnc#898554)
    
      - fix: use after free of xfs workqueues. (bnc#894895)
    
      - fs: add new FMODE flags: FMODE_32bithash and
        FMODE_64bithash. (bnc#898554)
    
      - futex: Ensure get_futex_key_refs() always implies a
        barrier (bnc#851603 (futex scalability series)).
    
      - futex: Fix a race condition between REQUEUE_PI and task
        death (bnc#851603 (futex scalability series)).
    
      - ipv6: add support of peer address. (bnc#896415)
    
      - ipv6: fix a refcnt leak with peer addr. (bnc#896415)
    
      - megaraid_sas: Disable fastpath writes for non-RAID0.
        (bnc#897502)
    
      - mm: change __remove_pages() to call
        release_mem_region_adjustable(). (bnc#891790)
    
      - netxen: Fix link event handling. (bnc#873228)
    
      - netxen: fix link notification order. (bnc#873228)
    
      - nfsd: rename int access to int may_flags in nfsd_open().
        (bnc#898554)
    
      - nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes).
        (bnc#898554)
    
      - ocfs2: fix NULL pointer dereference in
        ocfs2_duplicate_clusters_by_page. (bnc#899843)
    
      - powerpc: Add smp_mb() to arch_spin_is_locked()
        (bsc#893758).
    
      - powerpc: Add smp_mb()s to arch_spin_unlock_wait()
        (bsc#893758).
    
      - powerpc: Add support for the optimised lockref
        implementation (bsc#893758).
    
      - powerpc: Implement arch_spin_is_locked() using
        arch_spin_value_unlocked() (bsc#893758).
    
      - refresh patches.xen/xen-blkback-multi-page-ring
        (bnc#897708)).
    
      - remove filesize checks for sync I/O journal commit.
        (bnc#800255)
    
      - resource: add __adjust_resource() for internal use.
        (bnc#891790)
    
      - resource: add release_mem_region_adjustable().
        (bnc#891790)
    
      - revert PM / Hibernate: Iterate over set bits instead of
        PFNs in swsusp_free(). (bnc#860441)
    
      - rpm/mkspec: Generate specfiles according to Factory
        requirements.
    
      - rpm/mkspec: Generate a per-architecture per-package
        _constraints file
    
      - sched: Fix unreleased llc_shared_mask bit during CPU
        hotplug. (bnc#891368)
    
      - scsi_dh_alua: disable ALUA handling for non-disk
        devices. (bnc#876633)
    
      - usb: Do not re-read descriptors for wired devices in
        usb_authorize_device(). (bnc#904358)
    
      - usbback: Do not access request fields in shared ring
        more than once.
    
      - usbhid: add another mouse that needs QUIRK_ALWAYS_POLL.
        (bnc#888607)
    
      - vfs,proc: guarantee unique inodes in /proc. (bnc#868049)
    
      - x86, cpu hotplug: Fix stack frame warning
        incheck_irq_vectors_for_cpu_disable(). (bnc#887418)
    
      - x86, ioremap: Speed up check for RAM pages (Boot time
        optimisations (bnc#895387)).
    
      - x86: Add check for number of available vectors before
        CPU down. (bnc#887418)
    
      - x86: optimize resource lookups for ioremap (Boot time
        optimisations (bnc#895387)).
    
      - x86: use optimized ioresource lookup in ioremap function
        (Boot time optimisations (bnc#895387)).
    
      - xfs: Do not free EFIs before the EFDs are committed
        (bsc#755743).
    
      - xfs: Do not reference the EFI after it is freed
        (bsc#755743).
    
      - xfs: fix cil push sequence after log recovery
        (bsc#755743).
    
      - zcrypt: support for extended number of ap domains
        (bnc#894058, LTC#117041).
    
      - zcrypt: toleration of new crypto adapter hardware
        (bnc#894058, LTC#117041)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=755743"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=779488"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=800255"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=835839"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=851603"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=853040"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=857643"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=860441"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=868049"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=873228"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=876633"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=883724"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=883948"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=885077"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=887418"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=888607"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=891211"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=891368"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=891790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=892782"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=893758"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=894058"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=894895"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=895387"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=895468"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=896382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=896390"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=896391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=896392"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=896415"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=897502"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=897694"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=897708"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=898295"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=898375"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=898554"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=899192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=899574"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=899843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=901638"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=902346"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=902349"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=903331"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=903653"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=904013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=904358"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=904700"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=905100"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=905522"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4398.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2889.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2893.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2897.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2899.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-7263.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3181.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3184.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3185.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3186.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3601.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3610.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3646.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3647.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3673.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-4508.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-4608.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-7826.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-7841.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-8709.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-8884.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Apply SAT patch number 10037 / 10040 as appropriate."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/12/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-extra-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-extra-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-source-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-syms-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-extra-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.5_02_3.0.101_0.42-0.7.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.5_02_3.0.101_0.42-0.7.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-default-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-default-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-default-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-source-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-syms-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-trace-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-trace-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.5_02_3.0.101_0.42-0.7.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.5_02_3.0.101_0.42-0.7.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-devel-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-man-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-source-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-syms-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-trace-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-trace-base-3.0.101-0.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-trace-devel-3.0.101-0.42.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-2152.NASL
    descriptionFrom Red Hat Security Advisory 2015:2152 : Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id87090
    published2015-11-30
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87090
    titleOracle Linux 7 : kernel (ELSA-2015-2152)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2015:2152 and 
    # Oracle Linux Security Advisory ELSA-2015-2152 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87090);
      script_version("2.27");
      script_cvs_date("Date: 2019/09/27 13:00:36");
    
      script_cve_id("CVE-2010-5313", "CVE-2013-7421", "CVE-2014-3647", "CVE-2014-7842", "CVE-2014-8171", "CVE-2014-9419", "CVE-2014-9644", "CVE-2015-0239", "CVE-2015-2925", "CVE-2015-3288", "CVE-2015-3339", "CVE-2015-4170", "CVE-2015-5283", "CVE-2015-6526", "CVE-2015-7553", "CVE-2015-7613", "CVE-2015-7837", "CVE-2015-8215", "CVE-2016-0774");
      script_xref(name:"RHSA", value:"2015:2152");
    
      script_name(english:"Oracle Linux 7 : kernel (ELSA-2015-2152)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2015:2152 :
    
    Updated kernel packages that fix multiple security issues, address
    several hundred bugs, and add numerous enhancements are now available
    as part of the ongoing support and maintenance of Red Hat Enterprise
    Linux version 7. This is the second regular update.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * A flaw was found in the way the Linux kernel's file system
    implementation handled rename operations in which the source was
    inside and the destination was outside of a bind mount. A privileged
    user inside a container could use this flaw to escape the bind mount
    and, potentially, escalate their privileges on the system.
    (CVE-2015-2925, Important)
    
    * A race condition flaw was found in the way the Linux kernel's IPC
    subsystem initialized certain fields in an IPC object structure that
    were later used for permission checking before inserting the object
    into a globally visible list. A local, unprivileged user could
    potentially use this flaw to elevate their privileges on the system.
    (CVE-2015-7613, Important)
    
    * It was found that reporting emulation failures to user space could
    lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313)
    denial of service. In the case of a local denial of service, an
    attacker must have access to the MMIO area or be able to access an I/O
    port. (CVE-2010-5313, CVE-2014-7842, Moderate)
    
    * A flaw was found in the way the Linux kernel's KVM subsystem handled
    non-canonical addresses when emulating instructions that change the
    RIP (for example, branches or calls). A guest user with access to an
    I/O or MMIO region could use this flaw to crash the guest.
    (CVE-2014-3647, Moderate)
    
    * It was found that the Linux kernel memory resource controller's
    (memcg) handling of OOM (out of memory) conditions could lead to
    deadlocks. An attacker could use this flaw to lock up the system.
    (CVE-2014-8171, Moderate)
    
    * A race condition flaw was found between the chown and execve system
    calls. A local, unprivileged user could potentially use this flaw to
    escalate their privileges on the system. (CVE-2015-3339, Moderate)
    
    * A flaw was discovered in the way the Linux kernel's TTY subsystem
    handled the tty shutdown phase. A local, unprivileged user could use
    this flaw to cause a denial of service on the system. (CVE-2015-4170,
    Moderate)
    
    * A NULL pointer dereference flaw was found in the SCTP
    implementation. A local user could use this flaw to cause a denial of
    service on the system by triggering a kernel panic when creating
    multiple sockets in parallel while the system did not have the SCTP
    module loaded. (CVE-2015-5283, Moderate)
    
    * A flaw was found in the way the Linux kernel's perf subsystem
    retrieved userlevel stack traces on PowerPC systems. A local,
    unprivileged user could use this flaw to cause a denial of service on
    the system. (CVE-2015-6526, Moderate)
    
    * A flaw was found in the way the Linux kernel's Crypto subsystem
    handled automatic loading of kernel modules. A local user could use
    this flaw to load any installed kernel module, and thus increase the
    attack surface of the running kernel. (CVE-2013-7421, CVE-2014-9644,
    Low)
    
    * An information leak flaw was found in the way the Linux kernel
    changed certain segment registers and thread-local storage (TLS)
    during a context switch. A local, unprivileged user could use this
    flaw to leak the user space TLS base address of an arbitrary process.
    (CVE-2014-9419, Low)
    
    * It was found that the Linux kernel KVM subsystem's sysenter
    instruction emulation was not sufficient. An unprivileged guest user
    could use this flaw to escalate their privileges by tricking the
    hypervisor to emulate a SYSENTER instruction in 16-bit mode, if the
    guest OS did not initialize the SYSENTER model-specific registers
    (MSRs). Note: Certified guest operating systems for Red Hat Enterprise
    Linux with KVM do initialize the SYSENTER MSRs and are thus not
    vulnerable to this issue when running on a KVM hypervisor.
    (CVE-2015-0239, Low)
    
    * A flaw was found in the way the Linux kernel handled the securelevel
    functionality after performing a kexec operation. A local attacker
    could use this flaw to bypass the security mechanism of the
    securelevel/secureboot combination. (CVE-2015-7837, Low)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2015-November/005581.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/11/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2010-5313", "CVE-2013-7421", "CVE-2014-3647", "CVE-2014-7842", "CVE-2014-8171", "CVE-2014-9419", "CVE-2014-9644", "CVE-2015-0239", "CVE-2015-2925", "CVE-2015-3288", "CVE-2015-3339", "CVE-2015-4170", "CVE-2015-5283", "CVE-2015-6526", "CVE-2015-7553", "CVE-2015-7613", "CVE-2015-7837", "CVE-2015-8215", "CVE-2016-0774");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2015-2152");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "3.10";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL7", rpm:"kernel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-abi-whitelists-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-debug-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-debug-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-doc-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-doc-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-headers-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-327.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-327.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"perf-3.10.0-327.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"python-perf-3.10.0-327.el7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL13145361.NASL
    descriptionarch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.(CVE-2014-3647)
    last seen2020-06-01
    modified2020-06-02
    plugin id88430
    published2016-01-28
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88430
    titleF5 Networks BIG-IP : Linux kernel KVM subsystem vulnerability (K13145361)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from F5 Networks BIG-IP Solution K13145361.
    #
    # The text description of this plugin is (C) F5 Networks.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(88430);
      script_version("1.9");
      script_cvs_date("Date: 2019/01/04 10:03:40");
    
      script_cve_id("CVE-2014-3647");
      script_bugtraq_id(70748);
    
      script_name(english:"F5 Networks BIG-IP : Linux kernel KVM subsystem vulnerability (K13145361)");
      script_summary(english:"Checks the BIG-IP version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote device is missing a vendor-supplied security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel
    through 3.17.2 does not properly perform RIP changes, which allows
    guest OS users to cause a denial of service (guest OS crash) via a
    crafted application.(CVE-2014-3647)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://support.f5.com/csp/article/K13145361"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade to one of the non-vulnerable versions listed in the F5
    Solution K13145361."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/01/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"F5 Networks Local Security Checks");
    
      script_dependencies("f5_bigip_detect.nbin");
      script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
    
      exit(0);
    }
    
    
    include("f5_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    version = get_kb_item("Host/BIG-IP/version");
    if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
    if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
    if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
    
    sol = "K13145361";
    vmatrix = make_array();
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    # AFM
    vmatrix["AFM"] = make_array();
    vmatrix["AFM"]["affected"  ] = make_list("12.0.0-12.1.2","11.3.0-11.6.1");
    vmatrix["AFM"]["unaffected"] = make_list("13.0.0");
    
    # AM
    vmatrix["AM"] = make_array();
    vmatrix["AM"]["affected"  ] = make_list("12.0.0-12.1.2","11.4.0-11.6.1");
    vmatrix["AM"]["unaffected"] = make_list("13.0.0");
    
    # APM
    vmatrix["APM"] = make_array();
    vmatrix["APM"]["affected"  ] = make_list("12.0.0-12.1.2","11.0.0-11.6.1");
    vmatrix["APM"]["unaffected"] = make_list("13.0.0","10.1.0-10.2.4");
    
    # ASM
    vmatrix["ASM"] = make_array();
    vmatrix["ASM"]["affected"  ] = make_list("12.0.0-12.1.2","11.0.0-11.6.1");
    vmatrix["ASM"]["unaffected"] = make_list("13.0.0","10.1.0-10.2.4");
    
    # AVR
    vmatrix["AVR"] = make_array();
    vmatrix["AVR"]["affected"  ] = make_list("12.0.0-12.1.2","11.0.0-11.6.1");
    vmatrix["AVR"]["unaffected"] = make_list("13.0.0");
    
    # GTM
    vmatrix["GTM"] = make_array();
    vmatrix["GTM"]["affected"  ] = make_list("11.0.0-11.6.1");
    vmatrix["GTM"]["unaffected"] = make_list("10.1.0-10.2.4");
    
    # LC
    vmatrix["LC"] = make_array();
    vmatrix["LC"]["affected"  ] = make_list("12.0.0-12.1.2","11.0.0-11.6.1");
    vmatrix["LC"]["unaffected"] = make_list("13.0.0","10.1.0-10.2.4");
    
    # LTM
    vmatrix["LTM"] = make_array();
    vmatrix["LTM"]["affected"  ] = make_list("12.0.0-12.1.2","11.0.0-11.6.1");
    vmatrix["LTM"]["unaffected"] = make_list("13.0.0","10.1.0-10.2.4");
    
    # PEM
    vmatrix["PEM"] = make_array();
    vmatrix["PEM"]["affected"  ] = make_list("12.0.0-12.1.2","11.3.0-11.6.1");
    vmatrix["PEM"]["unaffected"] = make_list("13.0.0");
    
    # PSM
    vmatrix["PSM"] = make_array();
    vmatrix["PSM"]["affected"  ] = make_list("11.0.0-11.4.1");
    vmatrix["PSM"]["unaffected"] = make_list("10.1.0-10.2.4");
    
    # WAM
    vmatrix["WAM"] = make_array();
    vmatrix["WAM"]["affected"  ] = make_list("11.0.0-11.3.0");
    vmatrix["WAM"]["unaffected"] = make_list("10.1.0-10.2.4");
    
    # WOM
    vmatrix["WOM"] = make_array();
    vmatrix["WOM"]["affected"  ] = make_list("11.0.0-11.3.0");
    vmatrix["WOM"]["unaffected"] = make_list("10.1.0-10.2.4");
    
    
    if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
    {
      if (report_verbosity > 0) security_note(port:0, extra:bigip_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = bigip_get_tested_modules();
      audit_extra = "For BIG-IP module(s) " + tested + ",";
      if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
      else audit(AUDIT_HOST_NOT, "running any of the affected modules");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2417-1.NASL
    descriptionNadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) A flaw was discovered with invept instruction support when using nested EPT in the KVM (Kernel Virtual Machine). An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3645) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673) A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687) It was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688) A flaw was discovered in how the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79433
    published2014-11-25
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79433
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-2417-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2417-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79433);
      script_version("1.15");
      script_cvs_date("Date: 2019/09/19 12:54:30");
    
      script_cve_id("CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-3647", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-3690", "CVE-2014-4608", "CVE-2014-7207", "CVE-2014-7975");
      script_bugtraq_id(68214, 70314, 70691, 70742, 70743, 70745, 70746, 70748, 70766, 70867, 70883);
      script_xref(name:"USN", value:"2417-1");
    
      script_name(english:"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2417-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles
    noncanonical addresses when emulating instructions that change the rip
    (Instruction Pointer). A guest user with access to I/O or the MMIO can
    use this flaw to cause a denial of service (system crash) of the
    guest. (CVE-2014-3647)
    
    A flaw was discovered with the handling of the invept instruction in
    the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An
    unprivileged guest user could exploit this flaw to cause a denial of
    service (system crash) on the guest. (CVE-2014-3646)
    
    A flaw was discovered with invept instruction support when using
    nested EPT in the KVM (Kernel Virtual Machine). An unprivileged guest
    user could exploit this flaw to cause a denial of service (system
    crash) on the guest. (CVE-2014-3645)
    
    Lars Bull reported a race condition in the PIT (programmable interrupt
    timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the
    Linux kernel. A local guest user with access to PIT i/o ports could
    exploit this flaw to cause a denial of service (crash) on the host.
    (CVE-2014-3611)
    
    Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel
    Virtual Machine) handles noncanonical writes to certain MSR registers.
    A privileged guest user can exploit this flaw to cause a denial of
    service (kernel panic) on the host. (CVE-2014-3610)
    
    A flaw in the handling of malformed ASCONF chunks by SCTP (Stream
    Control Transmission Protocol) implementation in the Linux kernel was
    discovered. A remote attacker could exploit this flaw to cause a
    denial of service (system crash). (CVE-2014-3673)
    
    A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream
    Control Transmission Protocol) implementation in the Linux kernel was
    discovered. A remote attacker could exploit this flaw to cause a
    denial of service (panic). (CVE-2014-3687)
    
    It was discovered that excessive queuing by SCTP (Stream Control
    Transmission Protocol) implementation in the Linux kernel can cause
    memory pressure. A remote attacker could exploit this flaw to cause a
    denial of service. (CVE-2014-3688)
    
    A flaw was discovered in how the Linux kernel's KVM (Kernel Virtual
    Machine) subsystem handles the CR4 control register at VM entry on
    Intel processors. A local host OS user can exploit this to cause a
    denial of service (kill arbitrary processes, or system disruption) by
    leveraging /dev/kvm access. (CVE-2014-3690)
    
    Don Bailey discovered a flaw in the LZO decompress algorithm used by
    the Linux kernel. An attacker could exploit this flaw to cause a
    denial of service (memory corruption or OOPS). (CVE-2014-4608)
    
    It was discovered the Linux kernel's implementation of IPv6 did not
    properly validate arguments in the ipv6_select_ident function. A local
    user could exploit this flaw to cause a denial of service (system
    crash) by leveraging tun or macvtap device access. (CVE-2014-7207)
    
    Andy Lutomirski discovered that the Linux kernel was not checking the
    CAP_SYS_ADMIN when remounting filesystems to read-only. A local user
    could exploit this flaw to cause a denial of service (loss of
    writability). (CVE-2014-7975).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2417-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-3647", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-3690", "CVE-2014-4608", "CVE-2014-7207", "CVE-2014-7975");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2417-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-72-generic", pkgver:"3.2.0-72.107")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-72-generic-pae", pkgver:"3.2.0-72.107")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-72-highbank", pkgver:"3.2.0-72.107")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-72-virtual", pkgver:"3.2.0-72.107")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.2-generic / linux-image-3.2-generic-pae / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1520.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.(CVE-2015-4036i1/4%0 - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.(CVE-2016-4485i1/4%0 - The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7269i1/4%0 - The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.(CVE-2016-3136i1/4%0 - An out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel
    last seen2020-03-19
    modified2019-05-14
    plugin id124973
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124973
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1520)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124973);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2013-7269",
        "CVE-2014-2309",
        "CVE-2014-3647",
        "CVE-2014-7826",
        "CVE-2015-2922",
        "CVE-2015-4036",
        "CVE-2015-7550",
        "CVE-2016-3136",
        "CVE-2016-4482",
        "CVE-2016-4485",
        "CVE-2016-8630",
        "CVE-2016-8646",
        "CVE-2017-18221",
        "CVE-2017-18261",
        "CVE-2017-7294",
        "CVE-2018-10881",
        "CVE-2018-1120",
        "CVE-2018-13099",
        "CVE-2018-14612",
        "CVE-2018-20784"
      );
      script_bugtraq_id(
        64742,
        66095,
        70748,
        70971,
        74315,
        74664
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1520)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - Array index error in the tcm_vhost_make_tpg function in
        drivers/vhost/scsi.c in the Linux kernel before 4.0
        might allow guest OS users to cause a denial of service
        (memory corruption) or possibly have unspecified other
        impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl
        call. NOTE: the affected function was renamed to
        vhost_scsi_make_tpg before the vulnerability was
        announced.(CVE-2015-4036i1/4%0
    
      - The llc_cmsg_rcv function in net/llc/af_llc.c in the
        Linux kernel before 4.5.5 does not initialize a certain
        data structure, which allows attackers to obtain
        sensitive information from kernel stack memory by
        reading a message.(CVE-2016-4485i1/4%0
    
      - The nr_recvmsg function in net/netrom/af_netrom.c in
        the Linux kernel before 3.12.4 updates a certain length
        value without ensuring that an associated data
        structure has been initialized, which allows local
        users to obtain sensitive information from kernel
        memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg
        system call.(CVE-2013-7269i1/4%0
    
      - The mct_u232_msr_to_state function in
        drivers/usb/serial/mct_u232.c in the Linux kernel
        before 4.5.1 allows physically proximate attackers to
        cause a denial of service (NULL pointer dereference and
        system crash) via a crafted USB device without two
        interrupt-in endpoint descriptors.(CVE-2016-3136i1/4%0
    
      - An out-of-bounds memory access flaw, CVE-2014-7825, was
        found in the syscall tracing functionality of the Linux
        kernel's perf subsystem. A local, unprivileged user
        could use this flaw to crash the system. Additionally,
        an out-of-bounds memory access flaw, CVE-2014-7826, was
        found in the syscall tracing functionality of the Linux
        kernel's ftrace subsystem. On a system with ftrace
        syscall tracing enabled, a local, unprivileged user
        could use this flaw to crash the system, or escalate
        their privileges.(CVE-2014-7826i1/4%0
    
      - Linux kernel built with the Kernel-based Virtual
        Machine (CONFIG_KVM) support is vulnerable to a null
        pointer dereference flaw. It could occur on x86
        platform, when emulating an undefined instruction. An
        attacker could use this flaw to crash the host kernel
        resulting in DoS.(CVE-2016-8630i1/4%0
    
      - A flaw was found in the Linux kernel's ext4 filesystem.
        A local user can cause an out-of-bound access in
        ext4_get_group_info function, a denial of service, and
        a system crash by mounting and operating on a crafted
        ext4 filesystem image.(CVE-2018-10881i1/4%0
    
      - The arch_timer_reg_read_stable macro in
        arch/arm64/include/asm/arch_timer.h in the Linux kernel
        before 4.13 allows local users to cause a denial of
        service (infinite recursion) by writing to a file under
        /sys/kernel/debug in certain circumstances, as
        demonstrated by a scenario involving debugfs, ftrace,
        PREEMPT_TRACER, and
        FUNCTION_GRAPH_TRACER.(CVE-2017-18261i1/4%0
    
      - The ip6_route_add function in net/ipv6/route.c in the
        Linux kernel through 3.13.6 does not properly count the
        addition of routes, which allows remote attackers to
        cause a denial of service (memory consumption) via a
        flood of ICMPv6 Router Advertisement
        packets.(CVE-2014-2309i1/4%0
    
      - In the Linux kernel before 4.20.2, kernel/sched/fair.c
        mishandles leaf cfs_rq's, which allows attackers to
        cause a denial of service (infinite loop in
        update_blocked_averages) or possibly have unspecified
        other impact by inducing a high load.(CVE-2018-20784i1/4%0
    
      - An issue was discovered in the F2FS filesystem code in
        fs/f2fs/inline.c in the Linux kernel. A denial of
        service due to the out-of-bounds memory access can
        occur for a modified f2fs filesystem
        image.(CVE-2018-13099i1/4%0
    
      - An out-of-bounds write vulnerability was found in the
        Linux kernel's vmw_surface_define_ioctl() function, in
        the 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file. Due
        to the nature of the flaw, privilege escalation cannot
        be fully ruled out, although we believe it is
        unlikely.(CVE-2017-7294i1/4%0
    
      - A flaw was found in the way the Linux kernel's KVM
        subsystem handled non-canonical addresses when
        emulating instructions that change the RIP (for
        example, branches or calls). A guest user with access
        to an I/O or MMIO region could use this flaw to crash
        the guest.(CVE-2014-3647i1/4%0
    
      - The __munlock_pagevec function in mm/mlock.c in the
        Linux kernel, before 4.11.4, allows local users to
        cause a denial of service (NR_MLOCK accounting
        corruption) via crafted use of mlockall and munlockall
        system calls.(CVE-2017-18221i1/4%0
    
      - ** RESERVED ** This candidate has been reserved by an
        organization or individual that will use it when
        announcing a new security problem. When the candidate
        has been publicized, the details for this candidate
        will be provided.(CVE-2018-1120i1/4%0
    
      - The proc_connectinfo() function in
        'drivers/usb/core/devio.c' in the Linux kernel through
        4.6 does not initialize a certain data structure, which
        allows local users to obtain sensitive information from
        kernel stack memory via a crafted USBDEVFS_CONNECTINFO
        ioctl call. The stack object 'ci' has a total size of 8
        bytes. Its last 3 bytes are padding bytes which are not
        initialized and are leaked to
        userland.(CVE-2016-4482i1/4%0
    
      - A vulnerability was found in the Linux kernel. An
        unprivileged local user could trigger oops in
        shash_async_export() by attempting to force the
        in-kernel hashing algorithms into decrypting an empty
        data set.(CVE-2016-8646i1/4%0
    
      - An issue was discovered in the btrfs filesystem code in
        the Linux kernel. An invalid NULL pointer dereference
        in btrfs_root_node() when mounting a crafted btrfs
        image is due to a lack of chunk block group mapping
        validation in btrfs_read_block_groups() in the
        fs/btrfs/extent-tree.c function and a lack of
        empty-tree checks in check_leaf() in
        fs/btrfs/tree-checker.c function. This could lead to a
        system crash and a denial of service.(CVE-2018-14612i1/4%0
    
      - It was found that the Linux kernel's TCP/IP protocol
        suite implementation for IPv6 allowed the Hop Limit
        value to be set to a smaller value than the default
        one. An attacker on a local network could use this flaw
        to prevent systems on that network from sending or
        receiving network packets.(CVE-2015-2922i1/4%0
    
      - A NULL-pointer dereference flaw was found in the
        kernel, which is caused by a race between revoking a
        user-type key and reading from it. The issue could be
        triggered by an unprivileged user with a local account,
        causing the kernel to crash (denial of
        service).(CVE-2015-7550i1/4%0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1520
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f904a7a8");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-4.19.28-1.2.117",
            "kernel-devel-4.19.28-1.2.117",
            "kernel-headers-4.19.28-1.2.117",
            "kernel-tools-4.19.28-1.2.117",
            "kernel-tools-libs-4.19.28-1.2.117",
            "kernel-tools-libs-devel-4.19.28-1.2.117",
            "perf-4.19.28-1.2.117",
            "python-perf-4.19.28-1.2.117"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2395-1.NASL
    descriptionNadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) Raphael Geissert reported a NULL pointer dereference in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id78765
    published2014-10-31
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78765
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-2395-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0481-1.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel has been updated to fix security issues on kernels on the x86_64 architecture. The following security bugs have been fixed : - CVE-2012-4398: The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application (bnc#779488). - CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (bnc#835839). - CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (bnc#835839). - CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (bnc#835839). - CVE-2013-2929: The Linux kernel before 3.12.2 did not properly use the get_dumpable function, which allowed local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h (bnc#847652). - CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#857643). - CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allowed attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation (bnc#867723). - CVE-2014-0181: The Netlink implementation in the Linux kernel through 3.14.1 did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051). - CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 did not properly count the addition of routes, which allowed remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets (bnc#867531). - CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (bnc#896382). - CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). - CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). - CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (bnc#896392). - CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (bnc#892782). - CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192). - CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). - CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). - CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346). - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter (bnc#902349). - CVE-2014-3688: The SCTP implementation in the Linux kernel before 3.17.4 allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an associations output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351). - CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors did not ensure that the value in the CR4 control register remains the same after a VM entry, which allowed host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU (bnc#902232). - CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run (bnc#883948). - CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allowed local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). - CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry (bnc#892490). - CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry (bnc#892490). - CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013). - CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#905100). - CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313 (bnc#905312). - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which made it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value (bnc#909078). - CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allowed guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601 (bnc#902675). - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application (bnc#903640). - CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). - CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654). - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (bnc#912705). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id83696
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83696
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2015:0481-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2396-1.NASL
    descriptionNadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id78821
    published2014-11-03
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78821
    titleUbuntu 14.10 : linux vulnerabilities (USN-2396-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-141217.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application. (bnc#779488). (CVE-2012-4398) - drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839). (CVE-2013-2889) - The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839). (CVE-2013-2893) - Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839). (CVE-2013-2897) - drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. (bnc#835839). (CVE-2013-2899) - The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#853040, bnc#857643). (CVE-2013-7263) - Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. (bnc#896382). (CVE-2014-3181) - The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. (bnc#896390). (CVE-2014-3184) - Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. (bnc#896391). (CVE-2014-3185) - Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report. (bnc#896392). (CVE-2014-3186) - The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. (bnc#892782). (CVE-2014-3601) - The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. (bnc#899192). (CVE-2014-3610) - arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application. (bnc#899192). (CVE-2014-3646) - arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application. (bnc#899192). (CVE-2014-3647) - The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. (bnc#902346, bnc#902349). (CVE-2014-3673) - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724). (CVE-2014-4508) - * DISPUTED * Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says: The Linux kernel is not affected; media hype. (bnc#883948). (CVE-2014-4608) - kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. (bnc#904013). (CVE-2014-7826) - An SCTP server doing ASCONF would panic on malformed INIT ping-of-death. (bnc#905100). (CVE-2014-7841) - The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets. (bnc#904700). (CVE-2014-8709) - A local user with write access could have used this flaw to crash the kernel or elevate privileges (bnc#905522). The following non-security bugs have been fixed:. (CVE-2014-8884) - Build the KOTD against the SP3 Update project - HID: fix kabi breakage. - NFS: Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n. - NFS: fix inverted test for delegation in nfs4_reclaim_open_state. (bnc#903331) - NFS: remove incorrect Lock reclaim failed! warning. (bnc#903331) - NFSv4: nfs4_open_done first must check that GETATTR decoded a file type. (bnc#899574) - PCI: pciehp: Clear Data Link Layer State Changed during init. (bnc#898295) - PCI: pciehp: Enable link state change notifications. (bnc#898295) - PCI: pciehp: Handle push button event asynchronously. (bnc#898295) - PCI: pciehp: Make check_link_active() non-static. (bnc#898295) - PCI: pciehp: Use link change notifications for hot-plug and removal. (bnc#898295) - PCI: pciehp: Use per-slot workqueues to avoid deadlock. (bnc#898295) - PCI: pciehp: Use symbolic constants, not hard-coded bitmask. (bnc#898295) - PM / hibernate: Iterate over set bits instead of PFNs in swsusp_free(). (bnc#860441) - be2net: Fix invocation of be_close() after be_clear(). (bnc#895468) - block: Fix bogus partition statistics reports. (bnc#885077 / bnc#891211) - block: Fix computation of merged request priority. - btrfs: Fix wrong device size when we are resizing the device. - btrfs: Return right extent when fiemap gives unaligned offset and len. - btrfs: abtract out range locking in clone ioctl(). - btrfs: always choose work from prio_head first. - btrfs: balance delayed inode updates. - btrfs: cache extent states in defrag code path. - btrfs: check file extent type before anything else. (bnc#897694) - btrfs: clone, do not create invalid hole extent map. - btrfs: correctly determine if blocks are shared in btrfs_compare_trees. - btrfs: do not bug_on if we try to cow a free space cache inode. - btrfs: ensure btrfs_prev_leaf does not miss 1 item. - btrfs: ensure readers see new data after a clone operation. - btrfs: fill_holes: Fix slot number passed to hole_mergeable() call. - btrfs: filter invalid arg for btrfs resize. - btrfs: fix EINVAL checks in btrfs_clone. - btrfs: fix EIO on reading file after ioctl clone works on it. - btrfs: fix a crash of clone with inline extents split. - btrfs: fix crash of compressed writes. (bnc#898375) - btrfs: fix crash when starting transaction. - btrfs: fix deadlock with nested trans handles. - btrfs: fix hang on error (such as ENOSPC) when writing extent pages. - btrfs: fix leaf corruption after __btrfs_drop_extents. - btrfs: fix race between balance recovery and root deletion. - btrfs: fix wrong extent mapping for DirectIO. - btrfs: handle a missing extent for the first file extent. - btrfs: limit delalloc pages outside of find_delalloc_range. (bnc#898375) - btrfs: read lock extent buffer while walking backrefs. - btrfs: remove unused wait queue in struct extent_buffer. - btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX. - btrfs: replace error code from btrfs_drop_extents. - btrfs: unlock extent and pages on error in cow_file_range. - btrfs: unlock inodes in correct order in clone ioctl. - btrfs_ioctl_clone: Move clone code into its own function. - cifs: delay super block destruction until all cifsFileInfo objects are gone. (bnc#903653) - drm/i915: Flush the PTEs after updating them before suspend. (bnc#901638) - drm/i915: Undo gtt scratch pte unmapping again. (bnc#901638) - ext3: return 32/64-bit dir name hash according to usage type. (bnc#898554) - ext4: return 32/64-bit dir name hash according to usage type. (bnc#898554) - fix: use after free of xfs workqueues. (bnc#894895) - fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash. (bnc#898554) - futex: Ensure get_futex_key_refs() always implies a barrier (bnc#851603 (futex scalability series)). - futex: Fix a race condition between REQUEUE_PI and task death (bnc#851603 (futex scalability series)). - ipv6: add support of peer address. (bnc#896415) - ipv6: fix a refcnt leak with peer addr. (bnc#896415) - megaraid_sas: Disable fastpath writes for non-RAID0. (bnc#897502) - mm: change __remove_pages() to call release_mem_region_adjustable(). (bnc#891790) - netxen: Fix link event handling. (bnc#873228) - netxen: fix link notification order. (bnc#873228) - nfsd: rename int access to int may_flags in nfsd_open(). (bnc#898554) - nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes). (bnc#898554) - ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page. (bnc#899843) - powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758). - powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758). - powerpc: Add support for the optimised lockref implementation (bsc#893758). - powerpc: Implement arch_spin_is_locked() using arch_spin_value_unlocked() (bsc#893758). - refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)). - remove filesize checks for sync I/O journal commit. (bnc#800255) - resource: add __adjust_resource() for internal use. (bnc#891790) - resource: add release_mem_region_adjustable(). (bnc#891790) - revert PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free(). (bnc#860441) - rpm/mkspec: Generate specfiles according to Factory requirements. - rpm/mkspec: Generate a per-architecture per-package _constraints file - sched: Fix unreleased llc_shared_mask bit during CPU hotplug. (bnc#891368) - scsi_dh_alua: disable ALUA handling for non-disk devices. (bnc#876633) - usb: Do not re-read descriptors for wired devices in usb_authorize_device(). (bnc#904358) - usbback: Do not access request fields in shared ring more than once. - usbhid: add another mouse that needs QUIRK_ALWAYS_POLL. (bnc#888607) - vfs,proc: guarantee unique inodes in /proc. (bnc#868049) - x86, cpu hotplug: Fix stack frame warning incheck_irq_vectors_for_cpu_disable(). (bnc#887418) - x86, ioremap: Speed up check for RAM pages (Boot time optimisations (bnc#895387)). - x86: Add check for number of available vectors before CPU down. (bnc#887418) - x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)). - x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). - xfs: Do not free EFIs before the EFDs are committed (bsc#755743). - xfs: Do not reference the EFI after it is freed (bsc#755743). - xfs: fix cil push sequence after log recovery (bsc#755743). - zcrypt: support for extended number of ap domains (bnc#894058, LTC#117041). - zcrypt: toleration of new crypto adapter hardware (bnc#894058, LTC#117041).
    last seen2020-06-05
    modified2014-12-26
    plugin id80250
    published2014-12-26
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80250
    titleSuSE 11.3 Security Update : Linux kernel (SAT Patch Number 10103)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1480.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id124804
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124804
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1480)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3060.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service : - CVE-2014-3610 Lars Bull of Google and Nadav Amit reported a flaw in how KVM handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. - CVE-2014-3611 Lars Bull of Google reported a race condition in the PIT emulation code in KVM. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. - CVE-2014-3645/ CVE-2014-3646 The Advanced Threat Research team at Intel Security discovered that the KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. - CVE-2014-3647 Nadav Amit reported that KVM mishandles noncanonical addresses when emulating instructions that change rip, potentially causing a failed VM-entry. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. - CVE-2014-3673 Liu Wei of Red Hat discovered a flaw in net/core/skbuff.c leading to a kernel panic when receiving malformed ASCONF chunks. A remote attacker could use this flaw to crash the system. - CVE-2014-3687 A flaw in the sctp stack was discovered leading to a kernel panic when receiving duplicate ASCONF chunks. A remote attacker could use this flaw to crash the system. - CVE-2014-3688 It was found that the sctp stack is prone to a remotely triggerable memory pressure issue caused by excessive queueing. A remote attacker could use this flaw to cause denial-of-service conditions on the system. - CVE-2014-3690 Andy Lutomirski discovered that incorrect register handling in KVM may lead to denial of service. - CVE-2014-7207 Several Debian developers reported an issue in the IPv6 networking subsystem. A local user with access to tun or macvtap devices, or a virtual machine connected to such a device, can cause a denial of service (system crash). This update includes a bug fix related to CVE-2014-7207 that disables UFO (UDP Fragmentation Offload) in the macvtap, tun, and virtio_net drivers. This will cause migration of a running VM from a host running an earlier kernel version to a host running this kernel version to fail, if the VM has been assigned a virtio network device. In order to migrate such a VM, it must be shut down first.
    last seen2020-03-17
    modified2014-11-03
    plugin id78784
    published2014-11-03
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78784
    titleDebian DSA-3060-1 : linux - security update
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20151119_KERNEL_ON_SL7_X.NASL
    description* A flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2015-12-22
    plugin id87559
    published2015-12-22
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87559
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20151119)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-2152.NASL
    descriptionUpdated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id86972
    published2015-11-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86972
    titleRHEL 7 : kernel (RHSA-2015:2152)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-2152.NASL
    descriptionUpdated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id87135
    published2015-12-02
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87135
    titleCentOS 7 : kernel (CESA-2015:2152)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0068-1.NASL
    descriptionThe SUSE Linux Enterprise 12 kernel was updated to 3.12.31 to receive various security and bugfixes. Security issues fixed: CVE-2014-9322: A local privilege escalation in the x86_64 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code. - CVE-2014-9090: Various issues in LDT handling in 32bit compatibility mode on the x86_64 platform were fixed, where local attackers could crash the machine. - CVE-2014-8133: Insufficient validation of TLS register usage could leak information from the kernel stack to userspace. - CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. - CVE-2014-3647: Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandled noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO could use this flaw to cause a denial of service (system crash) of the guest. - CVE-2014-3611: A race condition flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id83665
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83665
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0068-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-230.NASL
    descriptionMultiple vulnerabilities has been found and corrected in the Linux kernel : The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (CVE-2014-3610). Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation (CVE-2014-3611). arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application (CVE-2014-3645). arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application (CVE-2014-3646). arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application (CVE-2014-3647). The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (CVE-2014-3673). The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter (CVE-2014-3687). arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU (CVE-2014-3690). kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application (CVE-2014-7825). kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (CVE-2014-7826). The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call (CVE-2014-7970). The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601 (CVE-2014-8369). The updated packages provides a solution for these security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id79610
    published2014-11-28
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79610
    titleMandriva Linux Security Advisory : kernel (MDVSA-2014:230)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2394-1.NASL
    descriptionNadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) Raphael Geissert reported a NULL pointer dereference in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id78764
    published2014-10-31
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78764
    titleUbuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2394-1)

Redhat

rpms
  • kernel-0:3.10.0-327.el7
  • kernel-abi-whitelists-0:3.10.0-327.el7
  • kernel-bootwrapper-0:3.10.0-327.el7
  • kernel-debug-0:3.10.0-327.el7
  • kernel-debug-debuginfo-0:3.10.0-327.el7
  • kernel-debug-devel-0:3.10.0-327.el7
  • kernel-debuginfo-0:3.10.0-327.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-327.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-327.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-327.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-327.el7
  • kernel-devel-0:3.10.0-327.el7
  • kernel-doc-0:3.10.0-327.el7
  • kernel-headers-0:3.10.0-327.el7
  • kernel-kdump-0:3.10.0-327.el7
  • kernel-kdump-debuginfo-0:3.10.0-327.el7
  • kernel-kdump-devel-0:3.10.0-327.el7
  • kernel-tools-0:3.10.0-327.el7
  • kernel-tools-debuginfo-0:3.10.0-327.el7
  • kernel-tools-libs-0:3.10.0-327.el7
  • kernel-tools-libs-devel-0:3.10.0-327.el7
  • perf-0:3.10.0-327.el7
  • perf-debuginfo-0:3.10.0-327.el7
  • python-perf-0:3.10.0-327.el7
  • python-perf-debuginfo-0:3.10.0-327.el7

References