Vulnerabilities > CVE-2016-0821 - Use of Uninitialized Resource vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
local
low complexity
linux
google
CWE-908
nessus

Summary

The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.

Vulnerable Configurations

Part Description Count
OS
Linux
2422
OS
Google
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2967-1.NASL
    descriptionIt was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312) Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7566) Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833) It was discovered that a race condition existed when handling heartbeat- timeout events in the SCTP implementation of the Linux kernel. A remote attacker could use this to cause a denial of service. (CVE-2015-8767) Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91087
    published2016-05-12
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91087
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-2967-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2967-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91087);
      script_version("2.24");
      script_cvs_date("Date: 2019/09/18 12:31:45");
    
      script_cve_id("CVE-2013-4312", "CVE-2015-1805", "CVE-2015-7515", "CVE-2015-7566", "CVE-2015-7833", "CVE-2015-8767", "CVE-2015-8812", "CVE-2016-0723", "CVE-2016-0774", "CVE-2016-0821", "CVE-2016-2069", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-2847");
      script_xref(name:"USN", value:"2967-1");
    
      script_name(english:"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2967-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the Linux kernel did not properly enforce
    rlimits for file descriptors sent over UNIX domain sockets. A local
    attacker could use this to cause a denial of service. (CVE-2013-4312)
    
    Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in
    the Linux kernel did not properly sanity check the endpoints reported
    by the device. An attacker with physical access could cause a denial
    of service (system crash). (CVE-2015-7515)
    
    Ralf Spenneberg discovered that the USB driver for Clie devices in the
    Linux kernel did not properly sanity check the endpoints reported by
    the device. An attacker with physical access could cause a denial of
    service (system crash). (CVE-2015-7566)
    
    Ralf Spenneberg discovered that the usbvision driver in the Linux
    kernel did not properly sanity check the interfaces and endpoints
    reported by the device. An attacker with physical access could cause a
    denial of service (system crash). (CVE-2015-7833)
    
    It was discovered that a race condition existed when handling
    heartbeat- timeout events in the SCTP implementation of the Linux
    kernel. A remote attacker could use this to cause a denial of service.
    (CVE-2015-8767)
    
    Venkatesh Pottem discovered a use-after-free vulnerability in the
    Linux kernel's CXGB3 driver. A local attacker could use this to cause
    a denial of service (system crash) or possibly execute arbitrary code.
    (CVE-2015-8812)
    
    It was discovered that a race condition existed in the ioctl handler
    for the TTY driver in the Linux kernel. A local attacker could use
    this to cause a denial of service (system crash) or expose sensitive
    information. (CVE-2016-0723)
    
    It was discovered that the Linux kernel did not keep accurate track of
    pipe buffer details when error conditions occurred, due to an
    incomplete fix for CVE-2015-1805. A local attacker could use this to
    cause a denial of service (system crash) or possibly execute arbitrary
    code with administrative privileges. (CVE-2016-0774)
    
    Zach Riggle discovered that the Linux kernel's list poison feature did
    not take into account the mmap_min_addr value. A local attacker could
    use this to bypass the kernel's poison-pointer protection mechanism
    while attempting to exploit an existing kernel vulnerability.
    (CVE-2016-0821)
    
    Andy Lutomirski discovered a race condition in the Linux kernel's
    translation lookaside buffer (TLB) handling of flush events. A local
    attacker could use this to cause a denial of service or possibly leak
    sensitive information. (CVE-2016-2069)
    
    Dmitry Vyukov discovered that the Advanced Linux Sound Architecture
    (ALSA) framework did not verify that a FIFO was attached to a client
    before attempting to clear it. A local attacker could use this to
    cause a denial of service (system crash). (CVE-2016-2543)
    
    Dmitry Vyukov discovered that a race condition existed in the Advanced
    Linux Sound Architecture (ALSA) framework between timer setup and
    closing of the client, resulting in a use-after-free. A local attacker
    could use this to cause a denial of service. (CVE-2016-2544)
    
    Dmitry Vyukov discovered a race condition in the timer handling
    implementation of the Advanced Linux Sound Architecture (ALSA)
    framework, resulting in a use-after-free. A local attacker could use
    this to cause a denial of service (system crash). (CVE-2016-2545)
    
    Dmitry Vyukov discovered race conditions in the Advanced Linux Sound
    Architecture (ALSA) framework's timer ioctls leading to a
    use-after-free. A local attacker could use this to cause a denial of
    service (system crash) or possibly execute arbitrary code.
    (CVE-2016-2546)
    
    Dmitry Vyukov discovered that the Advanced Linux Sound Architecture
    (ALSA) framework's handling of high resolution timers did not properly
    manage its data structures. A local attacker could use this to cause a
    denial of service (system hang or crash) or possibly execute arbitrary
    code. (CVE-2016-2547, CVE-2016-2548)
    
    Dmitry Vyukov discovered that the Advanced Linux Sound Architecture
    (ALSA) framework's handling of high resolution timers could lead to a
    deadlock condition. A local attacker could use this to cause a denial
    of service (system hang). (CVE-2016-2549)
    
    Ralf Spenneberg discovered that the USB driver for Treo devices in the
    Linux kernel did not properly sanity check the endpoints reported by
    the device. An attacker with physical access could cause a denial of
    service (system crash). (CVE-2016-2782)
    
    It was discovered that the Linux kernel did not enforce limits on the
    amount of data allocated to buffer pipes. A local attacker could use
    this to cause a denial of service (resource exhaustion).
    (CVE-2016-2847).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2967-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-4312", "CVE-2015-1805", "CVE-2015-7515", "CVE-2015-7566", "CVE-2015-7833", "CVE-2015-8767", "CVE-2015-8812", "CVE-2016-0723", "CVE-2016-0774", "CVE-2016-0821", "CVE-2016-2069", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-2847");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2967-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-102-generic", pkgver:"3.2.0-102.142")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-102-generic-pae", pkgver:"3.2.0-102.142")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-102-highbank", pkgver:"3.2.0-102.142")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-102-virtual", pkgver:"3.2.0-102.142")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.2-generic / linux-image-3.2-generic-pae / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1533.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-05-14
    plugin id124986
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124986
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1533)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124986);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2013-4515",
        "CVE-2013-6378",
        "CVE-2014-0196",
        "CVE-2014-3673",
        "CVE-2014-3690",
        "CVE-2014-9715",
        "CVE-2014-9731",
        "CVE-2015-2672",
        "CVE-2015-6937",
        "CVE-2015-7613",
        "CVE-2015-8844",
        "CVE-2016-0821",
        "CVE-2016-2066",
        "CVE-2016-6156",
        "CVE-2017-1000251",
        "CVE-2017-18200",
        "CVE-2017-2671",
        "CVE-2018-10883",
        "CVE-2018-15594",
        "CVE-2018-5344"
      );
      script_bugtraq_id(
        63518,
        63886,
        67199,
        67282,
        70691,
        70883,
        73953,
        75001
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1533)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - An integer overflow flaw was found in the way the Linux
        kernel's netfilter connection tracking implementation
        loaded extensions. An attacker on a local network could
        potentially send a sequence of specially crafted
        packets that would initiate the loading of a large
        number of extensions, causing the targeted system in
        that network to crash.(CVE-2014-9715i1/4%0
    
      - A flaw was found in the Linux kernel which could cause
        a kernel panic when restoring machine specific
        registers on the PowerPC platform. Incorrect
        transactional memory state registers could
        inadvertently change the call path on return from
        userspace and cause the kernel to enter an unknown
        state and crash.(CVE-2015-8844i1/4%0
    
      - A timing flaw was found in the Chrome EC driver in the
        Linux kernel. An attacker could abuse timing to skip
        validation checks to copy additional data from
        userspace possibly increasing privilege or crashing the
        system.(CVE-2016-6156i1/4%0
    
      - A race condition flaw was found in the way the Linux
        kernel's IPC subsystem initialized certain fields in an
        IPC object structure that were later used for
        permission checking before inserting the object into a
        globally visible list. A local, unprivileged user could
        potentially use this flaw to elevate their privileges
        on the system.(CVE-2015-7613i1/4%0
    
      - A path length checking flaw was found in Linux kernels
        built with UDF file system (CONFIG_UDF_FS) support. An
        attacker able to mount a corrupted/malicious UDF file
        system image could use this flaw to leak kernel memory
        to user-space.(CVE-2014-9731i1/4%0
    
      - A race condition leading to a NULL pointer dereference
        was found in the Linux kernel's Link Layer Control
        implementation. A local attacker with access to ping
        sockets could use this flaw to crash the
        system.(CVE-2017-2671i1/4%0
    
      - The f2fs implementation in the Linux kernel, before
        4.14, mishandles reference counts associated with
        f2fs_wait_discard_bios calls. This allows local users
        to cause a denial of service (BUG), as demonstrated by
        fstrim.(CVE-2017-18200i1/4%0
    
      - The LIST_POISON feature in include/linux/poison.h in
        the Linux kernel before 4.3, as used in Android 6.0.1
        before 2016-03-01, does not properly consider the
        relationship to the mmap_min_addr value, which makes it
        easier for attackers to bypass a poison-pointer
        protection mechanism by triggering the use of an
        uninitialized list entry, aka Android internal bug
        26186802, a different vulnerability than
        CVE-2015-3636.(CVE-2016-0821i1/4%0
    
      - The xsave/xrstor implementation in
        arch/x86/include/asm/xsave.h in the Linux kernel before
        3.19.2 creates certain .altinstr_replacement pointers
        and consequently does not provide any protection
        against instruction faulting, which allows local users
        to cause a denial of service (panic) by triggering a
        fault, as demonstrated by an unaligned memory operand
        or a non-canonical address memory
        operand.(CVE-2015-2672i1/4%0
    
      - The n_tty_write function in drivers/tty/n_tty.c in the
        Linux kernel through 3.14.3 does not properly manage
        tty driver access in the 'LECHO i1/4+ !OPOST' case, which
        allows local users to cause a denial of service (memory
        corruption and system crash) or gain privileges by
        triggering a race condition involving read and write
        operations with long strings.(CVE-2014-0196i1/4%0
    
      - In the Linux kernel through 4.14.13,
        drivers/block/loop.c mishandles lo_release
        serialization, which allows attackers to cause a denial
        of service (__lock_acquire use-after-free) or possibly
        have unspecified other impact.(CVE-2018-5344i1/4%0
    
      - The lbs_debugfs_write function in
        drivers/net/wireless/libertas/debugfs.c in the Linux
        kernel through 3.12.1 allows local users to cause a
        denial of service (OOPS) by leveraging root privileges
        for a zero-length write operation.(CVE-2013-6378i1/4%0
    
      - A NULL-pointer dereference vulnerability was discovered
        in the Linux kernel. The kernel's Reliable Datagram
        Sockets (RDS) protocol implementation did not verify
        that an underlying transport existed before creating a
        connection to a remote server. A local system user
        could exploit this flaw to crash the system by creating
        sockets at specific times to trigger a NULL pointer
        dereference.(CVE-2015-6937i1/4%0
    
      - A stack buffer overflow flaw was found in the way the
        Bluetooth subsystem of the Linux kernel processed
        pending L2CAP configuration responses from a client. On
        systems with the stack protection feature enabled in
        the kernel (CONFIG_CC_STACKPROTECTOR=y, which is
        enabled on all architectures other than s390x and
        ppc64le), an unauthenticated attacker able to initiate
        a connection to a system via Bluetooth could use this
        flaw to crash the system. Due to the nature of the
        stack protection feature, code execution cannot be
        fully ruled out, although we believe it is unlikely. On
        systems without the stack protection feature (ppc64le
        the Bluetooth modules are not built on s390x), an
        unauthenticated attacker able to initiate a connection
        to a system via Bluetooth could use this flaw to
        remotely execute arbitrary code on the system with ring
        0 (kernel) privileges.(CVE-2017-1000251i1/4%0
    
      - Integer signedness error in the MSM QDSP6 audio driver
        for the Linux kernel 3.x, as used in Qualcomm
        Innovation Center (QuIC) Android contributions for MSM
        devices and other products, allows attackers to gain
        privileges or cause a denial of service (memory
        corruption) via a crafted application that makes an
        ioctl call.(CVE-2016-2066i1/4%0
    
      - The bcm_char_ioctl function in
        drivers/staging/bcm/Bcmchar.c in the Linux kernel
        before 3.12 does not initialize a certain data
        structure, which allows local users to obtain sensitive
        information from kernel memory via an
        IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl
        call.(CVE-2013-4515i1/4%0
    
      - A flaw was found in the way the Linux kernel's Stream
        Control Transmission Protocol (SCTP) implementation
        handled malformed Address Configuration Change Chunks
        (ASCONF). A remote attacker could use either of these
        flaws to crash the system.(CVE-2014-3673i1/4%0
    
      - It was found that paravirt_patch_call/jump() functions
        in the arch/x86/kernel/paravirt.c in the Linux kernel
        mishandles certain indirect calls, which makes it
        easier for attackers to conduct Spectre-v2 attacks
        against paravirtualized guests.(CVE-2018-15594i1/4%0
    
      - It was found that the Linux kernel's KVM implementation
        did not ensure that the host CR4 control register value
        remained unchanged across VM entries on the same
        virtual CPU. A local, unprivileged user could use this
        flaw to cause a denial of service on the
        system.(CVE-2014-3690i1/4%0
    
      - A flaw was found in the Linux kernel's ext4 filesystem.
        A local user can cause an out-of-bound write in
        jbd2_journal_dirty_metadata(), a denial of service, and
        a system crash by mounting and operating on a crafted
        ext4 filesystem image.(CVE-2018-10883i1/4%0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1533
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b6ad58ff");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-4.19.28-1.2.117",
            "kernel-devel-4.19.28-1.2.117",
            "kernel-headers-4.19.28-1.2.117",
            "kernel-tools-4.19.28-1.2.117",
            "kernel-tools-libs-4.19.28-1.2.117",
            "kernel-tools-libs-devel-4.19.28-1.2.117",
            "perf-4.19.28-1.2.117",
            "python-perf-4.19.28-1.2.117"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1491.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-05-13
    plugin id124815
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124815
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1491)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124815);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2016-0728",
        "CVE-2016-0758",
        "CVE-2016-0821",
        "CVE-2016-0823",
        "CVE-2016-10044",
        "CVE-2016-10088",
        "CVE-2016-10200",
        "CVE-2016-10208",
        "CVE-2016-10229",
        "CVE-2016-1575",
        "CVE-2016-1576",
        "CVE-2016-2053",
        "CVE-2016-2069",
        "CVE-2016-2070",
        "CVE-2016-2117",
        "CVE-2016-2184",
        "CVE-2016-2185",
        "CVE-2016-2186",
        "CVE-2016-2187",
        "CVE-2016-2188",
        "CVE-2016-2384",
        "CVE-2016-2543",
        "CVE-2016-2544"
      );
    
      script_name(english:"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1491)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - A use-after-free flaw was found in the way the Linux
        kernel's key management subsystem handled keyring
        object reference counting in certain error path of the
        join_session_keyring() function. A local, unprivileged
        user could use this flaw to escalate their privileges
        on the system.(CVE-2016-0728)
    
      - A flaw was found in the way the Linux kernel's ASN.1
        DER decoder processed certain certificate files with
        tags of indefinite length. A local, unprivileged user
        could use a specially crafted X.509 certificate DER
        file to crash the system or, potentially, escalate
        their privileges on the system.(CVE-2016-0758)
    
      - The LIST_POISON feature in include/linux/poison.h in
        the Linux kernel before 4.3, as used in Android 6.0.1
        before 2016-03-01, does not properly consider the
        relationship to the mmap_min_addr value, which makes it
        easier for attackers to bypass a poison-pointer
        protection mechanism by triggering the use of an
        uninitialized list entry, aka Android internal bug
        26186802, a different vulnerability than
        CVE-2015-3636.(CVE-2016-0821)
    
      - The pagemap_open function in fs/proc/task_mmu.c in the
        Linux kernel before 3.19.3, as used in Android 6.0.1
        before 2016-03-01, allows local users to obtain
        sensitive physical-address information by reading a
        pagemap file, aka Android internal bug
        25739721.(CVE-2016-0823)
    
      - The aio_mount function in fs/aio.c in the Linux kernel
        does not properly restrict execute access, which makes
        it easier for local users to bypass intended SELinux
        W^X policy restrictions.(CVE-2016-10044)
    
      - It was found that the fix for CVE-2016-9576 was
        incomplete: the Linux kernel's sg implementation did
        not properly restrict write operations in situations
        where the KERNEL_DS option is set. A local attacker to
        read or write to arbitrary kernel memory locations or
        cause a denial of service (use-after-free) by
        leveraging write access to a /dev/sg
        device.(CVE-2016-10088)
    
      - A use-after-free flaw was found in the Linux kernel
        which enables a race condition in the L2TPv3 IP
        Encapsulation feature. A local user could use this flaw
        to escalate their privileges or crash the
        system.(CVE-2016-10200)
    
      - Mounting a crafted EXT4 image read-only leads to an
        attacker controlled memory corruption and
        SLAB-Out-of-Bounds reads.(CVE-2016-10208)
    
      - The Linux kernel allows remote attackers to execute
        arbitrary code via UDP traffic that triggers an unsafe
        second checksum calculation during execution of a recv
        system call with the MSG_PEEK flag. This may create a
        kernel panic or memory corruption leading to privilege
        escalation.(CVE-2016-10229)
    
      - The overlayfs implementation in the Linux kernel
        through 4.5.2 does not properly maintain POSIX ACL
        xattr data, which allows local users to gain privileges
        by leveraging a group-writable setgid
        directory.(CVE-2016-1575)
    
      - The overlayfs implementation in the Linux kernel
        through 4.5.2 does not properly restrict the mount
        namespace, which allows local users to gain privileges
        by mounting an overlayfs filesystem on top of a FUSE
        filesystem, and then executing a crafted setuid
        program.(CVE-2016-1576)
    
      - A syntax vulnerability was discovered in the kernel's
        ASN1.1 DER decoder, which could lead to memory
        corruption or a complete local denial of service
        through x509 certificate DER files. A local system user
        could use a specially created key file to trigger
        BUG_ON() in the public_key_verify_signature() function
        (crypto/asymmetric_keys/public_key.c), to cause a
        kernel panic and crash the system.(CVE-2016-2053)
    
      - A flaw was discovered in the way the Linux kernel dealt
        with paging structures. When the kernel invalidated a
        paging structure that was not in use locally, it could,
        in principle, race against another CPU that is
        switching to a process that uses the paging structure
        in question. A local user could use a thread running
        with a stale cached virtual-i1/4zphysical translation to
        potentially escalate their privileges if the
        translation in question were writable and the physical
        page got reused for something critical (for example, a
        page table).(CVE-2016-2069)
    
      - A divide-by-zero vulnerability was found in a way the
        kernel processes TCP connections. The error can occur
        if a connection starts another cwnd reduction phase by
        setting tp-i1/4zprior_cwnd to the current cwnd (0) in
        tcp_init_cwnd_reduction(). A remote, unauthenticated
        attacker could use this flaw to crash the kernel
        (denial of service).(CVE-2016-2070)
    
      - It was discovered that the atl2_probe() function in the
        Atheros L2 Ethernet driver in the Linux kernel
        incorrectly enabled scatter/gather I/O. A remote
        attacker could use this flaw to obtain potentially
        sensitive information from the kernel
        memory.(CVE-2016-2117)
    
      - The create_fixed_stream_quirk function in
        sound/usb/quirks.c in the snd-usb-audio driver in the
        Linux kernel before 4.5.1 allows physically proximate
        attackers to cause a denial of service (NULL pointer
        dereference or double free, and system crash) via a
        crafted endpoints value in a USB device
        descriptor.(CVE-2016-2184)
    
      - The ati_remote2_probe function in
        drivers/input/misc/ati_remote2.c in the Linux kernel
        before 4.5.1 allows physically proximate attackers to
        cause a denial of service (NULL pointer dereference and
        system crash) via a crafted endpoints value in a USB
        device descriptor.(CVE-2016-2185)
    
      - The powermate_probe function in
        drivers/input/misc/powermate.c in the Linux kernel
        before 4.5.1 allows physically proximate attackers to
        cause a denial of service (NULL pointer dereference and
        system crash) via a crafted endpoints value in a USB
        device descriptor.(CVE-2016-2186)
    
      - The gtco_probe function in drivers/input/tablet/gtco.c
        in the Linux kernel through 4.5.2 allows physically
        proximate attackers to cause a denial of service (NULL
        pointer dereference and system crash) via a crafted
        endpoints value in a USB device
        descriptor.(CVE-2016-2187)
    
      - The iowarrior_probe function in
        drivers/usb/misc/iowarrior.c in the Linux kernel before
        4.5.1 allows physically proximate attackers to cause a
        denial of service (NULL pointer dereference and system
        crash) via a crafted endpoints value in a USB device
        descriptor.(CVE-2016-2188)
    
      - A flaw was found in the USB-MIDI Linux kernel driver: a
        double-free error could be triggered for the 'umidi'
        object. An attacker with physical access to the system
        could use this flaw to escalate their
        privileges.(CVE-2016-2384)
    
      - The snd_seq_ioctl_remove_events function in
        sound/core/seq/seq_clientmgr.c in the Linux kernel
        before 4.4.1 does not verify FIFO assignment before
        proceeding with FIFO clearing, which allows local users
        to cause a denial of service (NULL pointer dereference
        and OOPS) via a crafted ioctl call.(CVE-2016-2543)
    
      - Race condition in the queue_delete function in
        sound/core/seq/seq_queue.c in the Linux kernel before
        4.4.1 allows local users to cause a denial of service
        (use-after-free and system crash) by making an ioctl
        call at a certain time.(CVE-2016-2544)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1491
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2d818220");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-862.14.1.6_42",
            "kernel-devel-3.10.0-862.14.1.6_42",
            "kernel-headers-3.10.0-862.14.1.6_42",
            "kernel-tools-3.10.0-862.14.1.6_42",
            "kernel-tools-libs-3.10.0-862.14.1.6_42",
            "kernel-tools-libs-devel-3.10.0-862.14.1.6_42",
            "perf-3.10.0-862.14.1.6_42",
            "python-perf-3.10.0-862.14.1.6_42"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2969-1.NASL
    descriptionRalf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Ben Hawkes discovered that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91090
    published2016-05-12
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91090
    titleUbuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2969-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3607.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of OpenSource Security reported that various USB drivers do not sufficiently validate USB descriptors. This allowed a physically present user with a specially designed USB device to cause a denial of service (crash). - CVE-2016-0821 Solar Designer noted that the list
    last seen2020-06-01
    modified2020-06-02
    plugin id91886
    published2016-06-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91886
    titleDebian DSA-3607-1 : linux - security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2971-2.NASL
    descriptionUSN-2971-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 15.10 for Ubuntu 14.04 LTS. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Zach Riggle discovered that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91093
    published2016-05-12
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91093
    titleUbuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-2971-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2970-1.NASL
    descriptionRalf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Ben Hawkes discovered that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91091
    published2016-05-12
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91091
    titleUbuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2970-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-516.NASL
    descriptionThis update fixes the CVEs described below. CVE-2016-0821 Solar Designer noted that the list
    last seen2020-03-17
    modified2016-06-20
    plugin id91687
    published2016-06-20
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91687
    titleDebian DLA-516-1 : linux security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2968-1.NASL
    descriptionRalf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Ben Hawkes discovered that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91088
    published2016-05-12
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91088
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-2968-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2968-2.NASL
    descriptionUSN-2968-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Ben Hawkes discovered that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91089
    published2016-05-12
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91089
    titleUbuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2968-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2971-3.NASL
    descriptionRalf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Zach Riggle discovered that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91094
    published2016-05-12
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91094
    titleUbuntu 15.10 : linux-raspi2 vulnerabilities (USN-2971-3)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2971-1.NASL
    descriptionRalf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7515) Zach Riggle discovered that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91092
    published2016-05-12
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91092
    titleUbuntu 15.10 : linux vulnerabilities (USN-2971-1)