Vulnerabilities > CVE-2017-18550 - Information Exposure vulnerability in Linux Kernel

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
linux
CWE-200
nessus

Summary

An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.

Vulnerable Configurations

Part Description Count
OS
Linux
3241

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1112.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable.(CVE-2014-3180)A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.(CVE-2019-14901)A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.(CVE-2019-14896)A memory leak in the ath10k_usb_hif_tx_sg() function in driverset/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.(CVE-2019-19078)A memory leak in the mlx5_fpga_conn_create_cq() function in driverset/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7.(CVE-2019-19045)A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.(CVE-2019-14897)An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel
    last seen2020-05-06
    modified2020-02-24
    plugin id133913
    published2020-02-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133913
    titleEulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1112)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133913);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2014-3180",
        "CVE-2016-2085",
        "CVE-2017-18549",
        "CVE-2017-18550",
        "CVE-2018-12207",
        "CVE-2018-5995",
        "CVE-2018-7273",
        "CVE-2019-0155",
        "CVE-2019-11085",
        "CVE-2019-11135",
        "CVE-2019-14895",
        "CVE-2019-14896",
        "CVE-2019-14897",
        "CVE-2019-14901",
        "CVE-2019-18660",
        "CVE-2019-19045",
        "CVE-2019-19078",
        "CVE-2019-19227",
        "CVE-2019-19332",
        "CVE-2019-19447",
        "CVE-2019-19525",
        "CVE-2019-19534",
        "CVE-2019-19536",
        "CVE-2019-19768",
        "CVE-2019-19813",
        "CVE-2019-19922",
        "CVE-2019-19965",
        "CVE-2019-19966",
        "CVE-2019-20054",
        "CVE-2019-20095",
        "CVE-2019-5108",
        "CVE-2019-9458"
      );
    
      script_name(english:"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1112)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - The kernel package contains the Linux kernel (vmlinuz),
        the core of any Linux operating system. The kernel
        handles the basic functions of the operating system:
        memory allocation, process allocation, device input and
        output, etc.Security Fix(es):** DISPUTED ** In
        kernel/compat.c in the Linux kernel before 3.17, as
        used in Google Chrome OS and other products, there is a
        possible out-of-bounds read. restart_syscall uses
        uninitialized data when restarting
        compat_sys_nanosleep. NOTE: this is disputed because
        the code path is unreachable.(CVE-2014-3180)A heap
        overflow flaw was found in the Linux kernel, all
        versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi
        chip driver. The vulnerability allows a remote attacker
        to cause a system crash, resulting in a denial of
        service, or execute arbitrary code. The highest threat
        with this vulnerability is with the availability of the
        system. If code execution occurs, the code will run
        with the permissions of root. This will affect both
        confidentiality and integrity of files on the
        system.(CVE-2019-14901)A heap-based buffer overflow
        vulnerability was found in the Linux kernel, version
        kernel-2.6.32, in Marvell WiFi chip driver. A remote
        attacker could cause a denial of service (system crash)
        or, possibly execute arbitrary code, when the
        lbs_ibss_join_existing function is called after a STA
        connects to an AP.(CVE-2019-14896)A memory leak in the
        ath10k_usb_hif_tx_sg() function in
        driverset/wireless/ath/ath10k/usb.c in the Linux kernel
        through 5.3.11 allows attackers to cause a denial of
        service (memory consumption) by triggering
        usb_submit_urb() failures, aka
        CID-b8d17e7d93d2.(CVE-2019-19078)A memory leak in the
        mlx5_fpga_conn_create_cq() function in
        driverset/ethernet/mellanox/mlx5/core/fpga/conn.c in
        the Linux kernel before 5.3.11 allows attackers to
        cause a denial of service (memory consumption) by
        triggering mlx5_vector2eqn() failures, aka
        CID-c8c2a057fdc7.(CVE-2019-19045)A stack-based buffer
        overflow was found in the Linux kernel, version
        kernel-2.6.32, in Marvell WiFi chip driver. An attacker
        is able to cause a denial of service (system crash) or,
        possibly execute arbitrary code, when a STA works in
        IBSS mode (allows connecting stations together without
        the use of an AP) and connects to another
        STA.(CVE-2019-14897)An out-of-bounds memory write issue
        was found in the Linux Kernel, version 3.13 through
        5.4, in the way the Linux kernel's KVM hypervisor
        handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request
        to get CPUID features emulated by the KVM hypervisor. A
        user or process able to access the '/dev/kvm' device
        could use this flaw to crash the system, resulting in a
        denial of service.(CVE-2019-19332)Improper invalidation
        for page table updates by a virtual guest operating
        system for multiple Intel(R) Processors may allow an
        authenticated user to potentially enable denial of
        service of the host system via local
        access.(CVE-2018-12207)In the Android kernel in the
        video driver there is a use after free due to a race
        condition. This could lead to local escalation of
        privilege with no additional execution privileges
        needed. User interaction is not needed for
        exploitation.(CVE-2019-9458)In the AppleTalk subsystem
        in the Linux kernel before 5.1, there is a potential
        NULL pointer dereference because register_snap_client
        may return NULL. This will lead to denial of service in
        net/appletalk/aarp.c and net/appletalk/ddp.c, as
        demonstrated by unregister_snap_client, aka
        CID-9804501fa122.(CVE-2019-19227)In the Linux kernel
        5.0.21, mounting a crafted btrfs filesystem image,
        performing some operations, and then making a syncfs
        system call can lead to a use-after-free in
        __mutex_lock in kernel/locking/mutex.c. This is related
        to mutex_can_spin_on_owner in kernel/locking/mutex.c,
        __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and
        btrfs_insert_delayed_items in
        fs/btrfs/delayed-inode.c.(CVE-2019-19813)In the Linux
        kernel 5.4.0-rc2, there is a use-after-free (read) in
        the __blk_add_trace function in kernel/trace/blktrace.c
        (which is used to fill out a blk_io_trace structure and
        place it in a per-cpu sub-buffer).(CVE-2019-19768)In
        the Linux kernel before 5.0.6, there is a NULL pointer
        dereference in drop_sysctl_table() in
        fs/proc/proc_sysctl.c, related to put_links, aka
        CID-23da9588037e.(CVE-2019-20054)In the Linux kernel
        before 5.2.9, there is an info-leak bug that can be
        caused by a malicious USB device in the
        driverset/can/usb/peak_usb/pcan_usb_pro.c driver, aka
        CID-ead16e53c2f0.(CVE-2019-19536)In the Linux kernel
        before 5.3.11, there is an info-leak bug that can be
        caused by a malicious USB device in the
        driverset/can/usb/peak_usb/pcan_usb_core.c driver, aka
        CID-f7a1337f0d29.(CVE-2019-19534)In the Linux kernel
        before 5.3.6, there is a use-after-free bug that can be
        caused by a malicious USB device in the
        driverset/ieee802154/atusb.c driver, aka
        CID-7fd25e6fc035.(CVE-2019-19525)Insufficient access
        control in a subsystem for Intel (R) processor graphics
        in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM)
        Processor Families Intel(R) Pentium(R) Processor J, N,
        Silver and Gold Series Intel(R) Celeron(R) Processor J,
        N, G3900 and G4900 Series Intel(R) Atom(R) Processor A
        and E3900 Series Intel(R) Xeon(R) Processor E3-1500 v5
        and v6, E-2100 and E-2200 Processor Families Intel(R)
        Graphics Driver for Windows before 26.20.100.6813 (DCH)
        or 26.20.100.6812 and before 21.20.x.5077
        (aka15.45.5077), i915 Linux Driver for Intel(R)
        Processor Graphics before versions 5.4-rc7, 5.3.11,
        4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an
        authenticated user to potentially enable escalation of
        privilege via local access.(CVE-2019-0155)Insufficient
        input validation in Kernel Mode Driver in Intel(R) i915
        Graphics for Linux before version 5.0 may allow an
        authenticated user to potentially enable escalation of
        privilege via local
        access.(CVE-2019-11085)kernel/sched/fair.c in the Linux
        kernel before 5.3.9, when cpu.cfs_quota_us is used
        (e.g., with Kubernetes), allows attackers to cause a
        denial of service against non-cpu-bound applications by
        generating a workload that triggers unwanted slice
        expiration, aka CID-de53fd7aedb1. (In other words,
        although this slice expiration would typically be seen
        with benign workloads, it is possible that an attacker
        could calculate how many stray requests are required to
        force an entire Kubernetes cluster into a
        low-performance state caused by slice expiration, and
        ensure that a DDoS attack sent that number of stray
        requests. An attack does not affect the stability of
        the kernel it only causes mismanagement of application
        execution.)(CVE-2019-19922)The evm_verify_hmac function
        in security/integrity/evm/evm_main.c in the Linux
        kernel before 4.5 does not properly copy data, which
        makes it easier for local users to forge MAC values via
        a timing side-channel attack.(CVE-2016-2085)The
        pcpu_embed_first_chunk function in mm/percpu.c in the
        Linux kernel through 4.14.14 allows local users to
        obtain sensitive address information by reading dmesg
        data from a 'pages/cpu' printk call.(CVE-2018-5995)TSX
        Asynchronous Abort condition on some CPUs utilizing
        speculative execution may allow an authenticated user
        to potentially enable information disclosure via a side
        channel with local access.(CVE-2019-11135)An issue was
        discovered in drivers/scsi/aacraid/commctrl.c in the
        Linux kernel before 4.13. There is potential exposure
        of kernel stack memory because aac_send_raw_srb does
        not initialize the reply structure.(CVE-2017-18549)An
        issue was discovered in drivers/scsi/aacraid/commctrl.c
        in the Linux kernel before 4.13. There is potential
        exposure of kernel stack memory because
        aac_get_hba_info does not initialize the hbainfo
        structure.(CVE-2017-18550)In the Linux kernel through
        4.15.4, the floppy driver reveals the addresses of
        kernel functions and global variables using printk
        calls within the function show_floppy in
        drivers/block/floppy.c. An attacker can read this
        information from dmesg and use the addresses to find
        the locations of kernel code and data and bypass kernel
        security protections such as KASLR.(CVE-2018-7273)A
        heap-based buffer overflow was discovered in the Linux
        kernel, all versions 3.x.x and 4.x.x before 4.18.0, in
        Marvell WiFi chip driver. The flaw could occur when the
        station attempts a connection negotiation during the
        handling of the remote devices country settings. This
        could allow the remote device to cause a denial of
        service (system crash) or possibly execute arbitrary
        code.(CVE-2019-14895)The Linux kernel before 5.4.1 on
        powerpc allows Information Exposure because the
        Spectre-RSB mitigation is not in place for all
        applicable CPUs, aka CID-39e72bf96f58. This is related
        to arch/powerpc/kernel/entry_64.S and
        arch/powerpc/kernel/security.c.(CVE-2019-18660)In the
        Linux kernel 5.0.21, mounting a crafted ext4 filesystem
        image, performing some operations, and unmounting can
        lead to a use-after-free in ext4_put_super in
        fs/ext4/super.c, related to dump_orphan_list in
        fs/ext4/super.c.(CVE-2019-19447)In the Linux kernel
        through 5.4.6, there is a NULL pointer dereference in
        drivers/scsi/libsas/sas_discover.c because of
        mishandling of port disconnection during discovery,
        related to a PHY down race condition, aka
        CID-f70267f379b5.(CVE-2019-19965)In the Linux kernel
        before 5.1.6, there is a use-after-free in cpia2_exit()
        in drivers/media/usb/cpia2/cpia2_v4l.c that will cause
        denial of service, aka
        CID-dea37a972655.(CVE-2019-19966)An exploitable
        denial-of-service vulnerability exists in the Linux
        kernel prior to mainline 5.3. An attacker could exploit
        this vulnerability by triggering AP to send IAPP
        location updates for stations before the required
        authentication process has completed. This could lead
        to different denial-of-service scenarios, either by
        causing CAM table attacks, or by leading to traffic
        flapping if faking already existing clients in other
        nearby APs of the same wireless infrastructure. An
        attacker can forge Authentication and Association
        Request packets to trigger this
        vulnerability.(CVE-2019-5108)mwifiex_tm_cmd in
        drivers/net/wireless/marvell/mwifiex/cfg80211.c in the
        Linux kernel before 5.1.6 has some error-handling cases
        that did not free allocated hostcmd memory, aka
        CID-003b686ace82. This will cause a memory leak and
        denial of service.(CVE-2019-20095)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1112
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?51adc7d4");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-862.14.1.5.h408.eulerosv2r7",
            "kernel-devel-3.10.0-862.14.1.5.h408.eulerosv2r7",
            "kernel-headers-3.10.0-862.14.1.5.h408.eulerosv2r7",
            "kernel-tools-3.10.0-862.14.1.5.h408.eulerosv2r7",
            "kernel-tools-libs-3.10.0-862.14.1.5.h408.eulerosv2r7",
            "perf-3.10.0-862.14.1.5.h408.eulerosv2r7",
            "python-perf-3.10.0-862.14.1.5.h408.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0266_KERNEL-RT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a
    last seen2020-06-01
    modified2020-06-02
    plugin id132499
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132499
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0266)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0266. The text
    # itself is copyright (C) ZTE, Inc.
    
    include('compat.inc');
    
    if (description)
    {
      script_id(132499);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id(
        "CVE-2011-1079",
        "CVE-2016-10905",
        "CVE-2017-18550",
        "CVE-2017-18595",
        "CVE-2018-7191",
        "CVE-2018-12207",
        "CVE-2018-20836",
        "CVE-2018-20855",
        "CVE-2018-20976",
        "CVE-2019-0154",
        "CVE-2019-0155",
        "CVE-2019-3874",
        "CVE-2019-11135",
        "CVE-2019-11487",
        "CVE-2019-11884",
        "CVE-2019-12382",
        "CVE-2019-15213",
        "CVE-2019-15538",
        "CVE-2019-15807",
        "CVE-2019-15916",
        "CVE-2019-16413",
        "CVE-2019-17075"
      );
      script_bugtraq_id(
        46616,
        107488,
        108054,
        108196,
        108299,
        108380,
        108474
      );
    
      script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0266)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected
    by multiple vulnerabilities:
    
      - The bnep_sock_ioctl function in
        net/bluetooth/bnep/sock.c in the Linux kernel before
        2.6.39 does not ensure that a certain device field ends
        with a '\0' character, which allows local users to
        obtain potentially sensitive information from kernel
        stack memory, or cause a denial of service (BUG and
        system crash), via a BNEPCONNADD command.
        (CVE-2011-1079)
    
      - An issue was discovered in fs/gfs2/rgrp.c in the Linux
        kernel before 4.8. A use-after-free is caused by the
        functions gfs2_clear_rgrpd and read_rindex_entry.
        (CVE-2016-10905)
    
      - An issue was discovered in
        drivers/scsi/aacraid/commctrl.c in the Linux kernel
        before 4.13. There is potential exposure of kernel stack
        memory because aac_get_hba_info does not initialize the
        hbainfo structure. (CVE-2017-18550)
    
      - An issue was discovered in the Linux kernel before
        4.14.11. A double free may be caused by the function
        allocate_trace_buffer in the file kernel/trace/trace.c.
        (CVE-2017-18595)
    
      - Improper invalidation for page table updates by a
        virtual guest operating system for multiple Intel(R)
        Processors may allow an authenticated user to
        potentially enable denial of service of the host system
        via local access. (CVE-2018-12207)
    
      - An issue was discovered in the Linux kernel before 4.20.
        There is a race condition in smp_task_timedout() and
        smp_task_done() in drivers/scsi/libsas/sas_expander.c,
        leading to a use-after-free. (CVE-2018-20836)
    
      - An issue was discovered in the Linux kernel before
        4.18.7. In create_qp_common in
        drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp
        was never initialized, resulting in a leak of stack
        memory to userspace. (CVE-2018-20855)
    
      - An issue was discovered in fs/xfs/xfs_super.c in the
        Linux kernel before 4.18. A use after free exists,
        related to xfs_fs_fill_super failure. (CVE-2018-20976)
    
      - In the tun subsystem in the Linux kernel before 4.13.14,
        dev_get_valid_name is not called before
        register_netdevice. This allows local users to cause a
        denial of service (NULL pointer dereference and panic)
        via an ioctl(TUNSETIFF) call with a dev name containing
        a / character. This is similar to CVE-2013-4343.
        (CVE-2018-7191)
    
      - Insufficient access control in subsystem for Intel (R)
        processor graphics in 6th, 7th, 8th and 9th Generation
        Intel(R) Core(TM) Processor Families; Intel(R)
        Pentium(R) Processor J, N, Silver and Gold Series;
        Intel(R) Celeron(R) Processor J, N, G3900 and G4900
        Series; Intel(R) Atom(R) Processor A and E3900 Series;
        Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100
        Processor Families may allow an authenticated user to
        potentially enable denial of service via local access.
        (CVE-2019-0154)
    
      - Insufficient access control in a subsystem for Intel (R)
        processor graphics in 6th, 7th, 8th and 9th Generation
        Intel(R) Core(TM) Processor Families; Intel(R)
        Pentium(R) Processor J, N, Silver and Gold Series;
        Intel(R) Celeron(R) Processor J, N, G3900 and G4900
        Series; Intel(R) Atom(R) Processor A and E3900 Series;
        Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and
        E-2200 Processor Families; Intel(R) Graphics Driver for
        Windows before 26.20.100.6813 (DCH) or 26.20.100.6812
        and before 21.20.x.5077 (aka15.45.5077), i915 Linux
        Driver for Intel(R) Processor Graphics before versions
        5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may
        allow an authenticated user to potentially enable
        escalation of privilege via local access.
        (CVE-2019-0155)
    
      - TSX Asynchronous Abort condition on some CPUs utilizing
        speculative execution may allow an authenticated user to
        potentially enable information disclosure via a side
        channel with local access. (CVE-2019-11135)
    
      - The Linux kernel before 5.1-rc5 allows page->_refcount
        reference count overflow, with resultant use-after-free
        issues, if about 140 GiB of RAM exists. This is related
        to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,
        include/linux/mm.h, include/linux/pipe_fs_i.h,
        kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can
        occur with FUSE requests. (CVE-2019-11487)
    
      - The do_hidp_sock_ioctl function in
        net/bluetooth/hidp/sock.c in the Linux kernel before
        5.0.15 allows a local user to obtain potentially
        sensitive information from kernel stack memory via a
        HIDPCONNADD command, because a name field may not end
        with a '\0' character. (CVE-2019-11884)
    
      - ** DISPUTED ** An issue was discovered in
        drm_load_edid_firmware in
        drivers/gpu/drm/drm_edid_load.c in the Linux kernel
        through 5.1.5. There is an unchecked kstrdup of fwstr,
        which might allow an attacker to cause a denial of
        service (NULL pointer dereference and system crash).
        NOTE: The vendor disputes this issues as not being a
        vulnerability because kstrdup() returning NULL is
        handled sufficiently and there is no chance for a NULL
        pointer dereference. (CVE-2019-12382)
    
      - An issue was discovered in the Linux kernel before
        5.2.3. There is a use-after-free caused by a malicious
        USB device in the drivers/media/usb/dvb-usb/dvb-usb-
        init.c driver. (CVE-2019-15213)
    
      - An issue was discovered in xfs_setattr_nonsize in
        fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS
        partially wedges when a chgrp fails on account of being
        out of disk quota. xfs_setattr_nonsize is failing to
        unlock the ILOCK after the xfs_qm_vop_chown_reserve call
        fails. This is primarily a local DoS attack vector, but
        it might result as well in remote DoS if the XFS
        filesystem is exported for instance via NFS.
        (CVE-2019-15538)
    
      - In the Linux kernel before 5.1.13, there is a memory
        leak in drivers/scsi/libsas/sas_expander.c when SAS
        expander discovery fails. This will cause a BUG and
        denial of service. (CVE-2019-15807)
    
      - An issue was discovered in the Linux kernel before
        5.0.1. There is a memory leak in
        register_queue_kobjects() in net/core/net-sysfs.c, which
        will cause denial of service. (CVE-2019-15916)
    
      - An issue was discovered in the Linux kernel before
        5.0.4. The 9p filesystem did not protect i_size_write()
        properly, which causes an i_size_read() infinite loop
        and denial of service on SMP systems. (CVE-2019-16413)
    
      - An issue was discovered in write_tpt_entry in
        drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel
        through 5.3.2. The cxgb4 driver is directly calling
        dma_map_single (a DMA function) from a stack variable.
        This could allow an attacker to trigger a Denial of
        Service, exploitable if this driver is used on an
        architecture for which this stack/DMA interaction has
        security relevance. (CVE-2019-17075)
    
      - The SCTP socket buffer used by a userspace application
        is not accounted by the cgroups subsystem. An attacker
        can use this flaw to cause a denial of service attack.
        Kernel 3.10.x and 4.18.x branches are believed to be
        vulnerable. (CVE-2019-3874)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0266");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE
    for more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-20836");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/31");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL CORE 5.04" &&
        release !~ "CGSL MAIN 5.04")
      audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL CORE 5.04": [
        "kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1"
      ],
      "CGSL MAIN 5.04": [
        "kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1",
        "kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-rt");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0264_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a
    last seen2020-06-01
    modified2020-06-02
    plugin id132490
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132490
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0264)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0264. The text
    # itself is copyright (C) ZTE, Inc.
    
    include('compat.inc');
    
    if (description)
    {
      script_id(132490);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id(
        "CVE-2011-1079",
        "CVE-2016-10905",
        "CVE-2017-18550",
        "CVE-2017-18595",
        "CVE-2018-7191",
        "CVE-2018-12207",
        "CVE-2018-20836",
        "CVE-2018-20855",
        "CVE-2018-20976",
        "CVE-2019-0154",
        "CVE-2019-0155",
        "CVE-2019-3874",
        "CVE-2019-11135",
        "CVE-2019-11487",
        "CVE-2019-11884",
        "CVE-2019-12382",
        "CVE-2019-15213",
        "CVE-2019-15538",
        "CVE-2019-15807",
        "CVE-2019-15916",
        "CVE-2019-16413",
        "CVE-2019-17075"
      );
      script_bugtraq_id(
        46616,
        107488,
        108054,
        108196,
        108299,
        108380,
        108474
      );
    
      script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0264)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by
    multiple vulnerabilities:
    
      - The bnep_sock_ioctl function in
        net/bluetooth/bnep/sock.c in the Linux kernel before
        2.6.39 does not ensure that a certain device field ends
        with a '\0' character, which allows local users to
        obtain potentially sensitive information from kernel
        stack memory, or cause a denial of service (BUG and
        system crash), via a BNEPCONNADD command.
        (CVE-2011-1079)
    
      - An issue was discovered in fs/gfs2/rgrp.c in the Linux
        kernel before 4.8. A use-after-free is caused by the
        functions gfs2_clear_rgrpd and read_rindex_entry.
        (CVE-2016-10905)
    
      - An issue was discovered in
        drivers/scsi/aacraid/commctrl.c in the Linux kernel
        before 4.13. There is potential exposure of kernel stack
        memory because aac_get_hba_info does not initialize the
        hbainfo structure. (CVE-2017-18550)
    
      - An issue was discovered in the Linux kernel before
        4.14.11. A double free may be caused by the function
        allocate_trace_buffer in the file kernel/trace/trace.c.
        (CVE-2017-18595)
    
      - Improper invalidation for page table updates by a
        virtual guest operating system for multiple Intel(R)
        Processors may allow an authenticated user to
        potentially enable denial of service of the host system
        via local access. (CVE-2018-12207)
    
      - An issue was discovered in the Linux kernel before 4.20.
        There is a race condition in smp_task_timedout() and
        smp_task_done() in drivers/scsi/libsas/sas_expander.c,
        leading to a use-after-free. (CVE-2018-20836)
    
      - An issue was discovered in the Linux kernel before
        4.18.7. In create_qp_common in
        drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp
        was never initialized, resulting in a leak of stack
        memory to userspace. (CVE-2018-20855)
    
      - An issue was discovered in fs/xfs/xfs_super.c in the
        Linux kernel before 4.18. A use after free exists,
        related to xfs_fs_fill_super failure. (CVE-2018-20976)
    
      - In the tun subsystem in the Linux kernel before 4.13.14,
        dev_get_valid_name is not called before
        register_netdevice. This allows local users to cause a
        denial of service (NULL pointer dereference and panic)
        via an ioctl(TUNSETIFF) call with a dev name containing
        a / character. This is similar to CVE-2013-4343.
        (CVE-2018-7191)
    
      - Insufficient access control in subsystem for Intel (R)
        processor graphics in 6th, 7th, 8th and 9th Generation
        Intel(R) Core(TM) Processor Families; Intel(R)
        Pentium(R) Processor J, N, Silver and Gold Series;
        Intel(R) Celeron(R) Processor J, N, G3900 and G4900
        Series; Intel(R) Atom(R) Processor A and E3900 Series;
        Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100
        Processor Families may allow an authenticated user to
        potentially enable denial of service via local access.
        (CVE-2019-0154)
    
      - Insufficient access control in a subsystem for Intel (R)
        processor graphics in 6th, 7th, 8th and 9th Generation
        Intel(R) Core(TM) Processor Families; Intel(R)
        Pentium(R) Processor J, N, Silver and Gold Series;
        Intel(R) Celeron(R) Processor J, N, G3900 and G4900
        Series; Intel(R) Atom(R) Processor A and E3900 Series;
        Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and
        E-2200 Processor Families; Intel(R) Graphics Driver for
        Windows before 26.20.100.6813 (DCH) or 26.20.100.6812
        and before 21.20.x.5077 (aka15.45.5077), i915 Linux
        Driver for Intel(R) Processor Graphics before versions
        5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may
        allow an authenticated user to potentially enable
        escalation of privilege via local access.
        (CVE-2019-0155)
    
      - TSX Asynchronous Abort condition on some CPUs utilizing
        speculative execution may allow an authenticated user to
        potentially enable information disclosure via a side
        channel with local access. (CVE-2019-11135)
    
      - The Linux kernel before 5.1-rc5 allows page->_refcount
        reference count overflow, with resultant use-after-free
        issues, if about 140 GiB of RAM exists. This is related
        to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,
        include/linux/mm.h, include/linux/pipe_fs_i.h,
        kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can
        occur with FUSE requests. (CVE-2019-11487)
    
      - The do_hidp_sock_ioctl function in
        net/bluetooth/hidp/sock.c in the Linux kernel before
        5.0.15 allows a local user to obtain potentially
        sensitive information from kernel stack memory via a
        HIDPCONNADD command, because a name field may not end
        with a '\0' character. (CVE-2019-11884)
    
      - ** DISPUTED ** An issue was discovered in
        drm_load_edid_firmware in
        drivers/gpu/drm/drm_edid_load.c in the Linux kernel
        through 5.1.5. There is an unchecked kstrdup of fwstr,
        which might allow an attacker to cause a denial of
        service (NULL pointer dereference and system crash).
        NOTE: The vendor disputes this issues as not being a
        vulnerability because kstrdup() returning NULL is
        handled sufficiently and there is no chance for a NULL
        pointer dereference. (CVE-2019-12382)
    
      - An issue was discovered in the Linux kernel before
        5.2.3. There is a use-after-free caused by a malicious
        USB device in the drivers/media/usb/dvb-usb/dvb-usb-
        init.c driver. (CVE-2019-15213)
    
      - An issue was discovered in xfs_setattr_nonsize in
        fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS
        partially wedges when a chgrp fails on account of being
        out of disk quota. xfs_setattr_nonsize is failing to
        unlock the ILOCK after the xfs_qm_vop_chown_reserve call
        fails. This is primarily a local DoS attack vector, but
        it might result as well in remote DoS if the XFS
        filesystem is exported for instance via NFS.
        (CVE-2019-15538)
    
      - In the Linux kernel before 5.1.13, there is a memory
        leak in drivers/scsi/libsas/sas_expander.c when SAS
        expander discovery fails. This will cause a BUG and
        denial of service. (CVE-2019-15807)
    
      - An issue was discovered in the Linux kernel before
        5.0.1. There is a memory leak in
        register_queue_kobjects() in net/core/net-sysfs.c, which
        will cause denial of service. (CVE-2019-15916)
    
      - An issue was discovered in the Linux kernel before
        5.0.4. The 9p filesystem did not protect i_size_write()
        properly, which causes an i_size_read() infinite loop
        and denial of service on SMP systems. (CVE-2019-16413)
    
      - An issue was discovered in write_tpt_entry in
        drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel
        through 5.3.2. The cxgb4 driver is directly calling
        dma_map_single (a DMA function) from a stack variable.
        This could allow an attacker to trigger a Denial of
        Service, exploitable if this driver is used on an
        architecture for which this stack/DMA interaction has
        security relevance. (CVE-2019-17075)
    
      - The SCTP socket buffer used by a userspace application
        is not accounted by the cgroups subsystem. An attacker
        can use this flaw to cause a denial of service attack.
        Kernel 3.10.x and 4.18.x branches are believed to be
        vulnerable. (CVE-2019-3874)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0264");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for
    more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-20836");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/31");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL CORE 5.04" &&
        release !~ "CGSL MAIN 5.04")
      audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL CORE 5.04": [
        "kernel-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "kernel-core-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "perf-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "python-perf-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite",
        "python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite"
      ],
      "CGSL MAIN 5.04": [
        "kernel-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff",
        "kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff",
        "kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff",
        "kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff",
        "kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff",
        "kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff",
        "kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff",
        "kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff",
        "kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff",
        "kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff",
        "kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff",
        "kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff",
        "kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff",
        "kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff",
        "perf-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff",
        "perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff",
        "python-perf-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff",
        "python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1452.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.(CVE-2019-19447) - This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-10220) - ** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable.(CVE-2014-3180) - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e(CVE-2019-20054) - pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.(CVE-2019-19965)
    last seen2020-04-30
    modified2020-04-16
    plugin id135614
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135614
    titleEulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-1452)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135614);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/24");
    
      script_cve_id(
        "CVE-2014-3180",
        "CVE-2017-18549",
        "CVE-2017-18550",
        "CVE-2017-18551",
        "CVE-2017-18595",
        "CVE-2018-1000026",
        "CVE-2018-5803",
        "CVE-2019-10220",
        "CVE-2019-11833",
        "CVE-2019-12382",
        "CVE-2019-12456",
        "CVE-2019-12819",
        "CVE-2019-15090",
        "CVE-2019-15212",
        "CVE-2019-15216",
        "CVE-2019-15916",
        "CVE-2019-15924",
        "CVE-2019-16233",
        "CVE-2019-18806",
        "CVE-2019-19447",
        "CVE-2019-19537",
        "CVE-2019-19965",
        "CVE-2019-20054",
        "CVE-2019-3874"
      );
    
      script_name(english:"EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-1452)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - In the Linux kernel 5.0.21, mounting a crafted ext4
        filesystem image, performing some operations, and
        unmounting can lead to a use-after-free in
        ext4_put_super in fs/ext4/super.c, related to
        dump_orphan_list in fs/ext4/super.c.(CVE-2019-19447)
    
      - This candidate has been reserved by an organization or
        individual that will use it when announcing a new
        security problem. When the candidate has been
        publicized, the details for this candidate will be
        provided.(CVE-2019-10220)
    
      - ** DISPUTED ** In kernel/compat.c in the Linux kernel
        before 3.17, as used in Google Chrome OS and other
        products, there is a possible out-of-bounds read.
        restart_syscall uses uninitialized data when restarting
        compat_sys_nanosleep. NOTE: this is disputed because
        the code path is unreachable.(CVE-2014-3180)
    
      - In the Linux kernel before 5.0.6, there is a NULL
        pointer dereference in drop_sysctl_table() in
        fs/proc/proc_sysctl.c, related to put_links, aka
        CID-23da9588037e(CVE-2019-20054)
    
      - pointer dereference in
        drivers/scsi/libsas/sas_discover.c because of
        mishandling of port disconnection during discovery,
        related to a PHY down race condition, aka
        CID-f70267f379b5.(CVE-2019-19965)'
    
      - In the Linux kernel before 5.2.10, there is a race
        condition bug that can be caused by a malicious USB
        device in the USB character device driver layer, aka
        CID-303911cfc5b9. This affects
        drivers/usb/core/file.c.(CVE-2019-19537)
    
      - Linux Linux kernel version at least v4.8 onwards,
        probably well before contains a Insufficient input
        validation vulnerability in bnx2x network card driver
        that can result in DoS: Network card firmware assertion
        takes card off-line. This attack appear to be
        exploitable via An attacker on a must pass a very
        large, specially crafted packet to the bnx2x card. This
        can be done from an untrusted guest
        VM..(CVE-2018-1000026)
    
      - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel
        5.2.14 does not check the alloc_workqueue return value,
        leading to a NULL pointer dereference.(CVE-2019-16233)
    
      - The SCTP socket buffer used by a userspace application
        is not accounted by the cgroups subsystem. An attacker
        can use this flaw to cause a denial of service attack.
        Kernel 3.10.x and 4.18.x branches are believed to be
        vulnerable.(CVE-2019-3874)
    
      - fs/ext4/extents.c in the Linux kernel through 5.1.2
        does not zero out the unused memory region in the
        extent tree block, which might allow local users to
        obtain sensitive information by reading uninitialized
        data in the filesystem.(CVE-2019-11833)
    
      - A memory leak in the ql_alloc_large_buffers() function
        in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux
        kernel before 5.3.5 allows local users to cause a
        denial of service (memory consumption) by triggering
        pci_dma_mapping_error() failures, aka
        CID-1acb8f2a7a9f.(CVE-2019-18806)
    
      - An issue was discovered in the Linux kernel before
        5.0.11. fm10k_init_module in
        drivers/net/ethernet/intel/fm10k/fm10k_main.c has a
        NULL pointer dereference because there is no -ENOMEM
        upon an alloc_workqueue failure.(CVE-2019-15924)
    
      - An issue was discovered in the Linux kernel before
        5.0.1. There is a memory leak in
        register_queue_kobjects() in net/core/net-sysfs.c,
        which will cause denial of service.(CVE-2019-15916)
    
      - An issue was discovered in the Linux kernel before
        5.0.14. There is a NULL pointer dereference caused by a
        malicious USB device in the drivers/usb/misc/yurex.c
        driver.(CVE-2019-15216)
    
      - An issue was discovered in the Linux kernel before
        5.1.8. There is a double-free caused by a malicious USB
        device in the drivers/usb/misc/rio500.c
        driver.(CVE-2019-15212)
    
      - An issue was discovered in drivers/scsi/qedi/qedi_dbg.c
        in the Linux kernel before 5.1.12. In the qedi_dbg_*
        family of functions, there is an out-of-bounds
        read.(CVE-2019-15090)
    
      - An issue was discovered in the Linux kernel before 5.0.
        The function __mdiobus_register() in
        drivers/net/phy/mdio_bus.c calls put_device(), which
        will trigger a fixed_mdio_bus_init use-after-free. This
        will cause a denial of service.(CVE-2019-12819)
    
      - ** DISPUTED ** An issue was discovered in the
        MPT3COMMAND case in _ctl_ioctl_main in
        drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel
        through 5.1.5. It allows local users to cause a denial
        of service or possibly have unspecified other impact by
        changing the value of ioc_number between two kernel
        reads of that value, aka a 'double fetch'
        vulnerability. NOTE: a third party reports that this is
        unexploitable because the doubly fetched value is not
        used.(CVE-2019-12456)
    
      - An issue was discovered in drm_load_edid_firmware in
        drivers/gpu/drm/drm_edid_load.c in the Linux kernel
        through 5.1.5. There is an unchecked kstrdup of fwstr,
        which might allow an attacker to cause a denial of
        service (NULL pointer dereference and system crash).
        NOTE: The vendor disputes this issues as not being a
        vulnerability because kstrdup() returning NULL is
        handled sufficiently and there is no chance for a NULL
        pointer dereference.(CVE-2019-12382)
    
      - In the Linux Kernel before version 4.15.8, 4.14.25,
        4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the
        '_sctp_make_chunk()' function
        (net/sctp/sm_make_chunk.c) when handling SCTP packets
        length can be exploited to cause a kernel
        crash.(CVE-2018-5803)
    
      - An issue was discovered in the Linux kernel before
        4.14.11. A double free may be caused by the function
        allocate_trace_buffer in the file
        kernel/trace/trace.c.(CVE-2017-18595)
    
      - An issue was discovered in drivers/i2c/i2c-core-smbus.c
        in the Linux kernel before 4.14.15. There is an out of
        bounds write in the function
        i2c_smbus_xfer_emulated.(CVE-2017-18551)
    
      - An issue was discovered in
        drivers/scsi/aacraid/commctrl.c in the Linux kernel
        before 4.13. There is potential exposure of kernel
        stack memory because aac_get_hba_info does not
        initialize the hbainfo structure.(CVE-2017-18550)
    
      - An issue was discovered in
        drivers/scsi/aacraid/commctrl.c in the Linux kernel
        before 4.13. There is potential exposure of kernel
        stack memory because aac_send_raw_srb does not
        initialize the reply structure.(CVE-2017-18549)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1452
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f070bac5");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.2");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.2.2") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.2");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-862.14.1.6_72",
            "kernel-devel-3.10.0-862.14.1.6_72",
            "kernel-headers-3.10.0-862.14.1.6_72",
            "kernel-tools-3.10.0-862.14.1.6_72",
            "kernel-tools-libs-3.10.0-862.14.1.6_72",
            "kernel-tools-libs-devel-3.10.0-862.14.1.6_72",
            "perf-3.10.0-862.14.1.6_72",
            "python-perf-3.10.0-862.14.1.6_72"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }