Vulnerabilities > CVE-2015-5707 - Integer Overflow or Wraparound vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2733-1.NASL description It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85800 published 2015-09-04 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85800 title Ubuntu 12.04 LTS : linux-lts-trusty vulnerability (USN-2733-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2733-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(85800); script_version("1.9"); script_cvs_date("Date: 2019/09/18 12:31:44"); script_cve_id("CVE-2015-5707"); script_xref(name:"USN", value:"2733-1"); script_name(english:"Ubuntu 12.04 LTS : linux-lts-trusty vulnerability (USN-2733-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2733-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected linux-image-3.13-generic and / or linux-image-3.13-generic-lpae packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/19"); script_set_attribute(attribute:"patch_publication_date", value:"2015/09/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2015-5707"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2733-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.13.0-63-generic", pkgver:"3.13.0-63.104~precise1")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.13.0-63-generic-lpae", pkgver:"3.13.0-63.104~precise1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.13-generic / linux-image-3.13-generic-lpae"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1678-1.NASL description The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2015-6252: Possible file descriptor leak for each VHOST_SET_LOG_FDcommand issued, this could eventually wasting available system resources and creating a denial of service (bsc#942367). - CVE-2015-5707: Possible integer overflow in the calculation of total number of pages in bio_map_user_iov() (bsc#940338). - CVE-2015-5364: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allowed remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood (bsc#936831). - CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allowed remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364 (bsc#936831). - CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bsc#915517). - CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an last seen 2020-06-01 modified 2020-06-02 plugin id 86290 published 2015-10-06 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86290 title SUSE SLED11 / SLES11 Security Update : kernel-source (SUSE-SU-2015:1678-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2015:1678-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(86290); script_version("2.8"); script_cvs_date("Date: 2019/09/11 11:22:12"); script_cve_id("CVE-2014-9728", "CVE-2014-9729", "CVE-2014-9730", "CVE-2014-9731", "CVE-2015-0777", "CVE-2015-1420", "CVE-2015-1805", "CVE-2015-2150", "CVE-2015-2830", "CVE-2015-4167", "CVE-2015-4700", "CVE-2015-5364", "CVE-2015-5366", "CVE-2015-5707", "CVE-2015-6252"); script_bugtraq_id(72357, 73014, 73699, 73921, 74951, 74963, 74964, 75001, 75356, 75510); script_name(english:"SUSE SLED11 / SLES11 Security Update : kernel-source (SUSE-SU-2015:1678-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2015-6252: Possible file descriptor leak for each VHOST_SET_LOG_FDcommand issued, this could eventually wasting available system resources and creating a denial of service (bsc#942367). - CVE-2015-5707: Possible integer overflow in the calculation of total number of pages in bio_map_user_iov() (bsc#940338). - CVE-2015-5364: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allowed remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood (bsc#936831). - CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allowed remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364 (bsc#936831). - CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bsc#915517). - CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an 'I/O' vector array overrun. (bsc#933429) - CVE-2015-2150: Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. (bsc#919463) - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. (bsc#926240) - CVE-2015-4700: The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allowed local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler (bsc#935705). - CVE-2015-4167: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 did not validate certain length values, which allowed local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem (bsc#933907). - CVE-2015-0777: drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. (bsc#917830) - CVE-2014-9728: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not validate certain lengths, which allowed local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c (bsc#933904). - CVE-2014-9730: The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allowed local users to cause a denial of service (system crash) via a crafted UDF filesystem image (bsc#933904). - CVE-2014-9729: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 did not ensure a certain data-structure size consistency, which allowed local users to cause a denial of service (system crash) via a crafted UDF filesystem image (bsc#933904). - CVE-2014-9731: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allowed local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c (bsc#933896). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=777565" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=867362" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=873385" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=883380" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=884333" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=886785" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=891116" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=894936" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=915517" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=917830" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=917968" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=919463" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=920016" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=920110" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=920250" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=920733" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=921430" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=923002" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=923245" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=923431" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=924701" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=925705" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=925881" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=925903" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=926240" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=926953" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=927355" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=928988" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=929076" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=929142" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=929143" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=930092" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=930934" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=931620" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=932350" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=932458" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=932882" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=933429" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=933721" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=933896" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=933904" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=933907" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=933936" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=934944" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=935053" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=935055" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=935572" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=935705" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=935866" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=935906" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=936077" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=936095" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=936118" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=936423" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=936637" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=936831" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=936875" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=936921" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=936925" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=937032" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=937256" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=937402" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=937444" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=937503" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=937641" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=937855" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=938485" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=939910" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=939994" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=940338" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=940398" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=940925" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=940966" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=942204" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=942305" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=942350" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=942367" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=942404" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=942605" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=942688" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=942938" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=943477" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9728/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9729/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9730/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9731/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-0777/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-1420/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-1805/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2150/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2830/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4167/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-4700/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-5364/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-5366/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-5707/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-6252/" ); # https://www.suse.com/support/update/announcement/2015/suse-su-20151678-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9ebdd7b0" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 11-SP4 : zypper in -t patch sdksp4-kernel-20150908-12114=1 SUSE Linux Enterprise Server 11-SP4 : zypper in -t patch slessp4-kernel-20150908-12114=1 SUSE Linux Enterprise Server 11-EXTRA : zypper in -t patch slexsp3-kernel-20150908-12114=1 SUSE Linux Enterprise Desktop 11-SP4 : zypper in -t patch sledsp4-kernel-20150908-12114=1 SUSE Linux Enterprise Debuginfo 11-SP4 : zypper in -t patch dbgsp4-kernel-20150908-12114=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-extra"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/12"); script_set_attribute(attribute:"patch_publication_date", value:"2015/09/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED11|SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED11 / SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp); if (os_ver == "SLED11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED11 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-extra-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-trace-extra-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-extra-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"kernel-default-man-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-base-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-devel-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-source-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-syms-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-base-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-devel-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-extra-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-base-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-devel-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-base-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-devel-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-base-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-devel-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-extra-3.0.101-65.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-extra-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"kernel-default-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"kernel-default-base-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"kernel-default-devel-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"kernel-default-extra-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"kernel-source-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"kernel-syms-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"kernel-trace-devel-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"kernel-xen-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"kernel-xen-extra-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"kernel-pae-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"kernel-pae-extra-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"kernel-default-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"kernel-default-base-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"kernel-default-devel-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"kernel-default-extra-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"kernel-source-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"kernel-syms-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"kernel-trace-devel-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"kernel-xen-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"kernel-xen-base-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"kernel-xen-devel-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"kernel-xen-extra-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"kernel-pae-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"kernel-pae-base-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"kernel-pae-devel-3.0.101-65.1")) flag++; if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"kernel-pae-extra-3.0.101-65.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-source"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0785-1.NASL description The SUSE Linux Enterprise 12 kernel was updated to 3.12.55 to receive various security and bugfixes. Features added : - A improved XEN blkfront module was added, which allows more I/O bandwidth. (FATE#320625) It is called xen-blkfront in PV, and xen-vbd-upstream in HVM mode. The following security bugs were fixed : - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request (bnc#940338). - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states last seen 2020-06-01 modified 2020-06-02 plugin id 89993 published 2016-03-17 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89993 title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:0785-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1611-1.NASL description The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2015-5707: An integer overflow in the SCSI generic driver could be potentially used by local attackers to crash the kernel or execute code (bsc#940338). - CVE-2015-5364: A remote denial of service (hang) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-5366: A remote denial of service (unexpected error returns) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-1420: A race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517). - CVE-2015-4700: A local user could have created a bad instruction in the JIT processed BPF code, leading to a kernel crash (bnc#935705). - CVE-2015-4167: The UDF filesystem in the Linux kernel was vulnerable to a crash which could occur while fetching inode information from a corrupted/malicious udf file system image. (bsc#933907). - CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731: Various issues in handling UDF filesystems in the Linux kernel allowed the corruption of kernel memory and other issues. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash. (bsc#933904 bsc#933896) - CVE-2015-2150: The Linux kernel did not properly restrict access to PCI command registers, which might have allowed local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response (bsc#919463). - CVE-2015-0777: drivers/xen/usbback/usbback.c as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allowed guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors (bnc#917830). - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not prevent the TS_COMPAT flag from reaching a user-mode task, which might have allowed local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16 (bnc#926240). - CVE-2015-1805: The Linux kernels implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (bsc#933429). Also The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 86121 published 2015-09-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86121 title SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:1611-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2737-1.NASL description It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85874 published 2015-09-09 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85874 title Ubuntu 14.04 LTS : linux-lts-vivid vulnerability (USN-2737-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-3567.NASL description Description of changes: [2.6.39-400.295.2.el6uek] - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] {CVE-2017-7895} [2.6.39-400.295.1.el6uek] - ocfs2/o2net: o2net_listen_data_ready should do nothing if socket state is not TCP_LISTEN (Tariq Saeed) [Orabug: 25510857] - IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 23750748] - ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25534688] - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549845] - ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25549845] - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549845] - KVM: x86: fix emulation of last seen 2020-06-01 modified 2020-06-02 plugin id 100235 published 2017-05-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100235 title Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3567) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-3534.NASL description Description of changes: [3.8.13-118.17.4.el7uek] - Revert last seen 2020-06-01 modified 2020-06-02 plugin id 99160 published 2017-04-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99160 title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3534) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2759-1.NASL description It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-5707) Marc-Andre Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). (CVE-2015-6252) It was discovered that the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 86244 published 2015-10-02 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86244 title Ubuntu 12.04 LTS : linux vulnerabilities (USN-2759-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0585-1.NASL description The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.53 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request (bnc#940338). - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936). - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that was (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 (bnc#955354). - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2015-8550: Optimizations introduced by the compiler could have lead to double fetch vulnerabilities, potentially possibly leading to arbitrary code execution in backend (bsc#957988). - CVE-2015-8551: Xen PCI backend driver did not perform proper sanity checks on the device last seen 2020-06-01 modified 2020-06-02 plugin id 89022 published 2016-02-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89022 title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:0585-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-124.NASL description The openSUSE 13.1 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075). - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951). - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190). - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886). - CVE-2014-8989: The Linux kernel did not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allowed local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a last seen 2020-06-05 modified 2016-02-03 plugin id 88545 published 2016-02-03 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88545 title openSUSE Security Update : the Linux Kernel (openSUSE-2016-124) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1488.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system.(CVE-2015-5157) - A denial of service vulnerability was found in the WhiteHEAT USB Serial Driver (whiteheat_attach function in drivers/usb/serial/whiteheat.c). In the driver, the COMMAND_PORT variable was hard coded and set to 4 (5th element). The driver assumed that the number of ports would always be 5 and used port number 5 as the command port. However, when using a USB device in which the number of ports was set to a number less than 5 (for example, 3), the driver triggered a kernel NULL-pointer dereference. A non-privileged attacker could use this flaw to panic the host.(CVE-2015-5257) - A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded.(CVE-2015-5283) - It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel.(CVE-2015-5307) - A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 124812 published 2019-05-13 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124812 title EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1488) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-310.NASL description This update fixes the CVEs described below. CVE-2015-0272 It was discovered that NetworkManager would set IPv6 MTUs based on the values received in IPv6 RAs (Router Advertisements), without sufficiently validating these values. A remote attacker could exploit this attack to disable IPv6 connectivity. This has been mitigated by adding validation in the kernel. CVE-2015-5156 Jason Wang discovered that when a virtio_net device is connected to a bridge in the same VM, a series of TCP packets forwarded through the bridge may cause a heap buffer overflow. A remote attacker could use this to cause a denial of service (crash) or possibly for privilege escalation. CVE-2015-5364 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. CVE-2015-5366 It was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum. CVE-2015-5697 A flaw was discovered in the md driver in the Linux kernel leading to an information leak. CVE-2015-5707 An integer overflow in the SCSI generic driver in the Linux kernel was discovered. A local user with write permission on a SCSI generic device could potentially exploit this flaw for privilege escalation. CVE-2015-6937 It was found that the Reliable Datagram Sockets (RDS) protocol implementation did not verify that an underlying transport exists when creating a connection. Depending on how a local RDS application initialised its sockets, a remote attacker might be able to cause a denial of service (crash) by sending a crafted packet. For the oldoldstable distribution (squeeze), these problems have been fixed in version 2.6.32-48squeeze14. For the oldstable distribution (wheezy), these problems have been fixed in version 3.2.68-1+deb7u4 or earlier. For the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt11-1+deb8u4 or earlier. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-09-22 plugin id 86049 published 2015-09-22 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86049 title Debian DLA-310-1 : linux-2.6 security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2750-1.NASL description It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 86205 published 2015-09-30 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86205 title Ubuntu 14.04 LTS : linux-lts-utopic vulnerability (USN-2750-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1478-1.NASL description The SUSE Linux Enterprise Server 11 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-5707: An integer overflow in the SCSI generic driver could be potentially used by local attackers to crash the kernel or execute code. - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not prevent the TS_COMPAT flag from reaching a user-mode task, which might have allowed local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16 (bnc#926240). - CVE-2015-0777: drivers/xen/usbback/usbback.c in the Linux kernel allowed guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors (bnc#917830). - CVE-2015-2150: Xen and the Linux kernel did not properly restrict access to PCI command registers, which might have allowed local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response (bnc#919463). - CVE-2015-5364: A remote denial of service (hang) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-5366: A remote denial of service (unexpected error returns) via UDP flood with incorrect package checksums was fixed. (bsc#936831). - CVE-2015-1420: CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517). - CVE-2015-4700: A local user could have created a bad instruction in the JIT processed BPF code, leading to a kernel crash (bnc#935705). - CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel did not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allowed local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an last seen 2020-06-01 modified 2020-06-02 plugin id 85764 published 2015-09-03 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85764 title SUSE SLES11 Security Update : kernel (SUSE-SU-2015:1478-1) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0058.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - RHEL: complement upstream workaround for CVE-2016-10142. (Quentin Casasnovas) [Orabug: 25765786] (CVE-2016-10142) (CVE-2016-10142) - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766914] (CVE-2016-8399) - ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765786] (CVE-2016-10142) - sg_write/bsg_write is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765448] (CVE-2016-10088) - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25752011] (CVE-2017-7187) - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696689] (CVE-2017-2636) - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696689] (CVE-2017-2636) - drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696689] (CVE-2017-2636) - list: introduce list_first_entry_or_null (Jiri Pirko) [Orabug: 25696689] (CVE-2017-2636) - firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451538] (CVE-2016-8633) - x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463929] (CVE-2016-3672) - x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463929] (CVE-2016-3672) - sg_start_req: make sure that there last seen 2020-06-01 modified 2020-06-02 plugin id 99164 published 2017-04-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99164 title OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0058) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0057.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 99163 published 2017-04-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99163 title OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3329.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. - CVE-2015-1333 Colin Ian King discovered a flaw in the add_key function of the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 85281 published 2015-08-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85281 title Debian DSA-3329-1 : linux - security update NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-3535.NASL description Description of changes: [2.6.39-400.294.6.el6uek] - RHEL: complement upstream workaround for CVE-2016-10142. (Quentin Casasnovas) [Orabug: 25765786] {CVE-2016-10142} {CVE-2016-10142} [2.6.39-400.294.5.el6uek] - net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766914] {CVE-2016-8399} - ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765786] {CVE-2016-10142} - sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765448] {CVE-2016-10088} - scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25752011] {CVE-2017-7187} [2.6.39-400.294.4.el6uek] - tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696689] {CVE-2017-2636} - TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696689] {CVE-2017-2636} - drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696689] {CVE-2017-2636} - list: introduce list_first_entry_or_null (Jiri Pirko) [Orabug: 25696689] {CVE-2017-2636} - firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451538] {CVE-2016-8633} - x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463929] {CVE-2016-3672} - x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463929] {CVE-2016-3672} - sg_start_req(): make sure that there last seen 2020-06-01 modified 2020-06-02 plugin id 99161 published 2017-04-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99161 title Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3535) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0106.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] (CVE-2017-7895) - ocfs2/o2net: o2net_listen_data_ready should do nothing if socket state is not TCP_LISTEN (Tariq Saeed) [Orabug: 25510857] - IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 23750748] - ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25534688] - uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549845] - ksplice: add sysctls for determining Ksplice features. (Jamie Iles) - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549845] - KVM: x86: fix emulation of last seen 2020-06-01 modified 2020-06-02 plugin id 100238 published 2017-05-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100238 title OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0106) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-686.NASL description The openSUSE 13.2 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2015-3290: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform improperly relied on espfix64 during nested NMI processing, which allowed local users to gain privileges by triggering an NMI within a certain instruction window (bnc#937969) - CVE-2015-0272: It was reported that it last seen 2020-06-05 modified 2015-10-30 plugin id 86668 published 2015-10-30 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86668 title openSUSE Security Update : the Linux Kernel (openSUSE-2015-686) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2734-1.NASL description It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85801 published 2015-09-04 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85801 title Ubuntu 14.04 LTS : linux vulnerability (USN-2734-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2738-1.NASL description It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85875 published 2015-09-09 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85875 title Ubuntu 15.04 : linux vulnerability (USN-2738-1)
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00032.html
- http://www.debian.org/security/2015/dsa-3329
- http://www.debian.org/security/2015/dsa-3329
- http://www.openwall.com/lists/oss-security/2015/08/01/6
- http://www.openwall.com/lists/oss-security/2015/08/01/6
- http://www.securityfocus.com/bid/76145
- http://www.securityfocus.com/bid/76145
- http://www.securitytracker.com/id/1033521
- http://www.securitytracker.com/id/1033521
- http://www.ubuntu.com/usn/USN-2733-1
- http://www.ubuntu.com/usn/USN-2733-1
- http://www.ubuntu.com/usn/USN-2734-1
- http://www.ubuntu.com/usn/USN-2734-1
- http://www.ubuntu.com/usn/USN-2737-1
- http://www.ubuntu.com/usn/USN-2737-1
- http://www.ubuntu.com/usn/USN-2738-1
- http://www.ubuntu.com/usn/USN-2738-1
- http://www.ubuntu.com/usn/USN-2750-1
- http://www.ubuntu.com/usn/USN-2750-1
- http://www.ubuntu.com/usn/USN-2759-1
- http://www.ubuntu.com/usn/USN-2759-1
- http://www.ubuntu.com/usn/USN-2760-1
- http://www.ubuntu.com/usn/USN-2760-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1250030
- https://bugzilla.redhat.com/show_bug.cgi?id=1250030
- https://github.com/torvalds/linux/commit/451a2886b6bf90e2fb378f7c46c655450fb96e81
- https://github.com/torvalds/linux/commit/451a2886b6bf90e2fb378f7c46c655450fb96e81
- https://github.com/torvalds/linux/commit/fdc81f45e9f57858da6351836507fbcf1b7583ee
- https://github.com/torvalds/linux/commit/fdc81f45e9f57858da6351836507fbcf1b7583ee
- https://source.android.com/security/bulletin/2017-07-01
- https://source.android.com/security/bulletin/2017-07-01