Vulnerabilities > CVE-2017-12188 - Unspecified vulnerability in Linux Kernel

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
high complexity
linux
nessus

Summary

arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun."

Vulnerable Configurations

Part Description Count
OS
Linux
201

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-0395.NASL
    descriptionFrom Red Hat Security Advisory 2018:0395 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/3368501. Security Fix(es) : * Kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188, Important) * Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518, Moderate) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id107203
    published2018-03-08
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107203
    titleOracle Linux 7 : kernel (ELSA-2018-0395)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2018:0395 and 
    # Oracle Linux Security Advisory ELSA-2018-0395 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(107203);
      script_version("1.5");
      script_cvs_date("Date: 2019/09/27 13:00:38");
    
      script_cve_id("CVE-2017-12188", "CVE-2017-7518");
      script_xref(name:"RHSA", value:"2018:0395");
    
      script_name(english:"Oracle Linux 7 : kernel (ELSA-2018-0395)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2018:0395 :
    
    An update for kernel is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    These updated kernel packages include several security issues and
    numerous bug fixes, some of which you can see below. Space precludes
    documenting all of these bug fixes in this advisory. To see the
    complete list of bug fixes, users are directed to the related
    Knowledge Article: https://access.redhat.com/articles/3368501.
    
    Security Fix(es) :
    
    * Kernel: KVM: MMU potential stack buffer overrun during page walks
    (CVE-2017-12188, Important)
    
    * Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518,
    Moderate)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2018-March/007562.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/03/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2017-12188", "CVE-2017-7518");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2018-0395");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "3.10";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL7", rpm:"kernel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-3.10.0-693.21.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-abi-whitelists-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-693.21.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-debug-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-693.21.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-debug-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-693.21.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-693.21.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-doc-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-doc-3.10.0-693.21.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-headers-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-693.21.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-693.21.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-693.21.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"perf-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"python-perf-3.10.0-693.21.1.el7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0043.NASL
    descriptionAn update of [linux] packages for PhotonOS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111892
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111892
    titlePhoton OS 2.0: Linux PHSA-2017-0043 (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2017-0043. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111892);
      script_version("1.3");
      script_cvs_date("Date: 2019/04/05 23:25:07");
    
      script_cve_id(
        "CVE-2017-12188",
        "CVE-2017-15265",
        "CVE-2017-15649",
        "CVE-2017-15951"
      );
    
      script_name(english:"Photon OS 2.0: Linux PHSA-2017-0043 (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of [linux] packages for PhotonOS has been released.");
      # https://github.com/vmware/photon/wiki/Security-Updates-2-1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a9a12a31");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-15951");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/11/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "linux-4.9.60-1.ph2",
      "linux-api-headers-4.9.60-1.ph2",
      "linux-debuginfo-4.9.60-1.ph2",
      "linux-devel-4.9.60-1.ph2",
      "linux-docs-4.9.60-1.ph2",
      "linux-drivers-gpu-4.9.60-1.ph2",
      "linux-esx-4.9.60-1.ph2",
      "linux-esx-debuginfo-4.9.60-1.ph2",
      "linux-esx-devel-4.9.60-1.ph2",
      "linux-esx-docs-4.9.60-1.ph2",
      "linux-oprofile-4.9.60-1.ph2",
      "linux-secure-4.9.60-1.ph2",
      "linux-secure-debuginfo-4.9.60-1.ph2",
      "linux-secure-devel-4.9.60-1.ph2",
      "linux-secure-docs-4.9.60-1.ph2",
      "linux-sound-4.9.60-1.ph2",
      "linux-tools-4.9.60-1.ph2"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3484-1.NASL
    descriptionIt was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104714
    published2017-11-21
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104714
    titleUbuntu 17.04 : linux, linux-raspi2 vulnerability (USN-3484-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3484-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104714);
      script_version("3.8");
      script_cvs_date("Date: 2019/09/18 12:31:47");
    
      script_cve_id("CVE-2017-12188");
      script_xref(name:"USN", value:"3484-1");
    
      script_name(english:"Ubuntu 17.04 : linux, linux-raspi2 vulnerability (USN-3484-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the KVM subsystem in the Linux kernel did not
    properly keep track of nested levels in guest page tables. A local
    attacker in a guest VM could use this to cause a denial of service
    (host OS crash) or possibly execute arbitrary code in the host OS.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3484-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/11/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(17\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 17.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2017-12188");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3484-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"17.04", pkgname:"linux-image-4.10.0-1021-raspi2", pkgver:"4.10.0-1021.24")) flag++;
    if (ubuntu_check(osver:"17.04", pkgname:"linux-image-4.10.0-40-generic", pkgver:"4.10.0-40.44")) flag++;
    if (ubuntu_check(osver:"17.04", pkgname:"linux-image-4.10.0-40-generic-lpae", pkgver:"4.10.0-40.44")) flag++;
    if (ubuntu_check(osver:"17.04", pkgname:"linux-image-4.10.0-40-lowlatency", pkgver:"4.10.0-40.44")) flag++;
    if (ubuntu_check(osver:"17.04", pkgname:"linux-image-generic", pkgver:"4.10.0.40.40")) flag++;
    if (ubuntu_check(osver:"17.04", pkgname:"linux-image-generic-lpae", pkgver:"4.10.0.40.40")) flag++;
    if (ubuntu_check(osver:"17.04", pkgname:"linux-image-lowlatency", pkgver:"4.10.0.40.40")) flag++;
    if (ubuntu_check(osver:"17.04", pkgname:"linux-image-raspi2", pkgver:"4.10.0.1021.22")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3487-1.NASL
    descriptionIt was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2017-12188) It was discovered that on the PowerPC architecture, the kernel did not properly sanitize the signal stack when handling sigreturn(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-1000255) Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). (CVE-2017-12153) It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash). (CVE-2017-12154) Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel did not properly track reference counts when merging buffers. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2017-12190) It was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12192) It was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14156) ChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14489) Alexander Potapenko discovered an information leak in the waitid implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14954) It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15265) Dmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts to set reserved bits in a task
    last seen2020-06-01
    modified2020-06-02
    plugin id104737
    published2017-11-22
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104737
    titleUbuntu 17.10 : linux, linux-raspi2 vulnerabilities (USN-3487-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3487-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104737);
      script_version("3.8");
      script_cvs_date("Date: 2019/09/18 12:31:47");
    
      script_cve_id("CVE-2017-1000255", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12188", "CVE-2017-12190", "CVE-2017-12192", "CVE-2017-14156", "CVE-2017-14489", "CVE-2017-14954", "CVE-2017-15265", "CVE-2017-15537", "CVE-2017-15649", "CVE-2017-16525", "CVE-2017-16526", "CVE-2017-16527", "CVE-2017-16529", "CVE-2017-16530", "CVE-2017-16531", "CVE-2017-16533", "CVE-2017-16534");
      script_xref(name:"USN", value:"3487-1");
    
      script_name(english:"Ubuntu 17.10 : linux, linux-raspi2 vulnerabilities (USN-3487-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the KVM subsystem in the Linux kernel did not
    properly keep track of nested levels in guest page tables. A local
    attacker in a guest VM could use this to cause a denial of service
    (host OS crash) or possibly execute arbitrary code in the host OS.
    (CVE-2017-12188)
    
    It was discovered that on the PowerPC architecture, the kernel did not
    properly sanitize the signal stack when handling sigreturn(). A local
    attacker could use this to cause a denial of service (system crash) or
    possibly execute arbitrary code. (CVE-2017-1000255)
    
    Bo Zhang discovered that the netlink wireless configuration interface
    in the Linux kernel did not properly validate attributes when handling
    certain requests. A local attacker with the CAP_NET_ADMIN could use
    this to cause a denial of service (system crash). (CVE-2017-12153)
    
    It was discovered that the nested KVM implementation in the Linux
    kernel in some situations did not properly prevent second level guests
    from reading and writing the hardware CR8 register. A local attacker
    in a guest could use this to cause a denial of service (system crash).
    (CVE-2017-12154)
    
    Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux
    kernel did not properly track reference counts when merging buffers. A
    local attacker could use this to cause a denial of service (memory
    exhaustion). (CVE-2017-12190)
    
    It was discovered that the key management subsystem in the Linux
    kernel did not properly restrict key reads on negatively instantiated
    keys. A local attacker could use this to cause a denial of service
    (system crash). (CVE-2017-12192)
    
    It was discovered that the ATI Radeon framebuffer driver in the Linux
    kernel did not properly initialize a data structure returned to user
    space. A local attacker could use this to expose sensitive information
    (kernel memory). (CVE-2017-14156)
    
    ChunYu Wang discovered that the iSCSI transport implementation in the
    Linux kernel did not properly validate data structures. A local
    attacker could use this to cause a denial of service (system crash).
    (CVE-2017-14489)
    
    Alexander Potapenko discovered an information leak in the waitid
    implementation of the Linux kernel. A local attacker could use this to
    expose sensitive information (kernel memory). (CVE-2017-14954)
    
    It was discovered that a race condition existed in the ALSA subsystem
    of the Linux kernel when creating and deleting a port via ioctl(). A
    local attacker could use this to cause a denial of service (system
    crash) or possibly execute arbitrary code. (CVE-2017-15265)
    
    Dmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem
    in the Linux kernel did not properly handle attempts to set reserved
    bits in a task's extended state (xstate) area. A local attacker could
    use this to cause a denial of service (system crash). (CVE-2017-15537)
    
    It was discovered that a race condition existed in the packet fanout
    implementation in the Linux kernel. A local attacker could use this to
    cause a denial of service (system crash) or possibly execute arbitrary
    code. (CVE-2017-15649)
    
    Andrey Konovalov discovered a use-after-free vulnerability in the USB
    serial console driver in the Linux kernel. A physically proximate
    attacker could use this to cause a denial of service (system crash) or
    possibly execute arbitrary code. (CVE-2017-16525)
    
    Andrey Konovalov discovered that the Ultra Wide Band driver in the
    Linux kernel did not properly check for an error condition. A
    physically proximate attacker could use this to cause a denial of
    service (system crash) or possibly execute arbitrary code.
    (CVE-2017-16526)
    
    Andrey Konovalov discovered that the ALSA subsystem in the Linux
    kernel contained a use-after-free vulnerability. A local attacker
    could use this to cause a denial of service (system crash) or possibly
    execute arbitrary code. (CVE-2017-16527)
    
    Andrey Konovalov discovered that the ALSA subsystem in the Linux
    kernel did not properly validate USB audio buffer descriptors. A
    physically proximate attacker could use this cause a denial of service
    (system crash) or possibly execute arbitrary code. (CVE-2017-16529)
    
    Andrey Konovalov discovered that the USB unattached storage driver in
    the Linux kernel contained out-of-bounds error when handling
    alternative settings. A physically proximate attacker could use to
    cause a denial of service (system crash) or possibly execute arbitrary
    code. (CVE-2017-16530)
    
    Andrey Konovalov discovered that the USB subsystem in the Linux kernel
    did not properly validate USB interface association descriptors. A
    physically proximate attacker could use this to cause a denial of
    service (system crash). (CVE-2017-16531)
    
    Andrey Konovalov discovered that the USB subsystem in the Linux kernel
    did not properly validate USB HID descriptors. A physically proximate
    attacker could use this to cause a denial of service (system crash).
    (CVE-2017-16533)
    
    Andrey Konovalov discovered that the USB subsystem in the Linux kernel
    did not properly validate CDC metadata. A physically proximate
    attacker could use this to cause a denial of service (system crash) or
    possibly execute arbitrary code. (CVE-2017-16534).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3487-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 17.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2017-1000255", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12188", "CVE-2017-12190", "CVE-2017-12192", "CVE-2017-14156", "CVE-2017-14489", "CVE-2017-14954", "CVE-2017-15265", "CVE-2017-15537", "CVE-2017-15649", "CVE-2017-16525", "CVE-2017-16526", "CVE-2017-16527", "CVE-2017-16529", "CVE-2017-16530", "CVE-2017-16531", "CVE-2017-16533", "CVE-2017-16534");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3487-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"17.10", pkgname:"linux-image-4.13.0-1006-raspi2", pkgver:"4.13.0-1006.6")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"linux-image-4.13.0-17-generic", pkgver:"4.13.0-17.20")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"linux-image-4.13.0-17-generic-lpae", pkgver:"4.13.0-17.20")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"linux-image-4.13.0-17-lowlatency", pkgver:"4.13.0-17.20")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"linux-image-generic", pkgver:"4.13.0.17.18")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"linux-image-generic-lpae", pkgver:"4.13.0.17.18")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"linux-image-lowlatency", pkgver:"4.13.0.17.18")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"linux-image-raspi2", pkgver:"4.13.0.1006.4")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.13-generic / linux-image-4.13-generic-lpae / etc");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0014_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127165
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127165
    titleNewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0014)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0014. The text
    # itself is copyright (C) ZTE, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127165);
      script_version("1.2");
      script_cvs_date("Date: 2019/09/24 11:01:33");
    
      script_cve_id(
        "CVE-2015-8539",
        "CVE-2017-7472",
        "CVE-2017-7518",
        "CVE-2017-12188",
        "CVE-2017-12192",
        "CVE-2017-12193",
        "CVE-2017-15649"
      );
    
      script_name(english:"NewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0014)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version MAIN 5.04, has kernel packages installed that are affected by multiple
    vulnerabilities:
    
      - A flaw was found in the Linux kernel's key management
        system where it was possible for an attacker to escalate
        privileges or crash the machine. If a user key gets
        negatively instantiated, an error code is cached in the
        payload area. A negatively instantiated key may be then
        be positively instantiated by updating it with valid
        data. However, the ->update key type method must be
        aware that the error code may be there. (CVE-2015-8539)
    
      - A flaw was found in the way the Linux KVM module
        processed the trap flag(TF) bit in EFLAGS during
        emulation of the syscall instruction, which leads to a
        debug exception(#DB) being raised in the guest stack. A
        user/process inside a guest could use this flaw to
        potentially escalate their privileges inside the guest.
        Linux guests are not affected by this. (CVE-2017-7518)
    
      - A vulnerability was found in the Key Management sub
        component of the Linux kernel, where when trying to
        issue a KEYTCL_READ on a negative key would lead to a
        NULL pointer dereference. A local attacker could use
        this flaw to crash the kernel. (CVE-2017-12192)
    
      - The Linux kernel built with the KVM visualization
        support (CONFIG_KVM), with nested visualization(nVMX)
        feature enabled (nested=1), was vulnerable to a stack
        buffer overflow issue. The vulnerability could occur
        while traversing guest page table entries to resolve
        guest virtual address(gva). An L1 guest could use this
        flaw to crash the host kernel resulting in denial of
        service (DoS) or potentially execute arbitrary code on
        the host to gain privileges on the system.
        (CVE-2017-12188)
    
      - A flaw was found in the Linux kernel's implementation of
        associative arrays introduced in 3.13. This
        functionality was backported to the 3.10 kernels in Red
        Hat Enterprise Linux 7. The flaw involved a null pointer
        dereference in assoc_array_apply_edit() due to incorrect
        node-splitting in assoc_array implementation. This
        affects the keyring key type and thus key addition and
        link creation operations may cause the kernel to panic.
        (CVE-2017-12193)
    
      - It was found that fanout_add() in
        'net/packet/af_packet.c' in the Linux kernel, before
        version 4.13.6, allows local users to gain privileges
        via crafted system calls that trigger mishandling of
        packet_fanout data structures, because of a race
        condition (involving fanout_add and packet_do_bind) that
        leads to a use-after-free bug. (CVE-2017-15649)
    
      - A vulnerability was found in the Linux kernel where the
        keyctl_set_reqkey_keyring() function leaks the thread
        keyring. This allows an unprivileged local user to
        exhaust kernel memory and thus cause a DoS.
        (CVE-2017-7472)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0014");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for
    more information.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-8539");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL MAIN 5.04")
      audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 5.04');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL MAIN 5.04": [
        "kernel-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111",
        "kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111",
        "kernel-debug-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111",
        "kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111",
        "kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111",
        "kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111",
        "kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111",
        "kernel-devel-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111",
        "kernel-doc-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111",
        "kernel-headers-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111",
        "kernel-tools-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111",
        "kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111",
        "kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111",
        "kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111",
        "perf-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111",
        "perf-debuginfo-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111",
        "python-perf-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111",
        "python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5u4.0.38.g13ce111"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0043_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121754
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121754
    titlePhoton OS 2.0: Linux PHSA-2017-0043
    code
    #
    # (C) Tenable Network Security, Inc.`
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2017-0043. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121754);
      script_version("1.3");
      script_cvs_date("Date: 2019/04/02 21:54:17");
    
      script_cve_id(
        "CVE-2017-12188",
        "CVE-2017-15265",
        "CVE-2017-15649",
        "CVE-2017-15951"
      );
    
      script_name(english:"Photon OS 2.0: Linux PHSA-2017-0043");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the linux package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-1.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-15951");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/11/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-2.0", reference:"linux-4.9.60-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"linux-api-headers-4.9.60-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"linux-debuginfo-4.9.60-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"linux-devel-4.9.60-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"linux-docs-4.9.60-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"linux-drivers-gpu-4.9.60-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"linux-esx-4.9.60-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"linux-esx-debuginfo-4.9.60-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"linux-esx-devel-4.9.60-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"linux-esx-docs-4.9.60-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"linux-oprofile-4.9.60-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"linux-secure-4.9.60-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"linux-secure-debuginfo-4.9.60-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"linux-secure-devel-4.9.60-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"linux-secure-docs-4.9.60-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"linux-sound-4.9.60-1.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"linux-tools-4.9.60-1.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180306_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - Kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188, Important) - Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518, Moderate)
    last seen2020-03-18
    modified2018-03-08
    plugin id107210
    published2018-03-08
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107210
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20180306)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(107210);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
    
      script_cve_id("CVE-2017-12188", "CVE-2017-7518");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL7.x x86_64 (20180306)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - Kernel: KVM: MMU potential stack buffer overrun during
        page walks (CVE-2017-12188, Important)
    
      - Kernel: KVM: debug exception via syscall emulation
        (CVE-2017-7518, Moderate)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1803&L=scientific-linux-errata&F=&S=&P=1085
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?84c84036"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/03/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"SL7", reference:"kernel-abi-whitelists-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"SL7", reference:"kernel-doc-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-693.21.1.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1292.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the key management subsystem of the Linux kernel. An update on an uninstantiated key could cause a kernel panic, leading to denial of service (DoS).(CVE-2017-15299) - It was found that fanout_add() in
    last seen2020-05-06
    modified2017-12-01
    plugin id104911
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104911
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1292)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104911);
      script_version("3.12");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2017-12188",
        "CVE-2017-12192",
        "CVE-2017-15299",
        "CVE-2017-15649",
        "CVE-2017-16525",
        "CVE-2017-16526",
        "CVE-2017-16527",
        "CVE-2017-16528",
        "CVE-2017-16529",
        "CVE-2017-16530",
        "CVE-2017-16531",
        "CVE-2017-16532",
        "CVE-2017-16533",
        "CVE-2017-16534",
        "CVE-2017-16535",
        "CVE-2017-16536",
        "CVE-2017-16537",
        "CVE-2017-16538"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1292)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - A vulnerability was found in the key management
        subsystem of the Linux kernel. An update on an
        uninstantiated key could cause a kernel panic, leading
        to denial of service (DoS).(CVE-2017-15299)
    
      - It was found that fanout_add() in
        'net/packet/af_packet.c' in the Linux kernel, before
        version 4.13.6, allows local users to gain privileges
        via crafted system calls that trigger mishandling of
        packet_fanout data structures, because of a race
        condition (involving fanout_add and packet_do_bind)
        that leads to a use-after-free bug.(CVE-2017-15649)
    
      - The keyctl_read_key function in security/keys/keyctl.c
        in the Key Management subcomponent in the Linux kernel
        before 4.13.5 does not properly consider that a key may
        be possessed but negatively instantiated, which allows
        local users to cause a denial of service (OOPS and
        system crash) via a crafted KEYCTL_READ
        operation.(CVE-2017-12192)
    
      - The Linux kernel built with the KVM visualization
        support (CONFIG_KVM), with nested visualization(nVMX)
        feature enabled (nested=1), was vulnerable to a stack
        buffer overflow issue. The vulnerability could occur
        while traversing guest page table entries to resolve
        guest virtual address(gva). An L1 guest could use this
        flaw to crash the host kernel resulting in denial of
        service (DoS) or potentially execute arbitrary code on
        the host to gain privileges on the
        system.(CVE-2017-12188)
    
      - The imon_probe function in drivers/media/rc/imon.c in
        the Linux kernel through 4.13.11 allows local users to
        cause a denial of service (NULL pointer dereference and
        system crash) or possibly have unspecified other impact
        via a crafted USB device.(CVE-2017-16537)
    
      - drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux
        kernel through 4.13.11 allows local users to cause a
        denial of service (general protection fault and system
        crash) or possibly have unspecified other impact via a
        crafted USB device, related to a missing warm-start
        check and incorrect attach timing
        (dm04_lme2510_frontend_attach versus
        dm04_lme2510_tuner).(CVE-2017-16538)
    
      - The cx231xx_usb_probe function in
        drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux
        kernel through 4.13.11 allows local users to cause a
        denial of service (NULL pointer dereference and system
        crash) or possibly have unspecified other impact via a
        crafted USB device.(CVE-2017-16536)
    
      - The usb_get_bos_descriptor function in
        drivers/usb/core/config.c in the Linux kernel before
        4.13.10 allows local users to cause a denial of service
        (out-of-bounds read and system crash) or possibly have
        unspecified other impact via a crafted USB
        device.(CVE-2017-16535)
    
      - The cdc_parse_cdc_header function in
        drivers/usb/core/message.c in the Linux kernel before
        4.13.6 allows local users to cause a denial of service
        (out-of-bounds read and system crash) or possibly have
        unspecified other impact via a crafted USB
        device.(CVE-2017-16534)
    
      - The usbhid_parse function in
        drivers/hid/usbhid/hid-core.c in the Linux kernel
        before 4.13.8 allows local users to cause a denial of
        service (out-of-bounds read and system crash) or
        possibly have unspecified other impact via a crafted
        USB device.(CVE-2017-16533)
    
      - The get_endpoints function in
        drivers/usb/misc/usbtest.c in the Linux kernel through
        4.13.11 allows local users to cause a denial of service
        (NULL pointer dereference and system crash) or possibly
        have unspecified other impact via a crafted USB
        device.(CVE-2017-16532)
    
      - drivers/usb/core/config.c in the Linux kernel before
        4.13.6 allows local users to cause a denial of service
        (out-of-bounds read and system crash) or possibly have
        unspecified other impact via a crafted USB device,
        related to the USB_DT_INTERFACE_ASSOCIATION
        descriptor.(CVE-2017-16531)
    
      - The uas driver in the Linux kernel before 4.13.6 allows
        local users to cause a denial of service (out-of-bounds
        read and system crash) or possibly have unspecified
        other impact via a crafted USB device, related to
        drivers/usb/storage/uas-detect.h and
        drivers/usb/storage/uas.c.(CVE-2017-16530)
    
      - The snd_usb_create_streams function in sound/usb/card.c
        in the Linux kernel before 4.13.6 allows local users to
        cause a denial of service (out-of-bounds read and
        system crash) or possibly have unspecified other impact
        via a crafted USB device.(CVE-2017-16529)
    
      - sound/core/seq_device.c in the Linux kernel before
        4.13.4 allows local users to cause a denial of service
        (snd_rawmidi_dev_seq_free use-after-free and system
        crash) or possibly have unspecified other impact via a
        crafted USB device.(CVE-2017-16528)
    
      - sound/usb/mixer.c in the Linux kernel before 4.13.8
        allows local users to cause a denial of service
        (snd_usb_mixer_interrupt use-after-free and system
        crash) or possibly have unspecified other impact via a
        crafted USB device.(CVE-2017-16527)
    
      - drivers/uwb/uwbd.c in the Linux kernel before 4.13.6
        allows local users to cause a denial of service
        (general protection fault and system crash) or possibly
        have unspecified other impact via a crafted USB
        device.(CVE-2017-16526)
    
      - The usb_serial_console_disconnect function in
        drivers/usb/serial/console.c in the Linux kernel before
        4.13.8 allows local users to cause a denial of service
        (use-after-free and system crash) or possibly have
        unspecified other impact via a crafted USB device,
        related to disconnection and failed
        setup.(CVE-2017-16525)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1292
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?88a509d0");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/11/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-327.59.59.46.h33",
            "kernel-debug-3.10.0-327.59.59.46.h33",
            "kernel-debug-devel-3.10.0-327.59.59.46.h33",
            "kernel-debuginfo-3.10.0-327.59.59.46.h33",
            "kernel-debuginfo-common-x86_64-3.10.0-327.59.59.46.h33",
            "kernel-devel-3.10.0-327.59.59.46.h33",
            "kernel-headers-3.10.0-327.59.59.46.h33",
            "kernel-tools-3.10.0-327.59.59.46.h33",
            "kernel-tools-libs-3.10.0-327.59.59.46.h33",
            "perf-3.10.0-327.59.59.46.h33",
            "python-perf-3.10.0-327.59.59.46.h33"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-0395.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/3368501. Security Fix(es) : * Kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188, Important) * Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518, Moderate) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id107271
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107271
    titleCentOS 7 : kernel (CESA-2018:0395)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:0395 and 
    # CentOS Errata and Security Advisory 2018:0395 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(107271);
      script_version("1.4");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2017-12188", "CVE-2017-7518");
      script_xref(name:"RHSA", value:"2018:0395");
    
      script_name(english:"CentOS 7 : kernel (CESA-2018:0395)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    These updated kernel packages include several security issues and
    numerous bug fixes, some of which you can see below. Space precludes
    documenting all of these bug fixes in this advisory. To see the
    complete list of bug fixes, users are directed to the related
    Knowledge Article: https://access.redhat.com/articles/3368501.
    
    Security Fix(es) :
    
    * Kernel: KVM: MMU potential stack buffer overrun during page walks
    (CVE-2017-12188, Important)
    
    * Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518,
    Moderate)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      # https://lists.centos.org/pipermail/centos-announce/2018-March/022768.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?56379f33"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12188");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/03/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-devel-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-doc-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-headers-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perf-3.10.0-693.21.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-perf-3.10.0-693.21.1.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc");
    }
    
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2017-098.NASL
    descriptionAccording to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - Linux kernel built with the KVM virtualisation support (CONFIG_KVM), with nested virtualisation (nVMX) feature enabled (nested=1), is vulnerable to a stack buffer overflow issue. It could occur while traversing guest pagetable entries to resolve guest virtual address. A guest system could use this flaw to crash the host kernel resulting in DoS, or potentially execute arbitrary code on the host. - A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). - It was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in
    last seen2020-06-01
    modified2020-06-02
    plugin id104132
    published2017-10-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104132
    titleVirtuozzo 7 : readykernel-patch (VZA-2017-098)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1498.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.(CVE-2016-9754) - A flaw was found in the Linux kernel
    last seen2020-06-12
    modified2019-05-13
    plugin id124821
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124821
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3484-3.NASL
    descriptionIt was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104734
    published2017-11-22
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104734
    titleUbuntu 16.04 LTS : linux-gcp vulnerability (USN-3484-3)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3488-1.NASL
    descriptionIt was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104738
    published2017-11-22
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104738
    titleUbuntu 16.04 LTS : linux-azure vulnerability (USN-3488-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3484-2.NASL
    descriptionUSN-3484-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104715
    published2017-11-21
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104715
    titleUbuntu 16.04 LTS : linux-hwe vulnerability (USN-3484-2)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-0395.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/3368501. Security Fix(es) : * Kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188, Important) * Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518, Moderate) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id107186
    published2018-03-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107186
    titleRHEL 7 : kernel (RHSA-2018:0395)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-0412.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * Kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188, Important) * Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518, Moderate) Bug Fix(es) : * The kernel-rt packages have been upgraded to the 3.10.0-693.21.1 source tree, which provides a number of bug fixes over the previous version. (BZ# 1537671)
    last seen2020-06-01
    modified2020-06-02
    plugin id107189
    published2018-03-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107189
    titleRHEL 7 : kernel-rt (RHSA-2018:0412)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1529.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7268i1/4%0 - The move_pages system call in mm/migrate.c in the Linux kernel doesn
    last seen2020-03-19
    modified2019-05-14
    plugin id124982
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124982
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1529)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1271.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an MMU potential stack buffer overrun.(CVE-2017-12188) - A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCL_READ on negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel.(CVE-2017-12192) - security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.(CVE-2017-15274) - Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.(CVE-2017-1000111) - Use-after-free vulnerability in the Linux kernel before 4.14-rc5 allows local users to have unspecified impact via vectors related to /dev/snd/seq.(CVE-2017-15265) - net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.(CVE-2017-15649) - The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.(CVE-2017-14991) - An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges.(CVE-2017-1000112) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-11-01
    plugin id104296
    published2017-11-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104296
    titleEulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1271)

Redhat

advisories
  • rhsa
    idRHSA-2018:0395
  • rhsa
    idRHSA-2018:0412
rpms
  • kernel-0:3.10.0-693.21.1.el7
  • kernel-abi-whitelists-0:3.10.0-693.21.1.el7
  • kernel-bootwrapper-0:3.10.0-693.21.1.el7
  • kernel-debug-0:3.10.0-693.21.1.el7
  • kernel-debug-debuginfo-0:3.10.0-693.21.1.el7
  • kernel-debug-devel-0:3.10.0-693.21.1.el7
  • kernel-debuginfo-0:3.10.0-693.21.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-693.21.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-693.21.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-693.21.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-693.21.1.el7
  • kernel-devel-0:3.10.0-693.21.1.el7
  • kernel-doc-0:3.10.0-693.21.1.el7
  • kernel-headers-0:3.10.0-693.21.1.el7
  • kernel-kdump-0:3.10.0-693.21.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-693.21.1.el7
  • kernel-kdump-devel-0:3.10.0-693.21.1.el7
  • kernel-tools-0:3.10.0-693.21.1.el7
  • kernel-tools-debuginfo-0:3.10.0-693.21.1.el7
  • kernel-tools-libs-0:3.10.0-693.21.1.el7
  • kernel-tools-libs-devel-0:3.10.0-693.21.1.el7
  • perf-0:3.10.0-693.21.1.el7
  • perf-debuginfo-0:3.10.0-693.21.1.el7
  • python-perf-0:3.10.0-693.21.1.el7
  • python-perf-debuginfo-0:3.10.0-693.21.1.el7
  • kernel-rt-0:3.10.0-693.21.1.rt56.639.el7
  • kernel-rt-debug-0:3.10.0-693.21.1.rt56.639.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-693.21.1.rt56.639.el7
  • kernel-rt-debug-devel-0:3.10.0-693.21.1.rt56.639.el7
  • kernel-rt-debug-kvm-0:3.10.0-693.21.1.rt56.639.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7
  • kernel-rt-debuginfo-0:3.10.0-693.21.1.rt56.639.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.21.1.rt56.639.el7
  • kernel-rt-devel-0:3.10.0-693.21.1.rt56.639.el7
  • kernel-rt-doc-0:3.10.0-693.21.1.rt56.639.el7
  • kernel-rt-kvm-0:3.10.0-693.21.1.rt56.639.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7
  • kernel-rt-trace-0:3.10.0-693.21.1.rt56.639.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-693.21.1.rt56.639.el7
  • kernel-rt-trace-devel-0:3.10.0-693.21.1.rt56.639.el7
  • kernel-rt-trace-kvm-0:3.10.0-693.21.1.rt56.639.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.21.1.rt56.639.el7