Vulnerabilities > CVE-2017-9985 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linux
canonical
CWE-125
nessus
NVD
Published: 2017-06-28
Updated: 2023-02-24

Summary

The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.

Vulnerable Configurations

Part Description Count
OS
Linux
2537
OS
Canonical
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3469-1.NASL
    descriptionAnthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2017-10911) Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). (CVE-2017-12153) It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash). It was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12192) It was discovered that an integer overflow existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-14051) It was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14156) Dave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340) ChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14489) It was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14991) Dmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts to set reserved bits in a task
    last seen2020-06-01
    modified2020-06-02
    plugin id104320
    published2017-11-01
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104320
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3469-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3469-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(104320);
  script_version("3.8");
  script_cvs_date("Date: 2019/09/18 12:31:47");

  script_cve_id("CVE-2017-10911", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12192", "CVE-2017-14051", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-15537", "CVE-2017-9984", "CVE-2017-9985");
  script_xref(name:"USN", value:"3469-1");

  script_name(english:"Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3469-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Anthony Perard discovered that the Xen virtual block driver did not
properly initialize some data structures before passing them to user
space. A local attacker in a guest VM could use this to expose
sensitive information from the host OS or other guest VMs.
(CVE-2017-10911)

Bo Zhang discovered that the netlink wireless configuration interface
in the Linux kernel did not properly validate attributes when handling
certain requests. A local attacker with the CAP_NET_ADMIN could use
this to cause a denial of service (system crash). (CVE-2017-12153)

It was discovered that the nested KVM implementation in the Linux
kernel in some situations did not properly prevent second level guests
from reading and writing the hardware CR8 register. A local attacker
in a guest could use this to cause a denial of service (system crash).

It was discovered that the key management subsystem in the Linux
kernel did not properly restrict key reads on negatively instantiated
keys. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12192)

It was discovered that an integer overflow existed in the sysfs
interface for the QLogic 24xx+ series SCSI driver in the Linux kernel.
A local privileged attacker could use this to cause a denial of
service (system crash). (CVE-2017-14051)

It was discovered that the ATI Radeon framebuffer driver in the Linux
kernel did not properly initialize a data structure returned to user
space. A local attacker could use this to expose sensitive information
(kernel memory). (CVE-2017-14156)

Dave Chinner discovered that the XFS filesystem did not enforce that
the realtime inode flag was settable only on filesystems on a realtime
device. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-14340)

ChunYu Wang discovered that the iSCSI transport implementation in the
Linux kernel did not properly validate data structures. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2017-14489)

It was discovered that the generic SCSI driver in the Linux kernel did
not properly initialize data returned to user space in some
situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2017-14991)

Dmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem
in the Linux kernel did not properly handle attempts to set reserved
bits in a task's extended state (xstate) area. A local attacker could
use this to cause a denial of service (system crash). (CVE-2017-15537)

Pengfei Wang discovered that the Turtle Beach MultiSound audio device
driver in the Linux kernel contained race conditions when fetching
from the ring-buffer. A local attacker could use this to cause a
denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/3469-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-gke");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/10/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2017-10911", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12192", "CVE-2017-14051", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-15537", "CVE-2017-9984", "CVE-2017-9985");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3469-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1009-kvm", pkgver:"4.4.0-1009.14")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1033-gke", pkgver:"4.4.0-1033.33")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1039-aws", pkgver:"4.4.0-1039.48")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1076-raspi2", pkgver:"4.4.0-1076.84")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1078-snapdragon", pkgver:"4.4.0-1078.83")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-98-generic", pkgver:"4.4.0-98.121")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-98-generic-lpae", pkgver:"4.4.0-98.121")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-98-lowlatency", pkgver:"4.4.0-98.121")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-aws", pkgver:"4.4.0.1039.41")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic", pkgver:"4.4.0.98.103")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-lpae", pkgver:"4.4.0.98.103")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-gke", pkgver:"4.4.0.1033.34")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-kvm", pkgver:"4.4.0.1009.9")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-lowlatency", pkgver:"4.4.0.98.103")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-raspi2", pkgver:"4.4.0.1076.76")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-snapdragon", pkgver:"4.4.0.1078.70")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.4-aws / linux-image-4.4-generic / etc");
}
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3754-1.NASL
    descriptionRalf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service (system crash). (CVE-2016-10208) It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses). (CVE-2017-11472) It was discovered that a buffer overflow existed in the ACPI table parsing implementation in the Linux kernel. A local attacker could use this to construct a malicious ACPI table that, when loaded, caused a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11473) It was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14991) It was discovered that a race condition existed in the packet fanout implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15649) Andrey Konovalov discovered that the Ultra Wide Band driver in the Linux kernel did not properly check for an error condition. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16526) Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16527) Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel did not properly validate USB audio buffer descriptors. A physically proximate attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16529) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB interface association descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16531) Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB HID descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16533) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB BOS metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16535) Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536) Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537) It was discovered that the DM04/QQBOX USB driver in the Linux kernel did not properly handle device attachment and warm-start. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16538) Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16643) Andrey Konovalov discovered that the video4linux driver for Hauppauge HD PVR USB devices in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16644) Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650) It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911) It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912) It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913) It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16914) It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558) It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18255) It was discovered that the keyring subsystem in the Linux kernel did not properly prevent a user from creating keyrings for other users. A local attacker could use this cause a denial of service or expose sensitive information. (CVE-2017-18270) Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS. (CVE-2017-2583) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory). (CVE-2017-2584) It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549) Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897) Andrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-6345) Dmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348) Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm. (CVE-2017-7518) Tuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645) Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV Decoder driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8831) Pengfei Wang discovered that the Turtle Beach MultiSound audio device driver in the Linux kernel contained race conditions when fetching from the ring-buffer. A local attacker could use this to cause a denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985) It was discovered that the wait4() system call in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10087) It was discovered that the kill() system call implementation in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10124) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323) Zhong Jiang discovered that a use-after-free vulnerability existed in the NUMA memory policy implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10675) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. (CVE-2018-1092) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1093) It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940) Shankara Pailoor discovered that the JFS filesystem implementation in the Linux kernel contained a buffer overflow when handling extended attributes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-12233) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly handle an error condition with a corrupted xfs image. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13094) It was discovered that the Linux kernel did not properly handle setgid file creation when performed by a non-member of the group. A local attacker could use this to gain elevated privileges. (CVE-2018-13405) Silvio Cesare discovered that the generic VESA frame buffer driver in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-13406) Daniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-2671) It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-1000204) It was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id112113
    published2018-08-24
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112113
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-3754-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3754-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(112113);
  script_version("1.6");
  script_cvs_date("Date: 2019/09/18 12:31:48");

  script_cve_id("CVE-2016-10208", "CVE-2017-11472", "CVE-2017-11473", "CVE-2017-14991", "CVE-2017-15649", "CVE-2017-16526", "CVE-2017-16527", "CVE-2017-16529", "CVE-2017-16531", "CVE-2017-16532", "CVE-2017-16533", "CVE-2017-16535", "CVE-2017-16536", "CVE-2017-16537", "CVE-2017-16538", "CVE-2017-16643", "CVE-2017-16644", "CVE-2017-16645", "CVE-2017-16650", "CVE-2017-16911", "CVE-2017-16912", "CVE-2017-16913", "CVE-2017-16914", "CVE-2017-17558", "CVE-2017-18255", "CVE-2017-18270", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-2671", "CVE-2017-5549", "CVE-2017-5897", "CVE-2017-6345", "CVE-2017-6348", "CVE-2017-7518", "CVE-2017-7645", "CVE-2017-8831", "CVE-2017-9984", "CVE-2017-9985", "CVE-2018-1000204", "CVE-2018-10021", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-10323", "CVE-2018-10675", "CVE-2018-10877", "CVE-2018-10881", "CVE-2018-1092", "CVE-2018-1093", "CVE-2018-10940", "CVE-2018-12233", "CVE-2018-13094", "CVE-2018-13405", "CVE-2018-13406");
  script_xref(name:"USN", value:"3754-1");

  script_name(english:"Ubuntu 14.04 LTS : linux vulnerabilities (USN-3754-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Ralf Spenneberg discovered that the ext4 implementation in the Linux
kernel did not properly validate meta block groups. An attacker with
physical access could use this to specially craft an ext4 image that
causes a denial of service (system crash). (CVE-2016-10208)

It was discovered that an information disclosure vulnerability existed
in the ACPI implementation of the Linux kernel. A local attacker could
use this to expose sensitive information (kernel memory addresses).
(CVE-2017-11472)

It was discovered that a buffer overflow existed in the ACPI table
parsing implementation in the Linux kernel. A local attacker could use
this to construct a malicious ACPI table that, when loaded, caused a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-11473)

It was discovered that the generic SCSI driver in the Linux kernel did
not properly initialize data returned to user space in some
situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2017-14991)

It was discovered that a race condition existed in the packet fanout
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-15649)

Andrey Konovalov discovered that the Ultra Wide Band driver in the
Linux kernel did not properly check for an error condition. A
physically proximate attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.
(CVE-2017-16526)

Andrey Konovalov discovered that the ALSA subsystem in the Linux
kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2017-16527)

Andrey Konovalov discovered that the ALSA subsystem in the Linux
kernel did not properly validate USB audio buffer descriptors. A
physically proximate attacker could use this cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-16529)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel
did not properly validate USB interface association descriptors. A
physically proximate attacker could use this to cause a denial of
service (system crash). (CVE-2017-16531)

Andrey Konovalov discovered that the usbtest device driver in the
Linux kernel did not properly validate endpoint metadata. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-16532)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel
did not properly validate USB HID descriptors. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2017-16533)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel
did not properly validate USB BOS metadata. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2017-16535)

Andrey Konovalov discovered that the Conexant cx231xx USB video
capture driver in the Linux kernel did not properly validate interface
descriptors. A physically proximate attacker could use this to cause a
denial of service (system crash). (CVE-2017-16536)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the
Linux kernel did not properly validate device metadata. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-16537)

It was discovered that the DM04/QQBOX USB driver in the Linux kernel
did not properly handle device attachment and warm-start. A physically
proximate attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2017-16538)

Andrey Konovalov discovered an out-of-bounds read in the GTCO
digitizer USB driver for the Linux kernel. A physically proximate
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-16643)

Andrey Konovalov discovered that the video4linux driver for Hauppauge
HD PVR USB devices in the Linux kernel did not properly handle some
error conditions. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-16644)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB
driver in the Linux kernel did not properly validate device
descriptors. A physically proximate attacker could use this to cause a
denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the QMI WWAN USB driver did not
properly validate device descriptors. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2017-16650)

It was discovered that the USB Virtual Host Controller Interface
(VHCI) driver in the Linux kernel contained an information disclosure
vulnerability. A physically proximate attacker could use this to
expose sensitive information (kernel memory). (CVE-2017-16911)

It was discovered that the USB over IP implementation in the Linux
kernel did not validate endpoint numbers. A remote attacker could use
this to cause a denial of service (system crash). (CVE-2017-16912)

It was discovered that the USB over IP implementation in the Linux
kernel did not properly validate CMD_SUBMIT packets. A remote attacker
could use this to cause a denial of service (excessive memory
consumption). (CVE-2017-16913)

It was discovered that the USB over IP implementation in the Linux
kernel contained a NULL pointer dereference error. A remote attacker
could use this to cause a denial of service (system crash).
(CVE-2017-16914)

It was discovered that the core USB subsystem in the Linux kernel did
not validate the number of configurations and interfaces in a device.
A physically proximate attacker could use this to cause a denial of
service (system crash). (CVE-2017-17558)

It was discovered that an integer overflow existed in the perf
subsystem of the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2017-18255)

It was discovered that the keyring subsystem in the Linux kernel did
not properly prevent a user from creating keyrings for other users. A
local attacker could use this cause a denial of service or expose
sensitive information. (CVE-2017-18270)

Andy Lutomirski and Willy Tarreau discovered that the KVM
implementation in the Linux kernel did not properly emulate
instructions on the SS segment register. A local attacker in a guest
virtual machine could use this to cause a denial of service (guest OS
crash) or possibly gain administrative privileges in the guest OS.
(CVE-2017-2583)

Dmitry Vyukov discovered that the KVM implementation in the Linux
kernel improperly emulated certain instructions. A local attacker
could use this to obtain sensitive information (kernel memory).
(CVE-2017-2584)

It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver
in the Linux kernel did not properly initialize memory related to
logging. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2017-5549)

Andrey Konovalov discovered an out-of-bounds access in the IPv6
Generic Routing Encapsulation (GRE) tunneling implementation in the
Linux kernel. An attacker could use this to possibly expose sensitive
information. (CVE-2017-5897)

Andrey Konovalov discovered that the LLC subsytem in the Linux kernel
did not properly set up a destructor in certain situations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2017-6345)

Dmitry Vyukov discovered race conditions in the Infrared (IrDA)
subsystem in the Linux kernel. A local attacker could use this to
cause a denial of service (deadlock). (CVE-2017-6348)

Andy Lutomirski discovered that the KVM implementation in the Linux
kernel was vulnerable to a debug exception error when single-stepping
through a syscall. A local attacker in a non-Linux guest vm could
possibly use this to gain administrative privileges in the guest vm.
(CVE-2017-7518)

Tuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3
server implementations in the Linux kernel did not properly handle
certain long RPC replies. A remote attacker could use this to cause a
denial of service (system crash). (CVE-2017-7645)

Pengfei Wang discovered that a race condition existed in the NXP
SAA7164 TV Decoder driver for the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2017-8831)

Pengfei Wang discovered that the Turtle Beach MultiSound audio device
driver in the Linux kernel contained race conditions when fetching
from the ring-buffer. A local attacker could use this to cause a
denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985)

It was discovered that the wait4() system call in the Linux kernel did
not properly validate its arguments in some situations. A local
attacker could possibly use this to cause a denial of service.
(CVE-2018-10087)

It was discovered that the kill() system call implementation in the
Linux kernel did not properly validate its arguments in some
situations. A local attacker could possibly use this to cause a denial
of service. (CVE-2018-10124)

Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate meta-data information. An attacker
could use this to construct a malicious xfs image that, when mounted,
could cause a denial of service (system crash). (CVE-2018-10323)

Zhong Jiang discovered that a use-after-free vulnerability existed in
the NUMA memory policy implementation in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-10675)

Wen Xu discovered that a buffer overflow existed in the ext4
filesystem implementation in the Linux kernel. An attacker could use
this to construct a malicious ext4 image that, when mounted, could
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-10877)

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly keep meta-data information consistent in some
situations. An attacker could use this to construct a malicious ext4
image that, when mounted, could cause a denial of service (system
crash). (CVE-2018-10881)

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations.
An attacker could use this to specially craft an ext4 file system that
caused a denial of service (system crash) when mounted.
(CVE-2018-1092)

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations.
An attacker could use this to specially craft an ext4 filesystem that
caused a denial of service (system crash) when mounted.
(CVE-2018-1093)

It was discovered that the cdrom driver in the Linux kernel contained
an incorrect bounds check. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-10940)

Shankara Pailoor discovered that the JFS filesystem implementation in
the Linux kernel contained a buffer overflow when handling extended
attributes. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.
(CVE-2018-12233)

Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly handle an error condition with a corrupted xfs
image. An attacker could use this to construct a malicious xfs image
that, when mounted, could cause a denial of service (system crash).
(CVE-2018-13094)

It was discovered that the Linux kernel did not properly handle setgid
file creation when performed by a non-member of the group. A local
attacker could use this to gain elevated privileges. (CVE-2018-13405)

Silvio Cesare discovered that the generic VESA frame buffer driver in
the Linux kernel contained an integer overflow. A local attacker could
use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2018-13406)

Daniel Jiang discovered that a race condition existed in the ipv4 ping
socket implementation in the Linux kernel. A local privileged attacker
could use this to cause a denial of service (system crash).
(CVE-2017-2671)

It was discovered that an information leak existed in the generic SCSI
driver in the Linux kernel. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-1000204)

It was discovered that a memory leak existed in the Serial Attached
SCSI (SAS) implementation in the Linux kernel. A physically proximate
attacker could use this to cause a denial of service (memory
exhaustion). (CVE-2018-10021).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/3754-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2016-10208", "CVE-2017-11472", "CVE-2017-11473", "CVE-2017-14991", "CVE-2017-15649", "CVE-2017-16526", "CVE-2017-16527", "CVE-2017-16529", "CVE-2017-16531", "CVE-2017-16532", "CVE-2017-16533", "CVE-2017-16535", "CVE-2017-16536", "CVE-2017-16537", "CVE-2017-16538", "CVE-2017-16643", "CVE-2017-16644", "CVE-2017-16645", "CVE-2017-16650", "CVE-2017-16911", "CVE-2017-16912", "CVE-2017-16913", "CVE-2017-16914", "CVE-2017-17558", "CVE-2017-18255", "CVE-2017-18270", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-2671", "CVE-2017-5549", "CVE-2017-5897", "CVE-2017-6345", "CVE-2017-6348", "CVE-2017-7518", "CVE-2017-7645", "CVE-2017-8831", "CVE-2017-9984", "CVE-2017-9985", "CVE-2018-1000204", "CVE-2018-10021", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-10323", "CVE-2018-10675", "CVE-2018-10877", "CVE-2018-10881", "CVE-2018-1092", "CVE-2018-1093", "CVE-2018-10940", "CVE-2018-12233", "CVE-2018-13094", "CVE-2018-13405", "CVE-2018-13406");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3754-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-157-generic", pkgver:"3.13.0-157.207")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-157-generic-lpae", pkgver:"3.13.0-157.207")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-157-lowlatency", pkgver:"3.13.0-157.207")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-generic", pkgver:"3.13.0.157.167")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-generic-lpae", pkgver:"3.13.0.157.167")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-lowlatency", pkgver:"3.13.0.157.167")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc");
}
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1523.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a
    last seen2020-03-19
    modified2019-05-14
    plugin id124976
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124976
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1523)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(124976);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");

  script_cve_id(
    "CVE-2013-2899",
    "CVE-2014-3601",
    "CVE-2014-6410",
    "CVE-2015-0572",
    "CVE-2015-8709",
    "CVE-2015-8953",
    "CVE-2016-10150",
    "CVE-2016-3841",
    "CVE-2016-4805",
    "CVE-2016-9120",
    "CVE-2017-10663",
    "CVE-2017-11473",
    "CVE-2017-12168",
    "CVE-2017-12193",
    "CVE-2017-14489",
    "CVE-2017-16644",
    "CVE-2017-16648",
    "CVE-2017-7533",
    "CVE-2017-9985",
    "CVE-2018-10879"
  );
  script_bugtraq_id(
    62046,
    69489,
    69799
  );

  script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1523)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing multiple security
updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS Virtualization for ARM 64 installation on the remote host is
affected by the following vulnerabilities :

  - The snd_msndmidi_input_read function in
    sound/isa/msnd/msnd_midi.c in the Linux kernel through
    4.11.7 allows local users to cause a denial of service
    (over-boundary access) or possibly have unspecified
    other impact by changing the value of a message queue
    head pointer between two kernel reads of that value,
    aka a 'double fetch' vulnerability.(CVE-2017-9985i1/4%0

  - An assertion failure issue was found in the Linux
    kernel's KVM hypervisor module built to support
    visualization on ARM64 architecture platforms. The
    failure could occur while accessing Performance
    Monitors Cycle Count Register (PMCCNTR) from a guest. A
    privileged guest user could use this flaw to crash the
    host kernel resulting in denial of
    service.(CVE-2017-12168i1/4%0

  - The iscsi_if_rx() function in
    'drivers/scsi/scsi_transport_iscsi.c' in the Linux
    kernel from v2.6.24-rc1 through 4.13.2 allows local
    users to cause a denial of service (a system panic) by
    making a number of certain syscalls by leveraging
    incorrect length validation in the kernel
    code.(CVE-2017-14489i1/4%0

  - The hdpvr_probe function in
    drivers/media/usb/hdpvr/hdpvr-core.c in the Linux
    kernel through 4.13.11 allows local users to cause a
    denial of service (improper error handling and system
    crash) or possibly have unspecified other impact via a
    crafted USB device.(CVE-2017-16644i1/4%0

  - The dvb frontend management subsystem in the Linux
    kernel contains a use-after-free which can allow a
    malicious user to write to memory that may be assigned
    to another kernel structure. This could create memory
    corruption, panic, or possibly other side
    affects.(CVE-2017-16648i1/4%0

  - It was found that the Linux kernel's IPv6
    implementation mishandled socket options. A local
    attacker could abuse concurrent access to the socket
    options to escalate their privileges, or cause a denial
    of service (use-after-free and system crash) via a
    crafted sendmsg system call.(CVE-2016-3841i1/4%0

  - A flaw was found in the Linux kernel's ext4 filesystem.
    A local user can cause a use-after-free in
    ext4_xattr_set_entry function and a denial of service
    or unspecified other impact may occur by renaming a
    file in a crafted ext4 filesystem
    image.(CVE-2018-10879i1/4%0

  - A race condition was found in the Linux kernel, present
    since v3.14-rc1 through v4.12. The race happens between
    threads of inotify_handle_event() and vfs_rename()
    while running the rename operation against the same
    file. As a result of the race the next slab data or the
    slab's free list pointer can be corrupted with
    attacker-controlled data, which may lead to the
    privilege escalation.(CVE-2017-7533i1/4%0

  - A privilege-escalation vulnerability was discovered in
    the Linux kernel built with User Namespace
    (CONFIG_USER_NS) support. The flaw occurred when the
    ptrace() system call was used on a root-owned process
    to enter a user namespace. A privileged namespace user
    could exploit this flaw to potentially escalate their
    privileges on the system, outside the original
    namespace.(CVE-2015-8709i1/4%0

  - Use-after-free vulnerability in
    drivers/net/ppp/ppp_generic.c in the Linux kernel
    before 4.5.2 allows local users to cause a denial of
    service (memory corruption and system crash, or
    spinlock) or possibly have unspecified other impact by
    removing a network namespace, related to the
    ppp_register_net_channel and ppp_unregister_channel
    functions.(CVE-2016-4805i1/4%0

  - A flaw was found in the way the Linux kernel's
    kvm_iommu_map_pages() function handled IOMMU mapping
    failures. A privileged user in a guest with an assigned
    host device could use this flaw to crash the
    host.(CVE-2014-3601i1/4%0

  - A flaw was found in the Linux kernel's implementation
    of associative arrays introduced in 3.13. This
    functionality was backported to the 3.10 kernels in Red
    Hat Enterprise Linux 7. The flaw involved a null
    pointer dereference in assoc_array_apply_edit() due to
    incorrect node-splitting in assoc_array implementation.
    This affects the keyring key type and thus key addition
    and link creation operations may cause the kernel to
    panic.(CVE-2017-12193i1/4%0

  - Multiple race conditions in drivers/char/adsprpc.c and
    drivers/char/adsprpc_compat.c in the ADSPRPC driver for
    the Linux kernel 3.x, as used in Qualcomm Innovation
    Center (QuIC) Android contributions for MSM devices and
    other products, allow attackers to cause a denial of
    service (zero-value write) or possibly have unspecified
    other impact via a COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl
    call.(CVE-2015-0572i1/4%0

  - The sanity_check_ckpt function in fs/f2fs/super.c in
    the Linux kernel before version 4.12.4 does not
    validate the blkoff and segno arrays. This allows an
    unprivileged, local user to cause a system panic and
    DoS. Due to the nature of the flaw, privilege
    escalation cannot be fully ruled out, although we
    believe it is unlikely.(CVE-2017-10663i1/4%0

  - A stack overflow flaw caused by infinite recursion was
    found in the way the Linux kernel's Universal Disk
    Format (UDF) file system implementation processed
    indirect Information Control Blocks (ICBs). An attacker
    with physical access to the system could use a
    specially crafted UDF image to crash the
    system.(CVE-2014-6410i1/4%0

  - Race condition in the ion_ioctl function in
    drivers/staging/android/ion/ion.c in the Linux kernel
    before 4.6 allows local users to gain privileges or
    cause a denial of service (use-after-free) by calling
    ION_IOC_FREE on two CPUs at the same
    time.(CVE-2016-9120i1/4%0

  - drivers/hid/hid-picolcd_core.c in the Human Interface
    Device (HID) subsystem in the Linux kernel through
    3.11, when CONFIG_HID_PICOLCD is enabled, allows
    physically proximate attackers to cause a denial of
    service (NULL pointer dereference and OOPS) via a
    crafted device.(CVE-2013-2899i1/4%0

  - A flaw was found in the Linux kernel's implementation
    of overlayfs. An attacker can leak file resources in
    the system by opening a large file with write
    permissions on a overlay filesystem that is
    insufficient to deal with the size of the write.When
    unmounting the underlying device, the system is unable
    to free an inode and this will consume resources.
    Repeating this for all available inodes and memory will
    create a denial of service situation.(CVE-2015-8953i1/4%0

  - Buffer overflow in the mp_override_legacy_irq()
    function in arch/x86/kernel/acpi/boot.c in the Linux
    kernel through 4.12.2 allows local users to gain
    privileges via a crafted ACPI table.(CVE-2017-11473i1/4%0

  - Use-after-free vulnerability in the
    kvm_ioctl_create_device function in virt/kvm/kvm_main.c
    in the Linux kernel before 4.8.13 allows host OS users
    to cause a denial of service (host OS crash) or
    possibly gain privileges via crafted ioctl calls on the
    /dev/kvm device.(CVE-2016-10150i1/4%0

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1523
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1ab359ca");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["kernel-4.19.28-1.2.117",
        "kernel-devel-4.19.28-1.2.117",
        "kernel-headers-4.19.28-1.2.117",
        "kernel-tools-4.19.28-1.2.117",
        "kernel-tools-libs-4.19.28-1.2.117",
        "kernel-tools-libs-devel-4.19.28-1.2.117",
        "perf-4.19.28-1.2.117",
        "python-perf-4.19.28-1.2.117"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3469-2.NASL
    descriptionUSN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2017-10911) Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. A local attacker with the CAP_NET_ADMIN could use this to cause a denial of service (system crash). (CVE-2017-12153) It was discovered that the nested KVM implementation in the Linux kernel in some situations did not properly prevent second level guests from reading and writing the hardware CR8 register. A local attacker in a guest could use this to cause a denial of service (system crash). It was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-12192) It was discovered that an integer overflow existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-14051) It was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14156) Dave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340) ChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14489) It was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14991) Dmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in the Linux kernel did not properly handle attempts to set reserved bits in a task
    last seen2020-06-01
    modified2020-06-02
    plugin id104321
    published2017-11-01
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104321
    titleUbuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3469-2)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3469-2. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(104321);
  script_version("3.8");
  script_cvs_date("Date: 2019/09/18 12:31:47");

  script_cve_id("CVE-2017-10911", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12192", "CVE-2017-14051", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-15537", "CVE-2017-9984", "CVE-2017-9985");
  script_xref(name:"USN", value:"3469-2");

  script_name(english:"Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3469-2)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

Anthony Perard discovered that the Xen virtual block driver did not
properly initialize some data structures before passing them to user
space. A local attacker in a guest VM could use this to expose
sensitive information from the host OS or other guest VMs.
(CVE-2017-10911)

Bo Zhang discovered that the netlink wireless configuration interface
in the Linux kernel did not properly validate attributes when handling
certain requests. A local attacker with the CAP_NET_ADMIN could use
this to cause a denial of service (system crash). (CVE-2017-12153)

It was discovered that the nested KVM implementation in the Linux
kernel in some situations did not properly prevent second level guests
from reading and writing the hardware CR8 register. A local attacker
in a guest could use this to cause a denial of service (system crash).

It was discovered that the key management subsystem in the Linux
kernel did not properly restrict key reads on negatively instantiated
keys. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12192)

It was discovered that an integer overflow existed in the sysfs
interface for the QLogic 24xx+ series SCSI driver in the Linux kernel.
A local privileged attacker could use this to cause a denial of
service (system crash). (CVE-2017-14051)

It was discovered that the ATI Radeon framebuffer driver in the Linux
kernel did not properly initialize a data structure returned to user
space. A local attacker could use this to expose sensitive information
(kernel memory). (CVE-2017-14156)

Dave Chinner discovered that the XFS filesystem did not enforce that
the realtime inode flag was settable only on filesystems on a realtime
device. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-14340)

ChunYu Wang discovered that the iSCSI transport implementation in the
Linux kernel did not properly validate data structures. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2017-14489)

It was discovered that the generic SCSI driver in the Linux kernel did
not properly initialize data returned to user space in some
situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2017-14991)

Dmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem
in the Linux kernel did not properly handle attempts to set reserved
bits in a task's extended state (xstate) area. A local attacker could
use this to cause a denial of service (system crash). (CVE-2017-15537)

Pengfei Wang discovered that the Turtle Beach MultiSound audio device
driver in the Linux kernel contained race conditions when fetching
from the ring-buffer. A local attacker could use this to cause a
denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/3469-2/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/10/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2017-10911", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-12192", "CVE-2017-14051", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-14489", "CVE-2017-14991", "CVE-2017-15537", "CVE-2017-9984", "CVE-2017-9985");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3469-2");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-98-generic", pkgver:"4.4.0-98.121~14.04.1")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-98-generic-lpae", pkgver:"4.4.0-98.121~14.04.1")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-98-lowlatency", pkgver:"4.4.0-98.121~14.04.1")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-generic-lpae-lts-xenial", pkgver:"4.4.0.98.82")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-generic-lts-xenial", pkgver:"4.4.0.98.82")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-lowlatency-lts-xenial", pkgver:"4.4.0.98.82")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc");
}

References