Vulnerabilities > CVE-2016-10905 - Use After Free vulnerability in Linux Kernel

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linux
CWE-416
nessus

Summary

An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry.

Vulnerable Configurations

Part Description Count
OS
Linux
3522

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1930.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2016-10905 A race condition was discovered in the GFS2 file-system implementation, which could lead to a use-after-free. On a system using GFS2, a local attacker could use this for denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2018-20976 It was discovered that the XFS file-system implementation did not correctly handle some mount failure conditions, which could lead to a use-after-free. The security impact of this is unclear. CVE-2018-21008 It was discovered that the rsi wifi driver did not correctly handle some failure conditions, which could lead to a use-after- free. The security impact of this is unclear. CVE-2019-0136 It was discovered that the wifi soft-MAC implementation (mac80211) did not properly authenticate Tunneled Direct Link Setup (TDLS) messages. A nearby attacker could use this for denial of service (loss of wifi connectivity). CVE-2019-9506 Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered a weakness in the Bluetooth pairing protocols, dubbed the
    last seen2020-06-01
    modified2020-06-02
    plugin id129361
    published2019-09-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129361
    titleDebian DLA-1930-1 : linux security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1930-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129361);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/23");
    
      script_cve_id("CVE-2016-10905", "CVE-2018-20976", "CVE-2018-21008", "CVE-2019-0136", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15215", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-15807", "CVE-2019-15917", "CVE-2019-15926", "CVE-2019-9506");
    
      script_name(english:"Debian DLA-1930-1 : linux security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or information
    leaks.
    
    CVE-2016-10905
    
    A race condition was discovered in the GFS2 file-system
    implementation, which could lead to a use-after-free. On a system
    using GFS2, a local attacker could use this for denial of service
    (memory corruption or crash) or possibly for privilege escalation.
    
    CVE-2018-20976
    
    It was discovered that the XFS file-system implementation did not
    correctly handle some mount failure conditions, which could lead to a
    use-after-free. The security impact of this is unclear.
    
    CVE-2018-21008
    
    It was discovered that the rsi wifi driver did not correctly handle
    some failure conditions, which could lead to a use-after- free. The
    security impact of this is unclear.
    
    CVE-2019-0136
    
    It was discovered that the wifi soft-MAC implementation (mac80211) did
    not properly authenticate Tunneled Direct Link Setup (TDLS) messages.
    A nearby attacker could use this for denial of service (loss of wifi
    connectivity).
    
    CVE-2019-9506
    
    Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen
    discovered a weakness in the Bluetooth pairing protocols, dubbed the
    'KNOB attack'. An attacker that is nearby during pairing could use
    this to weaken the encryption used between the paired devices, and
    then to eavesdrop on and/or spoof communication between them.
    
    This update mitigates the attack by requiring a minimum
    encryption key length of 56 bits.
    
    CVE-2019-14814, CVE-2019-14815, CVE-2019-14816
    
    Multiple bugs were discovered in the mwifiex wifi driver, which could
    lead to heap buffer overflows. A local user permitted to configure a
    device handled by this driver could probably use this for privilege
    escalation.
    
    CVE-2019-14821
    
    Matt Delco reported a race condition in KVM's coalesced MMIO facility,
    which could lead to out-of-bounds access in the kernel. A local
    attacker permitted to access /dev/kvm could use this to cause a denial
    of service (memory corruption or crash) or possibly for privilege
    escalation.
    
    CVE-2019-14835
    
    Peter Pi of Tencent Blade Team discovered a missing bounds check in
    vhost_net, the network back-end driver for KVM hosts, leading to a
    buffer overflow when the host begins live migration of a VM. An
    attacker in control of a VM could use this to cause a denial of
    service (memory corruption or crash) or possibly for privilege
    escalation on the host.
    
    CVE-2019-15117
    
    Hui Peng and Mathias Payer reported a missing bounds check in the
    usb-audio driver's descriptor parsing code, leading to a buffer
    over-read. An attacker able to add USB devices could possibly use this
    to cause a denial of service (crash).
    
    CVE-2019-15118
    
    Hui Peng and Mathias Payer reported unbounded recursion in the
    usb-audio driver's descriptor parsing code, leading to a stack
    overflow. An attacker able to add USB devices could use this to cause
    a denial of service (memory corruption or crash) or possibly for
    privilege escalation.
    
    CVE-2019-15211
    
    The syzkaller tool found a bug in the radio-raremono driver that could
    lead to a use-after-free. An attacker able to add and remove USB
    devices could use this to cause a denial of service (memory corruption
    or crash) or possibly for privilege escalation.
    
    CVE-2019-15212
    
    The syzkaller tool found that the rio500 driver does not work
    correctly if more than one device is bound to it. An attacker able to
    add USB devices could use this to cause a denial of service (memory
    corruption or crash) or possibly for privilege escalation.
    
    CVE-2019-15215
    
    The syzkaller tool found a bug in the cpia2_usb driver that leads to a
    use-after-free. An attacker able to add and remove USB devices could
    use this to cause a denial of service (memory corruption or crash) or
    possibly for privilege escalation.
    
    CVE-2019-15218
    
    The syzkaller tool found that the smsusb driver did not validate that
    USB devices have the expected endpoints, potentially leading to a NULL pointer dereference. An attacker able to add USB devices could use
    this to cause a denial of service (BUG/oops).
    
    CVE-2019-15219
    
    The syzkaller tool found that a device initialisation error in the
    sisusbvga driver could lead to a NULL pointer dereference. An attacker
    able to add USB devices could use this to cause a denial of service
    (BUG/oops).
    
    CVE-2019-15220
    
    The syzkaller tool found a race condition in the p54usb driver which
    could lead to a use-after-free. An attacker able to add and remove USB
    devices could use this to cause a denial of service (memory corruption
    or crash) or possibly for privilege escalation.
    
    CVE-2019-15221
    
    The syzkaller tool found that the line6 driver did not validate USB
    devices' maximum packet sizes, which could lead to a heap buffer
    overrun. An attacker able to add USB devices could use this to cause a
    denial of service (memory corruption or crash) or possibly for
    privilege escalation.
    
    CVE-2019-15292
    
    The Hulk Robot tool found missing error checks in the Appletalk
    protocol implementation, which could lead to a use-after-free. The
    security impact of this is unclear.
    
    CVE-2019-15807
    
    Jian Luo reported that the Serial Attached SCSI library (libsas) did
    not correctly handle failure to discover devices beyond a SAS
    expander. This could lead to a resource leak and crash (BUG). The
    security impact of this is unclear.
    
    CVE-2019-15917
    
    The syzkaller tool found a race condition in code supporting
    UART-attached Bluetooth adapters, which could lead to a use-
    after-free. A local user with access to a pty device or other suitable
    tty device could use this to cause a denial of service (memory
    corruption or crash) or possibly for privilege escalation.
    
    CVE-2019-15926
    
    It was found that the ath6kl wifi driver did not consistently validate
    traffic class numbers in received control packets, leading to
    out-of-bounds memory accesses. A nearby attacker on the same wifi
    network could use this to cause a denial of service (memory corruption
    or crash) or possibly for privilege escalation.
    
    For Debian 8 'Jessie', these problems have been fixed in version
    3.16.74-1.
    
    We recommend that you upgrade your linux packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/linux"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-arm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-x86");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-x86");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-doc-3.16");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-586");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armhf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-i386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-ixp4xx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-kirkwood");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-orion5x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-versatile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-586");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-ixp4xx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-kirkwood");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-orion5x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-versatile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-libc-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-manual-3.16");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-source-3.16");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-support-3.16.0-9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-linux-system-3.16.0-9-amd64");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.8-arm", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.8-x86", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.9-x86", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-doc-3.16", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-586", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-686-pae", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all-amd64", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all-armel", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all-armhf", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all-i386", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-amd64", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-armmp", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-armmp-lpae", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-common", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-ixp4xx", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-kirkwood", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-orion5x", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-versatile", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-586", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-686-pae", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-686-pae-dbg", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-amd64", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-amd64-dbg", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-armmp", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-armmp-lpae", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-ixp4xx", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-kirkwood", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-orion5x", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-versatile", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-libc-dev", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-manual-3.16", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-source-3.16", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-support-3.16.0-9", reference:"3.16.74-1")) flag++;
    if (deb_check(release:"8.0", prefix:"xen-linux-system-3.16.0-9-amd64", reference:"3.16.74-1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4145-1.NASL
    descriptionIt was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2016-10905) It was discovered that the IPv6 implementation in the Linux kernel did not properly validate socket options in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18509) It was discovered that the USB gadget Midi driver in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-20961) It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-20976) It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that the Atheros mobile chipset driver in the Linux kernel did not properly validate data in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2019-15926). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129491
    published2019-10-01
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129491
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4145-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4145-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129491);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/23");
    
      script_cve_id("CVE-2016-10905", "CVE-2017-18509", "CVE-2018-20961", "CVE-2018-20976", "CVE-2019-0136", "CVE-2019-10207", "CVE-2019-11487", "CVE-2019-13631", "CVE-2019-15211", "CVE-2019-15215", "CVE-2019-15926");
      script_xref(name:"USN", value:"4145-1");
    
      script_name(english:"Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4145-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that a race condition existed in the GFS2 file
    system in the Linux kernel. A local attacker could possibly use this
    to cause a denial of service (system crash). (CVE-2016-10905)
    
    It was discovered that the IPv6 implementation in the Linux kernel did
    not properly validate socket options in some situations. A local
    attacker could use this to cause a denial of service (system crash) or
    possibly execute arbitrary code. (CVE-2017-18509)
    
    It was discovered that the USB gadget Midi driver in the Linux kernel
    contained a double-free vulnerability when handling certain error
    conditions. A local attacker could use this to cause a denial of
    service (system crash). (CVE-2018-20961)
    
    It was discovered that the XFS file system in the Linux kernel did not
    properly handle mount failures in some situations. A local attacker
    could possibly use this to cause a denial of service (system crash) or
    execute arbitrary code. (CVE-2018-20976)
    
    It was discovered that the Intel Wi-Fi device driver in the Linux
    kernel did not properly validate certain Tunneled Direct Link Setup
    (TDLS). A physically proximate attacker could use this to cause a
    denial of service (Wi-Fi disconnect). (CVE-2019-0136)
    
    It was discovered that the Bluetooth UART implementation in the Linux
    kernel did not properly check for missing tty operations. A local
    attacker could use this to cause a denial of service. (CVE-2019-10207)
    
    It was discovered that an integer overflow existed in the Linux kernel
    when reference counting pages, leading to potential use-after-free
    issues. A local attacker could use this to cause a denial of service
    (system crash) or possibly execute arbitrary code. (CVE-2019-11487)
    
    It was discovered that the GTCO tablet input driver in the Linux
    kernel did not properly bounds check the initial HID report sent by
    the device. A physically proximate attacker could use this to cause a
    denial of service (system crash) or possibly execute arbitrary code.
    (CVE-2019-13631)
    
    It was discovered that the Raremono AM/FM/SW radio device driver in
    the Linux kernel did not properly allocate memory, leading to a
    use-after-free. A physically proximate attacker could use this to
    cause a denial of service or possibly execute arbitrary code.
    (CVE-2019-15211)
    
    It was discovered that a race condition existed in the CPiA2
    video4linux device driver for the Linux kernel, leading to a
    use-after-free. A physically proximate attacker could use this to
    cause a denial of service (system crash) or possibly execute arbitrary
    code. (CVE-2019-15215)
    
    It was discovered that the Atheros mobile chipset driver in the Linux
    kernel did not properly validate data in some situations. An attacker
    could use this to cause a denial of service (system crash).
    (CVE-2019-15926).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4145-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-10905", "CVE-2017-18509", "CVE-2018-20961", "CVE-2018-20976", "CVE-2019-0136", "CVE-2019-10207", "CVE-2019-11487", "CVE-2019-13631", "CVE-2019-15211", "CVE-2019-15215", "CVE-2019-15926");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4145-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1059-kvm", pkgver:"4.4.0-1059.66")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1095-aws", pkgver:"4.4.0-1095.106")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1123-raspi2", pkgver:"4.4.0-1123.132")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1127-snapdragon", pkgver:"4.4.0-1127.135")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-165-generic", pkgver:"4.4.0-165.193")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-165-generic-lpae", pkgver:"4.4.0-165.193")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-165-lowlatency", pkgver:"4.4.0-165.193")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-aws", pkgver:"4.4.0.1095.99")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic", pkgver:"4.4.0.165.173")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-lpae", pkgver:"4.4.0.165.173")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-kvm", pkgver:"4.4.0.1059.59")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-lowlatency", pkgver:"4.4.0.165.173")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-raspi2", pkgver:"4.4.0.1123.123")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-snapdragon", pkgver:"4.4.0.1127.119")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-virtual", pkgver:"4.4.0.165.173")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.4-aws / linux-image-4.4-generic / etc");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0266_KERNEL-RT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a
    last seen2020-06-01
    modified2020-06-02
    plugin id132499
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132499
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0266)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0266. The text
    # itself is copyright (C) ZTE, Inc.
    
    include('compat.inc');
    
    if (description)
    {
      script_id(132499);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id(
        "CVE-2011-1079",
        "CVE-2016-10905",
        "CVE-2017-18550",
        "CVE-2017-18595",
        "CVE-2018-7191",
        "CVE-2018-12207",
        "CVE-2018-20836",
        "CVE-2018-20855",
        "CVE-2018-20976",
        "CVE-2019-0154",
        "CVE-2019-0155",
        "CVE-2019-3874",
        "CVE-2019-11135",
        "CVE-2019-11487",
        "CVE-2019-11884",
        "CVE-2019-12382",
        "CVE-2019-15213",
        "CVE-2019-15538",
        "CVE-2019-15807",
        "CVE-2019-15916",
        "CVE-2019-16413",
        "CVE-2019-17075"
      );
      script_bugtraq_id(
        46616,
        107488,
        108054,
        108196,
        108299,
        108380,
        108474
      );
    
      script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0266)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected
    by multiple vulnerabilities:
    
      - The bnep_sock_ioctl function in
        net/bluetooth/bnep/sock.c in the Linux kernel before
        2.6.39 does not ensure that a certain device field ends
        with a '\0' character, which allows local users to
        obtain potentially sensitive information from kernel
        stack memory, or cause a denial of service (BUG and
        system crash), via a BNEPCONNADD command.
        (CVE-2011-1079)
    
      - An issue was discovered in fs/gfs2/rgrp.c in the Linux
        kernel before 4.8. A use-after-free is caused by the
        functions gfs2_clear_rgrpd and read_rindex_entry.
        (CVE-2016-10905)
    
      - An issue was discovered in
        drivers/scsi/aacraid/commctrl.c in the Linux kernel
        before 4.13. There is potential exposure of kernel stack
        memory because aac_get_hba_info does not initialize the
        hbainfo structure. (CVE-2017-18550)
    
      - An issue was discovered in the Linux kernel before
        4.14.11. A double free may be caused by the function
        allocate_trace_buffer in the file kernel/trace/trace.c.
        (CVE-2017-18595)
    
      - Improper invalidation for page table updates by a
        virtual guest operating system for multiple Intel(R)
        Processors may allow an authenticated user to
        potentially enable denial of service of the host system
        via local access. (CVE-2018-12207)
    
      - An issue was discovered in the Linux kernel before 4.20.
        There is a race condition in smp_task_timedout() and
        smp_task_done() in drivers/scsi/libsas/sas_expander.c,
        leading to a use-after-free. (CVE-2018-20836)
    
      - An issue was discovered in the Linux kernel before
        4.18.7. In create_qp_common in
        drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp
        was never initialized, resulting in a leak of stack
        memory to userspace. (CVE-2018-20855)
    
      - An issue was discovered in fs/xfs/xfs_super.c in the
        Linux kernel before 4.18. A use after free exists,
        related to xfs_fs_fill_super failure. (CVE-2018-20976)
    
      - In the tun subsystem in the Linux kernel before 4.13.14,
        dev_get_valid_name is not called before
        register_netdevice. This allows local users to cause a
        denial of service (NULL pointer dereference and panic)
        via an ioctl(TUNSETIFF) call with a dev name containing
        a / character. This is similar to CVE-2013-4343.
        (CVE-2018-7191)
    
      - Insufficient access control in subsystem for Intel (R)
        processor graphics in 6th, 7th, 8th and 9th Generation
        Intel(R) Core(TM) Processor Families; Intel(R)
        Pentium(R) Processor J, N, Silver and Gold Series;
        Intel(R) Celeron(R) Processor J, N, G3900 and G4900
        Series; Intel(R) Atom(R) Processor A and E3900 Series;
        Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100
        Processor Families may allow an authenticated user to
        potentially enable denial of service via local access.
        (CVE-2019-0154)
    
      - Insufficient access control in a subsystem for Intel (R)
        processor graphics in 6th, 7th, 8th and 9th Generation
        Intel(R) Core(TM) Processor Families; Intel(R)
        Pentium(R) Processor J, N, Silver and Gold Series;
        Intel(R) Celeron(R) Processor J, N, G3900 and G4900
        Series; Intel(R) Atom(R) Processor A and E3900 Series;
        Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and
        E-2200 Processor Families; Intel(R) Graphics Driver for
        Windows before 26.20.100.6813 (DCH) or 26.20.100.6812
        and before 21.20.x.5077 (aka15.45.5077), i915 Linux
        Driver for Intel(R) Processor Graphics before versions
        5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may
        allow an authenticated user to potentially enable
        escalation of privilege via local access.
        (CVE-2019-0155)
    
      - TSX Asynchronous Abort condition on some CPUs utilizing
        speculative execution may allow an authenticated user to
        potentially enable information disclosure via a side
        channel with local access. (CVE-2019-11135)
    
      - The Linux kernel before 5.1-rc5 allows page->_refcount
        reference count overflow, with resultant use-after-free
        issues, if about 140 GiB of RAM exists. This is related
        to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,
        include/linux/mm.h, include/linux/pipe_fs_i.h,
        kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can
        occur with FUSE requests. (CVE-2019-11487)
    
      - The do_hidp_sock_ioctl function in
        net/bluetooth/hidp/sock.c in the Linux kernel before
        5.0.15 allows a local user to obtain potentially
        sensitive information from kernel stack memory via a
        HIDPCONNADD command, because a name field may not end
        with a '\0' character. (CVE-2019-11884)
    
      - ** DISPUTED ** An issue was discovered in
        drm_load_edid_firmware in
        drivers/gpu/drm/drm_edid_load.c in the Linux kernel
        through 5.1.5. There is an unchecked kstrdup of fwstr,
        which might allow an attacker to cause a denial of
        service (NULL pointer dereference and system crash).
        NOTE: The vendor disputes this issues as not being a
        vulnerability because kstrdup() returning NULL is
        handled sufficiently and there is no chance for a NULL
        pointer dereference. (CVE-2019-12382)
    
      - An issue was discovered in the Linux kernel before
        5.2.3. There is a use-after-free caused by a malicious
        USB device in the drivers/media/usb/dvb-usb/dvb-usb-
        init.c driver. (CVE-2019-15213)
    
      - An issue was discovered in xfs_setattr_nonsize in
        fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS
        partially wedges when a chgrp fails on account of being
        out of disk quota. xfs_setattr_nonsize is failing to
        unlock the ILOCK after the xfs_qm_vop_chown_reserve call
        fails. This is primarily a local DoS attack vector, but
        it might result as well in remote DoS if the XFS
        filesystem is exported for instance via NFS.
        (CVE-2019-15538)
    
      - In the Linux kernel before 5.1.13, there is a memory
        leak in drivers/scsi/libsas/sas_expander.c when SAS
        expander discovery fails. This will cause a BUG and
        denial of service. (CVE-2019-15807)
    
      - An issue was discovered in the Linux kernel before
        5.0.1. There is a memory leak in
        register_queue_kobjects() in net/core/net-sysfs.c, which
        will cause denial of service. (CVE-2019-15916)
    
      - An issue was discovered in the Linux kernel before
        5.0.4. The 9p filesystem did not protect i_size_write()
        properly, which causes an i_size_read() infinite loop
        and denial of service on SMP systems. (CVE-2019-16413)
    
      - An issue was discovered in write_tpt_entry in
        drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel
        through 5.3.2. The cxgb4 driver is directly calling
        dma_map_single (a DMA function) from a stack variable.
        This could allow an attacker to trigger a Denial of
        Service, exploitable if this driver is used on an
        architecture for which this stack/DMA interaction has
        security relevance. (CVE-2019-17075)
    
      - The SCTP socket buffer used by a userspace application
        is not accounted by the cgroups subsystem. An attacker
        can use this flaw to cause a denial of service attack.
        Kernel 3.10.x and 4.18.x branches are believed to be
        vulnerable. (CVE-2019-3874)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0266");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE
    for more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-20836");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/31");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL CORE 5.04" &&
        release !~ "CGSL MAIN 5.04")
      audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL CORE 5.04": [
        "kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1"
      ],
      "CGSL MAIN 5.04": [
        "kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-rt");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0251_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id129293
    published2019-09-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129293
    titlePhoton OS 1.0: Linux PHSA-2019-1.0-0251
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0264_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a
    last seen2020-06-01
    modified2020-06-02
    plugin id132490
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132490
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0264)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-311-01.NASL
    descriptionNew kernel packages are available for Slackware 14.2 to fix security issues.
    last seen2020-03-17
    modified2019-11-08
    plugin id130751
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130751
    titleSlackware 14.2 : Slackware 14.2 kernel (SSA:2019-311-01)