Vulnerabilities > CVE-2014-3647
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1071-1.NASL description The SUSE Linux Enterprise 12 kernel was updated to version 3.12.43 to receive various security and bugfixes. Following security bugs were fixed : - CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bsc#899192). - CVE-2014-8086: Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allowed local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag (bsc#900881). - CVE-2014-8159: The InfiniBand (IB) implementation did not properly restrict use of User Verbs for registration of memory regions, which allowed local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/ (bsc#914742). - CVE-2015-1465: The IPv4 implementation in the Linux kernel before 3.18.8 did not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allowed remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets (bsc#916225). - CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 used an incorrect data type in a sysctl table, which allowed local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry (bsc#919007). - CVE-2015-2042: net/rds/sysctl.c in the Linux kernel before 3.19 used an incorrect data type in a sysctl table, which allowed local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry (bsc#919018). - CVE-2015-2666: Fixed a flaw that allowed crafted microcode to overflow the kernel stack (bsc#922944). - CVE-2015-2830: Fixed int80 fork from 64-bit tasks mishandling (bsc#926240). - CVE-2015-2922: Fixed possible denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements (bsc#922583). - CVE-2015-3331: Fixed buffer overruns in RFC4106 implementation using AESNI (bsc#927257). - CVE-2015-3332: Fixed TCP Fast Open local DoS (bsc#928135). - CVE-2015-3339: Fixed race condition flaw between the chown() and execve() system calls which could have lead to local privilege escalation (bsc#928130). - CVE-2015-3636: Fixed use-after-free in ping sockets which could have lead to local privilege escalation (bsc#929525). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 84227 published 2015-06-17 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84227 title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:1071-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2015:1071-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(84227); script_version("2.12"); script_cvs_date("Date: 2019/09/11 11:22:12"); script_cve_id("CVE-2014-3647", "CVE-2014-8086", "CVE-2014-8159", "CVE-2015-1465", "CVE-2015-2041", "CVE-2015-2042", "CVE-2015-2666", "CVE-2015-2830", "CVE-2015-2922", "CVE-2015-3331", "CVE-2015-3332", "CVE-2015-3339", "CVE-2015-3636"); script_bugtraq_id(70376, 70748, 72435, 72729, 72730, 73060, 73183, 73699, 74232, 74235, 74243, 74315, 74450); script_name(english:"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:1071-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise 12 kernel was updated to version 3.12.43 to receive various security and bugfixes. Following security bugs were fixed : - CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bsc#899192). - CVE-2014-8086: Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allowed local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag (bsc#900881). - CVE-2014-8159: The InfiniBand (IB) implementation did not properly restrict use of User Verbs for registration of memory regions, which allowed local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/ (bsc#914742). - CVE-2015-1465: The IPv4 implementation in the Linux kernel before 3.18.8 did not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allowed remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets (bsc#916225). - CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 used an incorrect data type in a sysctl table, which allowed local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry (bsc#919007). - CVE-2015-2042: net/rds/sysctl.c in the Linux kernel before 3.19 used an incorrect data type in a sysctl table, which allowed local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry (bsc#919018). - CVE-2015-2666: Fixed a flaw that allowed crafted microcode to overflow the kernel stack (bsc#922944). - CVE-2015-2830: Fixed int80 fork from 64-bit tasks mishandling (bsc#926240). - CVE-2015-2922: Fixed possible denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements (bsc#922583). - CVE-2015-3331: Fixed buffer overruns in RFC4106 implementation using AESNI (bsc#927257). - CVE-2015-3332: Fixed TCP Fast Open local DoS (bsc#928135). - CVE-2015-3339: Fixed race condition flaw between the chown() and execve() system calls which could have lead to local privilege escalation (bsc#928130). - CVE-2015-3636: Fixed use-after-free in ping sockets which could have lead to local privilege escalation (bsc#929525). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=899192" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=900881" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=909312" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=913232" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=914742" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=915540" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=916225" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=917125" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=919007" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=919018" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=920262" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=921769" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=922583" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=922734" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=922944" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=924664" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=924803" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=924809" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=925567" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=926156" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=926240" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=926314" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=927084" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=927115" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=927116" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=927257" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=927285" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=927308" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=927455" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=928122" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=928130" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=928135" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=928141" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=928708" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=929092" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=929145" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=929525" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=929883" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=930224" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=930226" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=930669" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=930786" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=931014" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=931130" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-3647/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-8086/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-8159/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-1465/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2041/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2042/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2666/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2830/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2922/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-3331/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-3332/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-3339/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-3636/" ); # https://www.suse.com/support/update/announcement/2015/suse-su-20151071-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ea406797" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Workstation Extension 12 : zypper in -t patch SUSE-SLE-WE-12-2015-269=1 SUSE Linux Enterprise Software Development Kit 12 : zypper in -t patch SUSE-SLE-SDK-12-2015-269=1 SUSE Linux Enterprise Server 12 : zypper in -t patch SUSE-SLE-SERVER-12-2015-269=1 SUSE Linux Enterprise Module for Public Cloud 12 : zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-269=1 SUSE Linux Enterprise Live Patching 12 : zypper in -t patch SUSE-SLE-Live-Patching-12-2015-269=1 SUSE Linux Enterprise Desktop 12 : zypper in -t patch SUSE-SLE-DESKTOP-12-2015-269=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/13"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-base-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-devel-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"s390x", reference:"kernel-default-man-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-base-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-base-debuginfo-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-debuginfo-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-debugsource-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-devel-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-syms-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-default-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-default-debuginfo-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-default-debugsource-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-default-devel-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-default-extra-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-default-extra-debuginfo-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-syms-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-xen-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.43-52.6.1")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"kernel-xen-devel-3.12.43-52.6.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-141202.NASL description The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application. (bnc#779488). (CVE-2012-4398) - drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839). (CVE-2013-2889) - The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839). (CVE-2013-2893) - Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839). (CVE-2013-2897) - drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. (bnc#835839). (CVE-2013-2899) - The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#853040, bnc#857643). (CVE-2013-7263) - Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. (bnc#896382). (CVE-2014-3181) - The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. (bnc#896390). (CVE-2014-3184) - Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. (bnc#896391). (CVE-2014-3185) - Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report. (bnc#896392). (CVE-2014-3186) - The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. (bnc#892782). (CVE-2014-3601) - The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. (bnc#899192). (CVE-2014-3610) - arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application. (bnc#899192). (CVE-2014-3646) - arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application. (bnc#899192). (CVE-2014-3647) - The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. (bnc#902346, bnc#902349). (CVE-2014-3673) - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724). (CVE-2014-4508) - * DISPUTED * Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says: The Linux kernel is not affected; media hype. (bnc#883948). (CVE-2014-4608) - kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. (bnc#904013). (CVE-2014-7826) - An SCTP server doing ASCONF would panic on malformed INIT ping-of-death. (bnc#905100). (CVE-2014-7841) - The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets. (bnc#904700). (CVE-2014-8709) - A local user with write access could have used this flaw to crash the kernel or elevate privileges (bnc#905522). The following non-security bugs have been fixed:. (CVE-2014-8884) - Build the KOTD against the SP3 Update project - HID: fix kabi breakage. - NFS: Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n. - NFS: fix inverted test for delegation in nfs4_reclaim_open_state. (bnc#903331) - NFS: remove incorrect Lock reclaim failed! warning. (bnc#903331) - NFSv4: nfs4_open_done first must check that GETATTR decoded a file type. (bnc#899574) - PCI: pciehp: Clear Data Link Layer State Changed during init. (bnc#898295) - PCI: pciehp: Enable link state change notifications. (bnc#898295) - PCI: pciehp: Handle push button event asynchronously. (bnc#898295) - PCI: pciehp: Make check_link_active() non-static. (bnc#898295) - PCI: pciehp: Use link change notifications for hot-plug and removal. (bnc#898295) - PCI: pciehp: Use per-slot workqueues to avoid deadlock. (bnc#898295) - PCI: pciehp: Use symbolic constants, not hard-coded bitmask. (bnc#898295) - PM / hibernate: Iterate over set bits instead of PFNs in swsusp_free(). (bnc#860441) - be2net: Fix invocation of be_close() after be_clear(). (bnc#895468) - block: Fix bogus partition statistics reports. (bnc#885077 / bnc#891211) - block: Fix computation of merged request priority. - btrfs: Fix wrong device size when we are resizing the device. - btrfs: Return right extent when fiemap gives unaligned offset and len. - btrfs: abtract out range locking in clone ioctl(). - btrfs: always choose work from prio_head first. - btrfs: balance delayed inode updates. - btrfs: cache extent states in defrag code path. - btrfs: check file extent type before anything else. (bnc#897694) - btrfs: clone, do not create invalid hole extent map. - btrfs: correctly determine if blocks are shared in btrfs_compare_trees. - btrfs: do not bug_on if we try to cow a free space cache inode. - btrfs: ensure btrfs_prev_leaf does not miss 1 item. - btrfs: ensure readers see new data after a clone operation. - btrfs: fill_holes: Fix slot number passed to hole_mergeable() call. - btrfs: filter invalid arg for btrfs resize. - btrfs: fix EINVAL checks in btrfs_clone. - btrfs: fix EIO on reading file after ioctl clone works on it. - btrfs: fix a crash of clone with inline extents split. - btrfs: fix crash of compressed writes. (bnc#898375) - btrfs: fix crash when starting transaction. - btrfs: fix deadlock with nested trans handles. - btrfs: fix hang on error (such as ENOSPC) when writing extent pages. - btrfs: fix leaf corruption after __btrfs_drop_extents. - btrfs: fix race between balance recovery and root deletion. - btrfs: fix wrong extent mapping for DirectIO. - btrfs: handle a missing extent for the first file extent. - btrfs: limit delalloc pages outside of find_delalloc_range. (bnc#898375) - btrfs: read lock extent buffer while walking backrefs. - btrfs: remove unused wait queue in struct extent_buffer. - btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX. - btrfs: replace error code from btrfs_drop_extents. - btrfs: unlock extent and pages on error in cow_file_range. - btrfs: unlock inodes in correct order in clone ioctl. - btrfs_ioctl_clone: Move clone code into its own function. - cifs: delay super block destruction until all cifsFileInfo objects are gone. (bnc#903653) - drm/i915: Flush the PTEs after updating them before suspend. (bnc#901638) - drm/i915: Undo gtt scratch pte unmapping again. (bnc#901638) - ext3: return 32/64-bit dir name hash according to usage type. (bnc#898554) - ext4: return 32/64-bit dir name hash according to usage type. (bnc#898554) - fix: use after free of xfs workqueues. (bnc#894895) - fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash. (bnc#898554) - futex: Ensure get_futex_key_refs() always implies a barrier (bnc#851603 (futex scalability series)). - futex: Fix a race condition between REQUEUE_PI and task death (bnc#851603 (futex scalability series)). - ipv6: add support of peer address. (bnc#896415) - ipv6: fix a refcnt leak with peer addr. (bnc#896415) - megaraid_sas: Disable fastpath writes for non-RAID0. (bnc#897502) - mm: change __remove_pages() to call release_mem_region_adjustable(). (bnc#891790) - netxen: Fix link event handling. (bnc#873228) - netxen: fix link notification order. (bnc#873228) - nfsd: rename int access to int may_flags in nfsd_open(). (bnc#898554) - nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes). (bnc#898554) - ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page. (bnc#899843) - powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758). - powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758). - powerpc: Add support for the optimised lockref implementation (bsc#893758). - powerpc: Implement arch_spin_is_locked() using arch_spin_value_unlocked() (bsc#893758). - refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)). - remove filesize checks for sync I/O journal commit. (bnc#800255) - resource: add __adjust_resource() for internal use. (bnc#891790) - resource: add release_mem_region_adjustable(). (bnc#891790) - revert PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free(). (bnc#860441) - rpm/mkspec: Generate specfiles according to Factory requirements. - rpm/mkspec: Generate a per-architecture per-package _constraints file - sched: Fix unreleased llc_shared_mask bit during CPU hotplug. (bnc#891368) - scsi_dh_alua: disable ALUA handling for non-disk devices. (bnc#876633) - usb: Do not re-read descriptors for wired devices in usb_authorize_device(). (bnc#904358) - usbback: Do not access request fields in shared ring more than once. - usbhid: add another mouse that needs QUIRK_ALWAYS_POLL. (bnc#888607) - vfs,proc: guarantee unique inodes in /proc. (bnc#868049) - x86, cpu hotplug: Fix stack frame warning incheck_irq_vectors_for_cpu_disable(). (bnc#887418) - x86, ioremap: Speed up check for RAM pages (Boot time optimisations (bnc#895387)). - x86: Add check for number of available vectors before CPU down. (bnc#887418) - x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)). - x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). - xfs: Do not free EFIs before the EFDs are committed (bsc#755743). - xfs: Do not reference the EFI after it is freed (bsc#755743). - xfs: fix cil push sequence after log recovery (bsc#755743). - zcrypt: support for extended number of ap domains (bnc#894058, LTC#117041). - zcrypt: toleration of new crypto adapter hardware (bnc#894058, LTC#117041). last seen 2020-06-05 modified 2014-12-26 plugin id 80249 published 2014-12-26 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80249 title SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 10037 / 10040) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(80249); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-4398", "CVE-2013-2889", "CVE-2013-2893", "CVE-2013-2897", "CVE-2013-2899", "CVE-2013-7263", "CVE-2014-3181", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3186", "CVE-2014-3601", "CVE-2014-3610", "CVE-2014-3646", "CVE-2014-3647", "CVE-2014-3673", "CVE-2014-4508", "CVE-2014-4608", "CVE-2014-7826", "CVE-2014-7841", "CVE-2014-8709", "CVE-2014-8884"); script_name(english:"SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 10037 / 10040)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application. (bnc#779488). (CVE-2012-4398) - drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839). (CVE-2013-2889) - The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839). (CVE-2013-2893) - Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839). (CVE-2013-2897) - drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. (bnc#835839). (CVE-2013-2899) - The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#853040, bnc#857643). (CVE-2013-7263) - Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. (bnc#896382). (CVE-2014-3181) - The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. (bnc#896390). (CVE-2014-3184) - Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. (bnc#896391). (CVE-2014-3185) - Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report. (bnc#896392). (CVE-2014-3186) - The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. (bnc#892782). (CVE-2014-3601) - The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. (bnc#899192). (CVE-2014-3610) - arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application. (bnc#899192). (CVE-2014-3646) - arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application. (bnc#899192). (CVE-2014-3647) - The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. (bnc#902346, bnc#902349). (CVE-2014-3673) - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724). (CVE-2014-4508) - * DISPUTED * Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says: The Linux kernel is not affected; media hype. (bnc#883948). (CVE-2014-4608) - kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. (bnc#904013). (CVE-2014-7826) - An SCTP server doing ASCONF would panic on malformed INIT ping-of-death. (bnc#905100). (CVE-2014-7841) - The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets. (bnc#904700). (CVE-2014-8709) - A local user with write access could have used this flaw to crash the kernel or elevate privileges (bnc#905522). The following non-security bugs have been fixed:. (CVE-2014-8884) - Build the KOTD against the SP3 Update project - HID: fix kabi breakage. - NFS: Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n. - NFS: fix inverted test for delegation in nfs4_reclaim_open_state. (bnc#903331) - NFS: remove incorrect Lock reclaim failed! warning. (bnc#903331) - NFSv4: nfs4_open_done first must check that GETATTR decoded a file type. (bnc#899574) - PCI: pciehp: Clear Data Link Layer State Changed during init. (bnc#898295) - PCI: pciehp: Enable link state change notifications. (bnc#898295) - PCI: pciehp: Handle push button event asynchronously. (bnc#898295) - PCI: pciehp: Make check_link_active() non-static. (bnc#898295) - PCI: pciehp: Use link change notifications for hot-plug and removal. (bnc#898295) - PCI: pciehp: Use per-slot workqueues to avoid deadlock. (bnc#898295) - PCI: pciehp: Use symbolic constants, not hard-coded bitmask. (bnc#898295) - PM / hibernate: Iterate over set bits instead of PFNs in swsusp_free(). (bnc#860441) - be2net: Fix invocation of be_close() after be_clear(). (bnc#895468) - block: Fix bogus partition statistics reports. (bnc#885077 / bnc#891211) - block: Fix computation of merged request priority. - btrfs: Fix wrong device size when we are resizing the device. - btrfs: Return right extent when fiemap gives unaligned offset and len. - btrfs: abtract out range locking in clone ioctl(). - btrfs: always choose work from prio_head first. - btrfs: balance delayed inode updates. - btrfs: cache extent states in defrag code path. - btrfs: check file extent type before anything else. (bnc#897694) - btrfs: clone, do not create invalid hole extent map. - btrfs: correctly determine if blocks are shared in btrfs_compare_trees. - btrfs: do not bug_on if we try to cow a free space cache inode. - btrfs: ensure btrfs_prev_leaf does not miss 1 item. - btrfs: ensure readers see new data after a clone operation. - btrfs: fill_holes: Fix slot number passed to hole_mergeable() call. - btrfs: filter invalid arg for btrfs resize. - btrfs: fix EINVAL checks in btrfs_clone. - btrfs: fix EIO on reading file after ioctl clone works on it. - btrfs: fix a crash of clone with inline extents split. - btrfs: fix crash of compressed writes. (bnc#898375) - btrfs: fix crash when starting transaction. - btrfs: fix deadlock with nested trans handles. - btrfs: fix hang on error (such as ENOSPC) when writing extent pages. - btrfs: fix leaf corruption after __btrfs_drop_extents. - btrfs: fix race between balance recovery and root deletion. - btrfs: fix wrong extent mapping for DirectIO. - btrfs: handle a missing extent for the first file extent. - btrfs: limit delalloc pages outside of find_delalloc_range. (bnc#898375) - btrfs: read lock extent buffer while walking backrefs. - btrfs: remove unused wait queue in struct extent_buffer. - btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX. - btrfs: replace error code from btrfs_drop_extents. - btrfs: unlock extent and pages on error in cow_file_range. - btrfs: unlock inodes in correct order in clone ioctl. - btrfs_ioctl_clone: Move clone code into its own function. - cifs: delay super block destruction until all cifsFileInfo objects are gone. (bnc#903653) - drm/i915: Flush the PTEs after updating them before suspend. (bnc#901638) - drm/i915: Undo gtt scratch pte unmapping again. (bnc#901638) - ext3: return 32/64-bit dir name hash according to usage type. (bnc#898554) - ext4: return 32/64-bit dir name hash according to usage type. (bnc#898554) - fix: use after free of xfs workqueues. (bnc#894895) - fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash. (bnc#898554) - futex: Ensure get_futex_key_refs() always implies a barrier (bnc#851603 (futex scalability series)). - futex: Fix a race condition between REQUEUE_PI and task death (bnc#851603 (futex scalability series)). - ipv6: add support of peer address. (bnc#896415) - ipv6: fix a refcnt leak with peer addr. (bnc#896415) - megaraid_sas: Disable fastpath writes for non-RAID0. (bnc#897502) - mm: change __remove_pages() to call release_mem_region_adjustable(). (bnc#891790) - netxen: Fix link event handling. (bnc#873228) - netxen: fix link notification order. (bnc#873228) - nfsd: rename int access to int may_flags in nfsd_open(). (bnc#898554) - nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes). (bnc#898554) - ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page. (bnc#899843) - powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758). - powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758). - powerpc: Add support for the optimised lockref implementation (bsc#893758). - powerpc: Implement arch_spin_is_locked() using arch_spin_value_unlocked() (bsc#893758). - refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)). - remove filesize checks for sync I/O journal commit. (bnc#800255) - resource: add __adjust_resource() for internal use. (bnc#891790) - resource: add release_mem_region_adjustable(). (bnc#891790) - revert PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free(). (bnc#860441) - rpm/mkspec: Generate specfiles according to Factory requirements. - rpm/mkspec: Generate a per-architecture per-package _constraints file - sched: Fix unreleased llc_shared_mask bit during CPU hotplug. (bnc#891368) - scsi_dh_alua: disable ALUA handling for non-disk devices. (bnc#876633) - usb: Do not re-read descriptors for wired devices in usb_authorize_device(). (bnc#904358) - usbback: Do not access request fields in shared ring more than once. - usbhid: add another mouse that needs QUIRK_ALWAYS_POLL. (bnc#888607) - vfs,proc: guarantee unique inodes in /proc. (bnc#868049) - x86, cpu hotplug: Fix stack frame warning incheck_irq_vectors_for_cpu_disable(). (bnc#887418) - x86, ioremap: Speed up check for RAM pages (Boot time optimisations (bnc#895387)). - x86: Add check for number of available vectors before CPU down. (bnc#887418) - x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)). - x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). - xfs: Do not free EFIs before the EFDs are committed (bsc#755743). - xfs: Do not reference the EFI after it is freed (bsc#755743). - xfs: fix cil push sequence after log recovery (bsc#755743). - zcrypt: support for extended number of ap domains (bnc#894058, LTC#117041). - zcrypt: toleration of new crypto adapter hardware (bnc#894058, LTC#117041)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=755743" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=779488" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=800255" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=835839" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=851603" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853040" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=857643" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=860441" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=868049" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=873228" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=876633" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=883724" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=883948" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=885077" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=887418" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=888607" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=891211" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=891368" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=891790" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=892782" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=893758" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=894058" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=894895" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=895387" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=895468" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=896382" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=896390" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=896391" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=896392" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=896415" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=897502" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=897694" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=897708" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=898295" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=898375" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=898554" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=899192" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=899574" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=899843" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=901638" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=902346" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=902349" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=903331" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=903653" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=904013" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=904358" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=904700" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=905100" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=905522" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-4398.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2889.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2893.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2897.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-2899.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-7263.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3181.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3184.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3185.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3186.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3601.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3610.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3646.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3647.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-3673.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-4508.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-4608.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-7826.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-7841.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-8709.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-8884.html" ); script_set_attribute( attribute:"solution", value:"Apply SAT patch number 10037 / 10040 as appropriate." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-base-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-devel-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-extra-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-extra-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-source-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-syms-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-extra-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.5_02_3.0.101_0.42-0.7.2")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.5_02_3.0.101_0.42-0.7.2")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-default-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-default-base-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-default-devel-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-base-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-devel-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-source-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-syms-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-trace-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-trace-base-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.5_02_3.0.101_0.42-0.7.2")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.5_02_3.0.101_0.42-0.7.2")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-base-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-devel-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-man-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-source-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-syms-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-trace-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-trace-base-3.0.101-0.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-trace-devel-3.0.101-0.42.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-2152.NASL description From Red Hat Security Advisory 2015:2152 : Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 87090 published 2015-11-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87090 title Oracle Linux 7 : kernel (ELSA-2015-2152) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:2152 and # Oracle Linux Security Advisory ELSA-2015-2152 respectively. # include("compat.inc"); if (description) { script_id(87090); script_version("2.27"); script_cvs_date("Date: 2019/09/27 13:00:36"); script_cve_id("CVE-2010-5313", "CVE-2013-7421", "CVE-2014-3647", "CVE-2014-7842", "CVE-2014-8171", "CVE-2014-9419", "CVE-2014-9644", "CVE-2015-0239", "CVE-2015-2925", "CVE-2015-3288", "CVE-2015-3339", "CVE-2015-4170", "CVE-2015-5283", "CVE-2015-6526", "CVE-2015-7553", "CVE-2015-7613", "CVE-2015-7837", "CVE-2015-8215", "CVE-2016-0774"); script_xref(name:"RHSA", value:"2015:2152"); script_name(english:"Oracle Linux 7 : kernel (ELSA-2015-2152)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2015:2152 : Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. (CVE-2015-2925, Important) * A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system. (CVE-2015-7613, Important) * It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. (CVE-2010-5313, CVE-2014-7842, Moderate) * A flaw was found in the way the Linux kernel's KVM subsystem handled non-canonical addresses when emulating instructions that change the RIP (for example, branches or calls). A guest user with access to an I/O or MMIO region could use this flaw to crash the guest. (CVE-2014-3647, Moderate) * It was found that the Linux kernel memory resource controller's (memcg) handling of OOM (out of memory) conditions could lead to deadlocks. An attacker could use this flaw to lock up the system. (CVE-2014-8171, Moderate) * A race condition flaw was found between the chown and execve system calls. A local, unprivileged user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-3339, Moderate) * A flaw was discovered in the way the Linux kernel's TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause a denial of service on the system. (CVE-2015-4170, Moderate) * A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded. (CVE-2015-5283, Moderate) * A flaw was found in the way the Linux kernel's perf subsystem retrieved userlevel stack traces on PowerPC systems. A local, unprivileged user could use this flaw to cause a denial of service on the system. (CVE-2015-6526, Moderate) * A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel. (CVE-2013-7421, CVE-2014-9644, Low) * An information leak flaw was found in the way the Linux kernel changed certain segment registers and thread-local storage (TLS) during a context switch. A local, unprivileged user could use this flaw to leak the user space TLS base address of an arbitrary process. (CVE-2014-9419, Low) * It was found that the Linux kernel KVM subsystem's sysenter instruction emulation was not sufficient. An unprivileged guest user could use this flaw to escalate their privileges by tricking the hypervisor to emulate a SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the SYSENTER model-specific registers (MSRs). Note: Certified guest operating systems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER MSRs and are thus not vulnerable to this issue when running on a KVM hypervisor. (CVE-2015-0239, Low) * A flaw was found in the way the Linux kernel handled the securelevel functionality after performing a kexec operation. A local attacker could use this flaw to bypass the security mechanism of the securelevel/secureboot combination. (CVE-2015-7837, Low)" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2015-November/005581.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/10"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2010-5313", "CVE-2013-7421", "CVE-2014-3647", "CVE-2014-7842", "CVE-2014-8171", "CVE-2014-9419", "CVE-2014-9644", "CVE-2015-0239", "CVE-2015-2925", "CVE-2015-3288", "CVE-2015-3339", "CVE-2015-4170", "CVE-2015-5283", "CVE-2015-6526", "CVE-2015-7553", "CVE-2015-7613", "CVE-2015-7837", "CVE-2015-8215", "CVE-2016-0774"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2015-2152"); } else { __rpm_report = ksplice_reporting_text(); } } kernel_major_minor = get_kb_item("Host/uname/major_minor"); if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level."); expected_kernel_major_minor = "3.10"; if (kernel_major_minor != expected_kernel_major_minor) audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor); flag = 0; if (rpm_exists(release:"EL7", rpm:"kernel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-3.10.0-327.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-abi-whitelists-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-327.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-debug-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-327.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-debug-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-327.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-327.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-doc-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-doc-3.10.0-327.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-headers-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-327.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-tools-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-327.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-327.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-327.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"perf-3.10.0-327.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"python-perf-3.10.0-327.el7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel"); }
NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL13145361.NASL description arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.(CVE-2014-3647) last seen 2020-06-01 modified 2020-06-02 plugin id 88430 published 2016-01-28 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88430 title F5 Networks BIG-IP : Linux kernel KVM subsystem vulnerability (K13145361) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution K13145361. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(88430); script_version("1.9"); script_cvs_date("Date: 2019/01/04 10:03:40"); script_cve_id("CVE-2014-3647"); script_bugtraq_id(70748); script_name(english:"F5 Networks BIG-IP : Linux kernel KVM subsystem vulnerability (K13145361)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.(CVE-2014-3647)" ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K13145361" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution K13145361." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "K13145361"; vmatrix = make_array(); if (report_paranoia < 2) audit(AUDIT_PARANOID); # AFM vmatrix["AFM"] = make_array(); vmatrix["AFM"]["affected" ] = make_list("12.0.0-12.1.2","11.3.0-11.6.1"); vmatrix["AFM"]["unaffected"] = make_list("13.0.0"); # AM vmatrix["AM"] = make_array(); vmatrix["AM"]["affected" ] = make_list("12.0.0-12.1.2","11.4.0-11.6.1"); vmatrix["AM"]["unaffected"] = make_list("13.0.0"); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("12.0.0-12.1.2","11.0.0-11.6.1"); vmatrix["APM"]["unaffected"] = make_list("13.0.0","10.1.0-10.2.4"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("12.0.0-12.1.2","11.0.0-11.6.1"); vmatrix["ASM"]["unaffected"] = make_list("13.0.0","10.1.0-10.2.4"); # AVR vmatrix["AVR"] = make_array(); vmatrix["AVR"]["affected" ] = make_list("12.0.0-12.1.2","11.0.0-11.6.1"); vmatrix["AVR"]["unaffected"] = make_list("13.0.0"); # GTM vmatrix["GTM"] = make_array(); vmatrix["GTM"]["affected" ] = make_list("11.0.0-11.6.1"); vmatrix["GTM"]["unaffected"] = make_list("10.1.0-10.2.4"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("12.0.0-12.1.2","11.0.0-11.6.1"); vmatrix["LC"]["unaffected"] = make_list("13.0.0","10.1.0-10.2.4"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("12.0.0-12.1.2","11.0.0-11.6.1"); vmatrix["LTM"]["unaffected"] = make_list("13.0.0","10.1.0-10.2.4"); # PEM vmatrix["PEM"] = make_array(); vmatrix["PEM"]["affected" ] = make_list("12.0.0-12.1.2","11.3.0-11.6.1"); vmatrix["PEM"]["unaffected"] = make_list("13.0.0"); # PSM vmatrix["PSM"] = make_array(); vmatrix["PSM"]["affected" ] = make_list("11.0.0-11.4.1"); vmatrix["PSM"]["unaffected"] = make_list("10.1.0-10.2.4"); # WAM vmatrix["WAM"] = make_array(); vmatrix["WAM"]["affected" ] = make_list("11.0.0-11.3.0"); vmatrix["WAM"]["unaffected"] = make_list("10.1.0-10.2.4"); # WOM vmatrix["WOM"] = make_array(); vmatrix["WOM"]["affected" ] = make_list("11.0.0-11.3.0"); vmatrix["WOM"]["unaffected"] = make_list("10.1.0-10.2.4"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_note(port:0, extra:bigip_report_get()); else security_note(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2417-1.NASL description Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) A flaw was discovered with invept instruction support when using nested EPT in the KVM (Kernel Virtual Machine). An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3645) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673) A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687) It was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688) A flaw was discovered in how the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 79433 published 2014-11-25 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79433 title Ubuntu 12.04 LTS : linux vulnerabilities (USN-2417-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2417-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(79433); script_version("1.15"); script_cvs_date("Date: 2019/09/19 12:54:30"); script_cve_id("CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-3647", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-3690", "CVE-2014-4608", "CVE-2014-7207", "CVE-2014-7975"); script_bugtraq_id(68214, 70314, 70691, 70742, 70743, 70745, 70746, 70748, 70766, 70867, 70883); script_xref(name:"USN", value:"2417-1"); script_name(english:"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2417-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) A flaw was discovered with invept instruction support when using nested EPT in the KVM (Kernel Virtual Machine). An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3645) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673) A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687) It was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688) A flaw was discovered in how the Linux kernel's KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. (CVE-2014-3690) Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). (CVE-2014-4608) It was discovered the Linux kernel's implementation of IPv6 did not properly validate arguments in the ipv6_select_ident function. A local user could exploit this flaw to cause a denial of service (system crash) by leveraging tun or macvtap device access. (CVE-2014-7207) Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability). (CVE-2014-7975). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2417-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/03"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-3647", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-3690", "CVE-2014-4608", "CVE-2014-7207", "CVE-2014-7975"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2417-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-72-generic", pkgver:"3.2.0-72.107")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-72-generic-pae", pkgver:"3.2.0-72.107")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-72-highbank", pkgver:"3.2.0-72.107")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-72-virtual", pkgver:"3.2.0-72.107")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.2-generic / linux-image-3.2-generic-pae / etc"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1520.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.(CVE-2015-4036i1/4%0 - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.(CVE-2016-4485i1/4%0 - The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7269i1/4%0 - The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.(CVE-2016-3136i1/4%0 - An out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel last seen 2020-03-19 modified 2019-05-14 plugin id 124973 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124973 title EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1520) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124973); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19"); script_cve_id( "CVE-2013-7269", "CVE-2014-2309", "CVE-2014-3647", "CVE-2014-7826", "CVE-2015-2922", "CVE-2015-4036", "CVE-2015-7550", "CVE-2016-3136", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8630", "CVE-2016-8646", "CVE-2017-18221", "CVE-2017-18261", "CVE-2017-7294", "CVE-2018-10881", "CVE-2018-1120", "CVE-2018-13099", "CVE-2018-14612", "CVE-2018-20784" ); script_bugtraq_id( 64742, 66095, 70748, 70971, 74315, 74664 ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1520)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.(CVE-2015-4036i1/4%0 - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.(CVE-2016-4485i1/4%0 - The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7269i1/4%0 - The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.(CVE-2016-3136i1/4%0 - An out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. Additionally, an out-of-bounds memory access flaw, CVE-2014-7826, was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges.(CVE-2014-7826i1/4%0 - Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.(CVE-2016-8630i1/4%0 - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10881i1/4%0 - The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER.(CVE-2017-18261i1/4%0 - The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.(CVE-2014-2309i1/4%0 - In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.(CVE-2018-20784i1/4%0 - An issue was discovered in the F2FS filesystem code in fs/f2fs/inline.c in the Linux kernel. A denial of service due to the out-of-bounds memory access can occur for a modified f2fs filesystem image.(CVE-2018-13099i1/4%0 - An out-of-bounds write vulnerability was found in the Linux kernel's vmw_surface_define_ioctl() function, in the 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-7294i1/4%0 - A flaw was found in the way the Linux kernel's KVM subsystem handled non-canonical addresses when emulating instructions that change the RIP (for example, branches or calls). A guest user with access to an I/O or MMIO region could use this flaw to crash the guest.(CVE-2014-3647i1/4%0 - The __munlock_pagevec function in mm/mlock.c in the Linux kernel, before 4.11.4, allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.(CVE-2017-18221i1/4%0 - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2018-1120i1/4%0 - The proc_connectinfo() function in 'drivers/usb/core/devio.c' in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. The stack object 'ci' has a total size of 8 bytes. Its last 3 bytes are padding bytes which are not initialized and are leaked to userland.(CVE-2016-4482i1/4%0 - A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set.(CVE-2016-8646i1/4%0 - An issue was discovered in the btrfs filesystem code in the Linux kernel. An invalid NULL pointer dereference in btrfs_root_node() when mounting a crafted btrfs image is due to a lack of chunk block group mapping validation in btrfs_read_block_groups() in the fs/btrfs/extent-tree.c function and a lack of empty-tree checks in check_leaf() in fs/btrfs/tree-checker.c function. This could lead to a system crash and a denial of service.(CVE-2018-14612i1/4%0 - It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets.(CVE-2015-2922i1/4%0 - A NULL-pointer dereference flaw was found in the kernel, which is caused by a race between revoking a user-type key and reading from it. The issue could be triggered by an unprivileged user with a local account, causing the kernel to crash (denial of service).(CVE-2015-7550i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1520 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f904a7a8"); script_set_attribute(attribute:"solution", value: "Update the affected kernel packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["kernel-4.19.28-1.2.117", "kernel-devel-4.19.28-1.2.117", "kernel-headers-4.19.28-1.2.117", "kernel-tools-4.19.28-1.2.117", "kernel-tools-libs-4.19.28-1.2.117", "kernel-tools-libs-devel-4.19.28-1.2.117", "perf-4.19.28-1.2.117", "python-perf-4.19.28-1.2.117"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2395-1.NASL description Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) Raphael Geissert reported a NULL pointer dereference in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 78765 published 2014-10-31 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78765 title Ubuntu 14.04 LTS : linux vulnerabilities (USN-2395-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-0481-1.NASL description The SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel has been updated to fix security issues on kernels on the x86_64 architecture. The following security bugs have been fixed : - CVE-2012-4398: The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application (bnc#779488). - CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (bnc#835839). - CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (bnc#835839). - CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (bnc#835839). - CVE-2013-2929: The Linux kernel before 3.12.2 did not properly use the get_dumpable function, which allowed local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h (bnc#847652). - CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#857643). - CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allowed attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation (bnc#867723). - CVE-2014-0181: The Netlink implementation in the Linux kernel through 3.14.1 did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051). - CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 did not properly count the addition of routes, which allowed remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets (bnc#867531). - CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (bnc#896382). - CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). - CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). - CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (bnc#896392). - CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (bnc#892782). - CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192). - CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). - CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). - CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346). - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter (bnc#902349). - CVE-2014-3688: The SCTP implementation in the Linux kernel before 3.17.4 allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an associations output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351). - CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors did not ensure that the value in the CR4 control register remains the same after a VM entry, which allowed host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU (bnc#902232). - CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run (bnc#883948). - CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allowed local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). - CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry (bnc#892490). - CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry (bnc#892490). - CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013). - CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#905100). - CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313 (bnc#905312). - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which made it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value (bnc#909078). - CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allowed guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601 (bnc#902675). - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application (bnc#903640). - CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). - CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654). - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (bnc#912705). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 83696 published 2015-05-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83696 title SUSE SLES11 Security Update : kernel (SUSE-SU-2015:0481-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2396-1.NASL description Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 78821 published 2014-11-03 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78821 title Ubuntu 14.10 : linux vulnerabilities (USN-2396-1) NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-141217.NASL description The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application. (bnc#779488). (CVE-2012-4398) - drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839). (CVE-2013-2889) - The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839). (CVE-2013-2893) - Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839). (CVE-2013-2897) - drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. (bnc#835839). (CVE-2013-2899) - The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#853040, bnc#857643). (CVE-2013-7263) - Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. (bnc#896382). (CVE-2014-3181) - The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. (bnc#896390). (CVE-2014-3184) - Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. (bnc#896391). (CVE-2014-3185) - Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report. (bnc#896392). (CVE-2014-3186) - The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. (bnc#892782). (CVE-2014-3601) - The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. (bnc#899192). (CVE-2014-3610) - arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application. (bnc#899192). (CVE-2014-3646) - arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application. (bnc#899192). (CVE-2014-3647) - The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. (bnc#902346, bnc#902349). (CVE-2014-3673) - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724). (CVE-2014-4508) - * DISPUTED * Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says: The Linux kernel is not affected; media hype. (bnc#883948). (CVE-2014-4608) - kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. (bnc#904013). (CVE-2014-7826) - An SCTP server doing ASCONF would panic on malformed INIT ping-of-death. (bnc#905100). (CVE-2014-7841) - The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets. (bnc#904700). (CVE-2014-8709) - A local user with write access could have used this flaw to crash the kernel or elevate privileges (bnc#905522). The following non-security bugs have been fixed:. (CVE-2014-8884) - Build the KOTD against the SP3 Update project - HID: fix kabi breakage. - NFS: Provide stub nfs_fscache_wait_on_invalidate() for when CONFIG_NFS_FSCACHE=n. - NFS: fix inverted test for delegation in nfs4_reclaim_open_state. (bnc#903331) - NFS: remove incorrect Lock reclaim failed! warning. (bnc#903331) - NFSv4: nfs4_open_done first must check that GETATTR decoded a file type. (bnc#899574) - PCI: pciehp: Clear Data Link Layer State Changed during init. (bnc#898295) - PCI: pciehp: Enable link state change notifications. (bnc#898295) - PCI: pciehp: Handle push button event asynchronously. (bnc#898295) - PCI: pciehp: Make check_link_active() non-static. (bnc#898295) - PCI: pciehp: Use link change notifications for hot-plug and removal. (bnc#898295) - PCI: pciehp: Use per-slot workqueues to avoid deadlock. (bnc#898295) - PCI: pciehp: Use symbolic constants, not hard-coded bitmask. (bnc#898295) - PM / hibernate: Iterate over set bits instead of PFNs in swsusp_free(). (bnc#860441) - be2net: Fix invocation of be_close() after be_clear(). (bnc#895468) - block: Fix bogus partition statistics reports. (bnc#885077 / bnc#891211) - block: Fix computation of merged request priority. - btrfs: Fix wrong device size when we are resizing the device. - btrfs: Return right extent when fiemap gives unaligned offset and len. - btrfs: abtract out range locking in clone ioctl(). - btrfs: always choose work from prio_head first. - btrfs: balance delayed inode updates. - btrfs: cache extent states in defrag code path. - btrfs: check file extent type before anything else. (bnc#897694) - btrfs: clone, do not create invalid hole extent map. - btrfs: correctly determine if blocks are shared in btrfs_compare_trees. - btrfs: do not bug_on if we try to cow a free space cache inode. - btrfs: ensure btrfs_prev_leaf does not miss 1 item. - btrfs: ensure readers see new data after a clone operation. - btrfs: fill_holes: Fix slot number passed to hole_mergeable() call. - btrfs: filter invalid arg for btrfs resize. - btrfs: fix EINVAL checks in btrfs_clone. - btrfs: fix EIO on reading file after ioctl clone works on it. - btrfs: fix a crash of clone with inline extents split. - btrfs: fix crash of compressed writes. (bnc#898375) - btrfs: fix crash when starting transaction. - btrfs: fix deadlock with nested trans handles. - btrfs: fix hang on error (such as ENOSPC) when writing extent pages. - btrfs: fix leaf corruption after __btrfs_drop_extents. - btrfs: fix race between balance recovery and root deletion. - btrfs: fix wrong extent mapping for DirectIO. - btrfs: handle a missing extent for the first file extent. - btrfs: limit delalloc pages outside of find_delalloc_range. (bnc#898375) - btrfs: read lock extent buffer while walking backrefs. - btrfs: remove unused wait queue in struct extent_buffer. - btrfs: replace EINVAL with ERANGE for resize when ULLONG_MAX. - btrfs: replace error code from btrfs_drop_extents. - btrfs: unlock extent and pages on error in cow_file_range. - btrfs: unlock inodes in correct order in clone ioctl. - btrfs_ioctl_clone: Move clone code into its own function. - cifs: delay super block destruction until all cifsFileInfo objects are gone. (bnc#903653) - drm/i915: Flush the PTEs after updating them before suspend. (bnc#901638) - drm/i915: Undo gtt scratch pte unmapping again. (bnc#901638) - ext3: return 32/64-bit dir name hash according to usage type. (bnc#898554) - ext4: return 32/64-bit dir name hash according to usage type. (bnc#898554) - fix: use after free of xfs workqueues. (bnc#894895) - fs: add new FMODE flags: FMODE_32bithash and FMODE_64bithash. (bnc#898554) - futex: Ensure get_futex_key_refs() always implies a barrier (bnc#851603 (futex scalability series)). - futex: Fix a race condition between REQUEUE_PI and task death (bnc#851603 (futex scalability series)). - ipv6: add support of peer address. (bnc#896415) - ipv6: fix a refcnt leak with peer addr. (bnc#896415) - megaraid_sas: Disable fastpath writes for non-RAID0. (bnc#897502) - mm: change __remove_pages() to call release_mem_region_adjustable(). (bnc#891790) - netxen: Fix link event handling. (bnc#873228) - netxen: fix link notification order. (bnc#873228) - nfsd: rename int access to int may_flags in nfsd_open(). (bnc#898554) - nfsd: vfs_llseek() with 32 or 64 bit offsets (hashes). (bnc#898554) - ocfs2: fix NULL pointer dereference in ocfs2_duplicate_clusters_by_page. (bnc#899843) - powerpc: Add smp_mb() to arch_spin_is_locked() (bsc#893758). - powerpc: Add smp_mb()s to arch_spin_unlock_wait() (bsc#893758). - powerpc: Add support for the optimised lockref implementation (bsc#893758). - powerpc: Implement arch_spin_is_locked() using arch_spin_value_unlocked() (bsc#893758). - refresh patches.xen/xen-blkback-multi-page-ring (bnc#897708)). - remove filesize checks for sync I/O journal commit. (bnc#800255) - resource: add __adjust_resource() for internal use. (bnc#891790) - resource: add release_mem_region_adjustable(). (bnc#891790) - revert PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free(). (bnc#860441) - rpm/mkspec: Generate specfiles according to Factory requirements. - rpm/mkspec: Generate a per-architecture per-package _constraints file - sched: Fix unreleased llc_shared_mask bit during CPU hotplug. (bnc#891368) - scsi_dh_alua: disable ALUA handling for non-disk devices. (bnc#876633) - usb: Do not re-read descriptors for wired devices in usb_authorize_device(). (bnc#904358) - usbback: Do not access request fields in shared ring more than once. - usbhid: add another mouse that needs QUIRK_ALWAYS_POLL. (bnc#888607) - vfs,proc: guarantee unique inodes in /proc. (bnc#868049) - x86, cpu hotplug: Fix stack frame warning incheck_irq_vectors_for_cpu_disable(). (bnc#887418) - x86, ioremap: Speed up check for RAM pages (Boot time optimisations (bnc#895387)). - x86: Add check for number of available vectors before CPU down. (bnc#887418) - x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)). - x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). - xfs: Do not free EFIs before the EFDs are committed (bsc#755743). - xfs: Do not reference the EFI after it is freed (bsc#755743). - xfs: fix cil push sequence after log recovery (bsc#755743). - zcrypt: support for extended number of ap domains (bnc#894058, LTC#117041). - zcrypt: toleration of new crypto adapter hardware (bnc#894058, LTC#117041). last seen 2020-06-05 modified 2014-12-26 plugin id 80250 published 2014-12-26 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80250 title SuSE 11.3 Security Update : Linux kernel (SAT Patch Number 10103) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1480.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 124804 published 2019-05-13 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124804 title EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1480) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3060.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service : - CVE-2014-3610 Lars Bull of Google and Nadav Amit reported a flaw in how KVM handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. - CVE-2014-3611 Lars Bull of Google reported a race condition in the PIT emulation code in KVM. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. - CVE-2014-3645/ CVE-2014-3646 The Advanced Threat Research team at Intel Security discovered that the KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. - CVE-2014-3647 Nadav Amit reported that KVM mishandles noncanonical addresses when emulating instructions that change rip, potentially causing a failed VM-entry. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. - CVE-2014-3673 Liu Wei of Red Hat discovered a flaw in net/core/skbuff.c leading to a kernel panic when receiving malformed ASCONF chunks. A remote attacker could use this flaw to crash the system. - CVE-2014-3687 A flaw in the sctp stack was discovered leading to a kernel panic when receiving duplicate ASCONF chunks. A remote attacker could use this flaw to crash the system. - CVE-2014-3688 It was found that the sctp stack is prone to a remotely triggerable memory pressure issue caused by excessive queueing. A remote attacker could use this flaw to cause denial-of-service conditions on the system. - CVE-2014-3690 Andy Lutomirski discovered that incorrect register handling in KVM may lead to denial of service. - CVE-2014-7207 Several Debian developers reported an issue in the IPv6 networking subsystem. A local user with access to tun or macvtap devices, or a virtual machine connected to such a device, can cause a denial of service (system crash). This update includes a bug fix related to CVE-2014-7207 that disables UFO (UDP Fragmentation Offload) in the macvtap, tun, and virtio_net drivers. This will cause migration of a running VM from a host running an earlier kernel version to a host running this kernel version to fail, if the VM has been assigned a virtio network device. In order to migrate such a VM, it must be shut down first. last seen 2020-03-17 modified 2014-11-03 plugin id 78784 published 2014-11-03 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78784 title Debian DSA-3060-1 : linux - security update NASL family Scientific Linux Local Security Checks NASL id SL_20151119_KERNEL_ON_SL7_X.NASL description * A flaw was found in the way the Linux kernel last seen 2020-03-18 modified 2015-12-22 plugin id 87559 published 2015-12-22 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87559 title Scientific Linux Security Update : kernel on SL7.x x86_64 (20151119) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2152.NASL description Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 86972 published 2015-11-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86972 title RHEL 7 : kernel (RHSA-2015:2152) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-2152.NASL description Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 87135 published 2015-12-02 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87135 title CentOS 7 : kernel (CESA-2015:2152) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-0068-1.NASL description The SUSE Linux Enterprise 12 kernel was updated to 3.12.31 to receive various security and bugfixes. Security issues fixed: CVE-2014-9322: A local privilege escalation in the x86_64 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code. - CVE-2014-9090: Various issues in LDT handling in 32bit compatibility mode on the x86_64 platform were fixed, where local attackers could crash the machine. - CVE-2014-8133: Insufficient validation of TLS register usage could leak information from the kernel stack to userspace. - CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. - CVE-2014-3647: Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandled noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO could use this flaw to cause a denial of service (system crash) of the guest. - CVE-2014-3611: A race condition flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 83665 published 2015-05-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83665 title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0068-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-230.NASL description Multiple vulnerabilities has been found and corrected in the Linux kernel : The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (CVE-2014-3610). Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation (CVE-2014-3611). arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application (CVE-2014-3645). arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application (CVE-2014-3646). arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application (CVE-2014-3647). The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (CVE-2014-3673). The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter (CVE-2014-3687). arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU (CVE-2014-3690). kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application (CVE-2014-7825). kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (CVE-2014-7826). The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call (CVE-2014-7970). The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601 (CVE-2014-8369). The updated packages provides a solution for these security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 79610 published 2014-11-28 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79610 title Mandriva Linux Security Advisory : kernel (MDVSA-2014:230) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2394-1.NASL description Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) Raphael Geissert reported a NULL pointer dereference in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 78764 published 2014-10-31 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78764 title Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2394-1)
Redhat
rpms |
|
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=234f3ce485d54017f15cf5e0699cff4100121601
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=234f3ce485d54017f15cf5e0699cff4100121601
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d1442d85cc30ea75f7d399474ca738e0bc96f715
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d1442d85cc30ea75f7d399474ca738e0bc96f715
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
- http://www.debian.org/security/2014/dsa-3060
- http://www.debian.org/security/2014/dsa-3060
- http://www.openwall.com/lists/oss-security/2014/10/24/9
- http://www.openwall.com/lists/oss-security/2014/10/24/9
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/70748
- http://www.securityfocus.com/bid/70748
- http://www.ubuntu.com/usn/USN-2394-1
- http://www.ubuntu.com/usn/USN-2394-1
- http://www.ubuntu.com/usn/USN-2417-1
- http://www.ubuntu.com/usn/USN-2417-1
- http://www.ubuntu.com/usn/USN-2418-1
- http://www.ubuntu.com/usn/USN-2418-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1144897
- https://bugzilla.redhat.com/show_bug.cgi?id=1144897
- https://github.com/torvalds/linux/commit/234f3ce485d54017f15cf5e0699cff4100121601
- https://github.com/torvalds/linux/commit/234f3ce485d54017f15cf5e0699cff4100121601
- https://github.com/torvalds/linux/commit/d1442d85cc30ea75f7d399474ca738e0bc96f715
- https://github.com/torvalds/linux/commit/d1442d85cc30ea75f7d399474ca738e0bc96f715