Vulnerabilities > CVE-2018-10675 - Use After Free vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linux
redhat
canonical
CWE-416
nessus

Summary

The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.

Vulnerable Configurations

Part Description Count
OS
Linux
2596
OS
Redhat
20
OS
Canonical
1
Application
Redhat
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180814_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor
    last seen2020-03-18
    modified2018-08-16
    plugin id111778
    published2018-08-16
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111778
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20180814) (Foreshadow)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111778);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
    
      script_cve_id("CVE-2017-13215", "CVE-2018-10675", "CVE-2018-3620", "CVE-2018-3646", "CVE-2018-3693", "CVE-2018-5390", "CVE-2018-7566");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL7.x x86_64 (20180814) (Foreshadow)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - Modern operating systems implement virtualization of
        physical memory to efficiently use available system
        resources and provide inter-domain protection through
        access control and isolation. The L1TF issue was found
        in the way the x86 microprocessor designs have
        implemented speculative execution of instructions (a
        commonly used performance optimisation) in combination
        with handling of page-faults caused by terminated
        virtual to physical address resolving process. As a
        result, an unprivileged attacker could use this flaw to
        read privileged memory of the kernel or other processes
        and/or cross guest/host boundaries to read host memory
        by conducting targeted cache side-channel attacks.
        (CVE-2018-3620, CVE-2018-3646)
    
      - An industry-wide issue was found in the way many modern
        microprocessor designs have implemented speculative
        execution of instructions past bounds check. The flaw
        relies on the presence of a precisely-defined
        instruction sequence in the privileged code and the fact
        that memory writes occur to an address which depends on
        the untrusted value. Such writes cause an update into
        the microprocessor's data cache even for speculatively
        executed instructions that never actually commit
        (retire). As a result, an unprivileged attacker could
        use this flaw to influence speculative execution and/or
        read privileged memory by conducting targeted cache
        side- channel attacks. (CVE-2018-3693)
    
      - A flaw named SegmentSmack was found in the way the Linux
        kernel handled specially crafted TCP packets. A remote
        attacker could use this flaw to trigger time and
        calculation expensive calls to tcp_collapse_ofo_queue()
        and tcp_prune_ofo_queue() functions by sending specially
        modified packets within ongoing TCP sessions which could
        lead to a CPU saturation and hence a denial of service
        on the system. Maintaining the denial of service
        condition requires continuous two-way TCP sessions to a
        reachable open port, thus the attacks cannot be
        performed using spoofed IP addresses. (CVE-2018-5390)
    
      - kernel: crypto: privilege escalation in skcipher_recvmsg
        function (CVE-2017-13215)
    
      - kernel: mm: use-after-free in do_get_mempolicy function
        allows local DoS or other unspecified impact
        (CVE-2018-10675)
    
      - kernel: race condition in snd_seq_write() may lead to
        UAF or OOB access (CVE-2018-7566)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1808&L=scientific-linux-errata&F=&S=&P=847
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e6645d58"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/16");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-3.10.0-862.11.6.el7")) flag++;
    if (rpm_check(release:"SL7", reference:"kernel-abi-whitelists-3.10.0-862.11.6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-862.11.6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-862.11.6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-862.11.6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-862.11.6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-862.11.6.el7")) flag++;
    if (rpm_check(release:"SL7", reference:"kernel-doc-3.10.0-862.11.6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-862.11.6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-862.11.6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-862.11.6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-862.11.6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-862.11.6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-3.10.0-862.11.6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-862.11.6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-3.10.0-862.11.6.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-862.11.6.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-2164.NASL
    descriptionFrom Red Hat Security Advisory 2018:2164 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id110996
    published2018-07-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110996
    titleOracle Linux 6 : kernel (ELSA-2018-2164) (Spectre)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2018:2164 and 
    # Oracle Linux Security Advisory ELSA-2018-2164 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110996);
      script_version("1.7");
      script_cvs_date("Date: 2019/09/27 13:00:38");
    
      script_cve_id("CVE-2018-10675", "CVE-2018-10872", "CVE-2018-3639", "CVE-2018-3665");
      script_xref(name:"RHSA", value:"2018:2164");
    
      script_name(english:"Oracle Linux 6 : kernel (ELSA-2018-2164) (Spectre)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2018:2164 :
    
    An update for kernel is now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * An industry-wide issue was found in the way many modern
    microprocessor designs have implemented speculative execution of Load
    & Store instructions (a commonly used performance optimization). It
    relies on the presence of a precisely-defined instruction sequence in
    the privileged code as well as the fact that memory read from address
    to which a recent memory write has occurred may see an older value and
    subsequently cause an update into the microprocessor's data cache even
    for speculatively executed instructions that never actually commit
    (retire). As a result, an unprivileged attacker could use this flaw to
    read privileged memory by conducting targeted cache side-channel
    attacks. (CVE-2018-3639, x86 AMD)
    
    * kernel: Use-after-free vulnerability in
    mm/mempolicy.c:do_get_mempolicy function allows local denial of
    service or other unspecified impact (CVE-2018-10675)
    
    * Kernel: FPU state information leakage via lazy FPU restore
    (CVE-2018-3665)
    
    * kernel: error in exception handling leads to DoS (CVE-2018-8897
    regression) (CVE-2018-10872)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Red Hat would like to thank Ken Johnson (Microsoft Security Response
    Center) and Jann Horn (Google Project Zero) for reporting
    CVE-2018-3639 and Julian Stecklina (Amazon.de), Thomas Prescher
    (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting
    CVE-2018-3665.
    
    Bug Fix(es) :
    
    * Previously, microcode updates on 32 and 64-bit AMD and Intel
    architectures were not synchronized. As a consequence, it was not
    possible to apply the microcode updates. This fix adds the
    synchronization to the microcode updates so that processors of the
    stated architectures receive updates at the same time. As a result,
    microcode updates are now synchronized. (BZ# 1574592)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2018-July/007874.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/07/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/11");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-10675", "CVE-2018-10872", "CVE-2018-3639", "CVE-2018-3665");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2018-2164");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.6";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL6", rpm:"kernel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-2.6.32-754.2.1.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-abi-whitelists-2.6.32") && rpm_check(release:"EL6", reference:"kernel-abi-whitelists-2.6.32-754.2.1.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-debug-2.6.32") && rpm_check(release:"EL6", reference:"kernel-debug-2.6.32-754.2.1.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-debug-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-debug-devel-2.6.32-754.2.1.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-devel-2.6.32-754.2.1.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-doc-2.6.32") && rpm_check(release:"EL6", reference:"kernel-doc-2.6.32-754.2.1.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-firmware-2.6.32") && rpm_check(release:"EL6", reference:"kernel-firmware-2.6.32-754.2.1.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-headers-2.6.32") && rpm_check(release:"EL6", reference:"kernel-headers-2.6.32-754.2.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"perf-2.6.32-754.2.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"python-perf-2.6.32-754.2.1.el6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1023.NASL
    descriptionA weakness was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id110197
    published2018-05-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110197
    titleAmazon Linux AMI : kernel (ALAS-2018-1023)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2018-1023.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110197);
      script_version("1.7");
      script_cvs_date("Date: 2019/07/10 16:04:12");
    
      script_cve_id("CVE-2017-13215", "CVE-2017-16939", "CVE-2018-1000199", "CVE-2018-10675", "CVE-2018-1068", "CVE-2018-1087", "CVE-2018-10901", "CVE-2018-1091", "CVE-2018-1108", "CVE-2018-7995", "CVE-2018-8897");
      script_xref(name:"ALAS", value:"2018-1023");
    
      script_name(english:"Amazon Linux AMI : kernel (ALAS-2018-1023)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A weakness was found in the Linux kernel's implementation of random
    seed data. Programs, early in the boot sequence, could use the data
    allocated for the seed before it was sufficiently generated.
    (CVE-2018-1108)
    
    A flaw was found in the way the Linux kernel handled exceptions
    delivered after a stack switch operation via Mov SS or Pop SS
    instructions. During the stack switch operation, the processor did not
    deliver interrupts and exceptions, rather they are delivered once the
    first instruction after the stack switch is executed. An unprivileged
    system user could use this flaw to crash the system kernel resulting
    in the denial of service. (CVE-2018-8897)
    
    A flaw was found in the Linux kernel's implementation of 32-bit
    syscall interface for bridging. This allowed a privileged user to
    arbitrarily write to a limited range of kernel memory. (CVE-2018-1068)
    
    The Linux kernel is vulerable to a use-after-free flaw when
    Transformation User configuration interface(CONFIG_XFRM_USER)
    compile-time configuration were enabled. This vulnerability occurs
    while closing a xfrm netlink socket in xfrm_dump_policy_done. A
    user/process could abuse this flaw to potentially escalate their
    privileges on a system. (CVE-2017-16939)
    
    A flaw was found in the Linux kernel where a crash can be triggered
    from unprivileged userspace during core dump on a POWER system with a
    certain configuration. This is due to a missing processor feature
    check and an erroneous use of transactional memory (TM) instructions
    in the core dump path leading to a denial of service.(CVE-2018-1091)
    
    An address corruption flaw was discovered in the Linux kernel built
    with hardware breakpoint (CONFIG_HAVE_HW_BREAKPOINT) support. While
    modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an
    unprivileged user/process could use this flaw to crash the system
    kernel resulting in DoS OR to potentially escalate privileges on a the
    system.(CVE-2018-1000199)
    
    A flaw was found in the way the Linux kernel's KVM hypervisor handled
    exceptions delivered after a stack switch operation via Mov SS or Pop
    SS instructions. During the stack switch operation, the processor did
    not deliver interrupts and exceptions, rather they are delivered once
    the first instruction after the stack switch is executed. An
    unprivileged KVM guest user could use this flaw to crash the guest or,
    potentially, escalate their privileges in the guest.(CVE-2018-1087)
    
    A flaw was found in the Linux kernel's skcipher component, which
    affects the skcipher_recvmsg function. Attackers using a specific
    input can lead to a privilege escalation.(CVE-2017-13215)
    
    The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel
    allows local users to hit a use-after-free bug via crafted system
    calls and thus cause a denial of service (DoS) or possibly have
    unspecified other impact. Due to the nature of the flaw, privilege
    escalation cannot be fully ruled out.(CVE-2018-10675)
    
    A flaw was found in Linux kernel's KVM virtualization subsystem. The
    VMX code does not restore the GDT.LIMIT to the previous host value,
    but instead sets it to 64KB. With a corrupted GDT limit a host's
    userspace code has an ability to place malicious entries in the GDT,
    particularly to the per-cpu variables. An attacker can use this to
    escalate their privileges.(CVE-2018-10901)
    
    A race condition in the store_int_with_restart() function in
    arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel allows local
    users to cause a denial of service (panic) by leveraging root access
    to write to the check_interval file in a
    /sys/devices/system/machinecheck/machinecheck<cpu number> directory.
    (CVE-2018-7995)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2018-1023.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Run 'yum update kernel' then reboot the instance to update your
    system."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/01/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"kernel-4.14.42-52.37.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-debuginfo-4.14.42-52.37.amzn1")) flag++;
    if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-4.14.42-52.37.amzn1")) flag++;
    if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.14.42-52.37.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-devel-4.14.42-52.37.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-headers-4.14.42-52.37.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-4.14.42-52.37.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-4.14.42-52.37.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-devel-4.14.42-52.37.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"perf-4.14.42-52.37.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"perf-debuginfo-4.14.42-52.37.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0143_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities: - A flaw was found in the Linux kernel
    last seen2020-03-18
    modified2019-08-12
    plugin id127408
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127408
    titleNewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0143)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0143. The text
    # itself is copyright (C) ZTE, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(127408);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20");
    
      script_cve_id(
        "CVE-2016-9555",
        "CVE-2017-5753",
        "CVE-2017-5754",
        "CVE-2017-7308",
        "CVE-2017-8824",
        "CVE-2017-13166",
        "CVE-2017-1000112",
        "CVE-2018-3639",
        "CVE-2018-3693",
        "CVE-2018-5390",
        "CVE-2018-5391",
        "CVE-2018-10675",
        "CVE-2018-10901",
        "CVE-2018-14634"
      );
      script_bugtraq_id(
        102371,
        102378,
        104976,
        105407,
        106128
      );
    
      script_name(english:"NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0143)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple
    vulnerabilities:
    
      - A flaw was found in the Linux kernel's implementation of
        the SCTP protocol. A remote attacker could trigger an
        out-of-bounds read with an offset of up to 64kB
        potentially causing the system to crash. (CVE-2016-9555)
    
      - An exploitable memory corruption flaw was found in the
        Linux kernel. The append path can be erroneously
        switched from UFO to non-UFO in ip_ufo_append_data()
        when building an UFO packet with MSG_MORE option. If
        unprivileged user namespaces are available, this flaw
        can be exploited to gain root privileges.
        (CVE-2017-1000112)
    
      - A bug in the 32-bit compatibility layer of the ioctl
        handling code of the v4l2 video driver in the Linux
        kernel has been found. A memory protection mechanism
        ensuring that user-provided buffers always point to a
        userspace memory were disabled, allowing destination
        address to be in a kernel space. This flaw could be
        exploited by an attacker to overwrite a kernel memory
        from an unprivileged userspace process, leading to
        privilege escalation. (CVE-2017-13166)
    
      - An industry-wide issue was found in the way many modern
        microprocessor designs have implemented speculative
        execution of instructions (a commonly used performance
        optimization). There are three primary variants of the
        issue which differ in the way the speculative execution
        can be exploited. Variant CVE-2017-5753 triggers the
        speculative execution by performing a bounds-check
        bypass. It relies on the presence of a precisely-defined
        instruction sequence in the privileged code as well as
        the fact that memory accesses may cause allocation into
        the microprocessor's data cache even for speculatively
        executed instructions that never actually commit
        (retire). As a result, an unprivileged attacker could
        use this flaw to cross the syscall boundary and read
        privileged memory by conducting targeted cache side-
        channel attacks. (CVE-2017-5753)
    
      - An industry-wide issue was found in the way many modern
        microprocessor designs have implemented speculative
        execution of instructions (a commonly used performance
        optimization). There are three primary variants of the
        issue which differ in the way the speculative execution
        can be exploited. Variant CVE-2017-5754 relies on the
        fact that, on impacted microprocessors, during
        speculative execution of instruction permission faults,
        exception generation triggered by a faulting access is
        suppressed until the retirement of the whole instruction
        block. In a combination with the fact that memory
        accesses may populate the cache even when the block is
        being dropped and never committed (executed), an
        unprivileged local attacker could use this flaw to read
        privileged (kernel space) memory by conducting targeted
        cache side-channel attacks. Note: CVE-2017-5754 affects
        Intel x86-64 microprocessors. AMD x86-64 microprocessors
        are not affected by this issue. (CVE-2017-5754)
    
      - It was found that the packet_set_ring() function of the
        Linux kernel's networking implementation did not
        properly validate certain block-size data. A local
        attacker with CAP_NET_RAW capability could use this flaw
        to trigger a buffer overflow resulting in a system crash
        or a privilege escalation. (CVE-2017-7308)
    
      - A use-after-free vulnerability was found in DCCP socket
        code affecting the Linux kernel since 2.6.16. This
        vulnerability could allow an attacker to their escalate
        privileges. (CVE-2017-8824)
    
      - The do_get_mempolicy() function in mm/mempolicy.c in the
        Linux kernel allows local users to hit a use-after-free
        bug via crafted system calls and thus cause a denial of
        service (DoS) or possibly have unspecified other impact.
        Due to the nature of the flaw, privilege escalation
        cannot be fully ruled out. (CVE-2018-10675)
    
      - A flaw was found in Linux kernel's KVM virtualization
        subsystem. The VMX code does not restore the GDT.LIMIT
        to the previous host value, but instead sets it to 64KB.
        With a corrupted GDT limit a host's userspace code has
        an ability to place malicious entries in the GDT,
        particularly to the per-cpu variables. An attacker can
        use this to escalate their privileges. (CVE-2018-10901)
    
      - An integer overflow flaw was found in the Linux kernel's
        create_elf_tables() function. An unprivileged local user
        with access to SUID (or otherwise privileged) binary
        could use this flaw to escalate their privileges on the
        system. (CVE-2018-14634)
    
      - An industry-wide issue was found in the way many modern
        microprocessor designs have implemented speculative
        execution of Load & Store instructions (a commonly used
        performance optimization). It relies on the presence of
        a precisely-defined instruction sequence in the
        privileged code as well as the fact that memory read
        from address to which a recent memory write has occurred
        may see an older value and subsequently cause an update
        into the microprocessor's data cache even for
        speculatively executed instructions that never actually
        commit (retire). As a result, an unprivileged attacker
        could use this flaw to read privileged memory by
        conducting targeted cache side-channel attacks.
        (CVE-2018-3639)
    
      - An industry-wide issue was found in the way many modern
        microprocessor designs have implemented speculative
        execution of instructions past bounds check. The flaw
        relies on the presence of a precisely-defined
        instruction sequence in the privileged code and the fact
        that memory writes occur to an address which depends on
        the untrusted value. Such writes cause an update into
        the microprocessor's data cache even for speculatively
        executed instructions that never actually commit
        (retire). As a result, an unprivileged attacker could
        use this flaw to influence speculative execution and/or
        read privileged memory by conducting targeted cache
        side-channel attacks. (CVE-2018-3693)
    
      - A flaw named SegmentSmack was found in the way the Linux
        kernel handled specially crafted TCP packets. A remote
        attacker could use this flaw to trigger time and
        calculation expensive calls to tcp_collapse_ofo_queue()
        and tcp_prune_ofo_queue() functions by sending specially
        modified packets within ongoing TCP sessions which could
        lead to a CPU saturation and hence a denial of service
        on the system. Maintaining the denial of service
        condition requires continuous two-way TCP sessions to a
        reachable open port, thus the attacks cannot be
        performed using spoofed IP addresses. (CVE-2018-5390)
    
      - A flaw named FragmentSmack was found in the way the
        Linux kernel handled reassembly of fragmented IPv4 and
        IPv6 packets. A remote attacker could use this flaw to
        trigger time and calculation expensive fragment
        reassembly algorithm by sending specially crafted
        packets which could lead to a CPU saturation and hence a
        denial of service on the system. (CVE-2018-5391)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0143");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for
    more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-9555");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'AF_PACKET packet_set_ring Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL MAIN 4.05")
      audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL MAIN 4.05": [
        "kernel-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-abi-whitelists-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-debug-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-debug-debuginfo-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-debug-devel-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-debuginfo-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-debuginfo-common-x86_64-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-devel-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-doc-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-firmware-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-headers-2.6.32-642.13.1.el6.cgsl7763",
        "perf-2.6.32-642.13.1.el6.cgsl7763",
        "perf-debuginfo-2.6.32-642.13.1.el6.cgsl7763",
        "python-perf-2.6.32-642.13.1.el6.cgsl7763",
        "python-perf-debuginfo-2.6.32-642.13.1.el6.cgsl7763"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180710_KERNEL_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load &amp; Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-03-18
    modified2018-07-11
    plugin id111002
    published2018-07-11
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111002
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180710) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2785.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390 and CVE-2018-5391. Bug Fix(es) : * On systems running Red Hat Enterprise Linux 7 with Red Hat OpenShift Container Platform 3.5, a node sometimes got into
    last seen2020-06-01
    modified2020-06-02
    plugin id117781
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117781
    titleRHEL 7 : kernel (RHSA-2018:2785)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1132.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access.(CVE-2018-7566) - The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2018-10675) - The Linux kernel has an undefined behavior when an argument of INT_MIN is passed to the kernel/signal.c:kill_something_info() function. A local attacker may be able to exploit this to cause a denial of service.(CVE-2018-10124) - A an integer overflow vulnerability was discovered in the Linux kernel, from version 3.4 through 4.15, in the drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An attacker with access to the udldrmfb driver could exploit this to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.(CVE-2018-8781) - The code in the drivers/scsi/libsas/sas_scsi_host.c file in the Linux kernel allow a physically proximate attacker to cause a memory leak in the ATA command queue and, thus, denial of service by triggering certain failure conditions.(CVE-2018-10021) - A flaw was found in the Linux kernel
    last seen2020-06-10
    modified2018-05-29
    plugin id110136
    published2018-05-29
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110136
    titleEulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1132)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2384.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111727
    published2018-08-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111727
    titleRHEL 7 : kernel (RHSA-2018:2384) (Foreshadow)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4214.NASL
    descriptionDescription of changes: [2.6.39-400.301.1.el6uek] - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28505519] {CVE-2018-3620} - mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id117513
    published2018-09-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117513
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4214) (Foreshadow)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3754-1.NASL
    descriptionRalf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service (system crash). (CVE-2016-10208) It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses). (CVE-2017-11472) It was discovered that a buffer overflow existed in the ACPI table parsing implementation in the Linux kernel. A local attacker could use this to construct a malicious ACPI table that, when loaded, caused a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11473) It was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14991) It was discovered that a race condition existed in the packet fanout implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15649) Andrey Konovalov discovered that the Ultra Wide Band driver in the Linux kernel did not properly check for an error condition. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16526) Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16527) Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel did not properly validate USB audio buffer descriptors. A physically proximate attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16529) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB interface association descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16531) Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB HID descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16533) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB BOS metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16535) Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536) Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537) It was discovered that the DM04/QQBOX USB driver in the Linux kernel did not properly handle device attachment and warm-start. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16538) Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16643) Andrey Konovalov discovered that the video4linux driver for Hauppauge HD PVR USB devices in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16644) Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650) It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911) It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912) It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913) It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16914) It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558) It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18255) It was discovered that the keyring subsystem in the Linux kernel did not properly prevent a user from creating keyrings for other users. A local attacker could use this cause a denial of service or expose sensitive information. (CVE-2017-18270) Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS. (CVE-2017-2583) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory). (CVE-2017-2584) It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549) Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897) Andrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-6345) Dmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348) Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm. (CVE-2017-7518) Tuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645) Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV Decoder driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8831) Pengfei Wang discovered that the Turtle Beach MultiSound audio device driver in the Linux kernel contained race conditions when fetching from the ring-buffer. A local attacker could use this to cause a denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985) It was discovered that the wait4() system call in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10087) It was discovered that the kill() system call implementation in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10124) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323) Zhong Jiang discovered that a use-after-free vulnerability existed in the NUMA memory policy implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10675) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. (CVE-2018-1092) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1093) It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940) Shankara Pailoor discovered that the JFS filesystem implementation in the Linux kernel contained a buffer overflow when handling extended attributes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-12233) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly handle an error condition with a corrupted xfs image. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13094) It was discovered that the Linux kernel did not properly handle setgid file creation when performed by a non-member of the group. A local attacker could use this to gain elevated privileges. (CVE-2018-13405) Silvio Cesare discovered that the generic VESA frame buffer driver in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-13406) Daniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-2671) It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-1000204) It was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id112113
    published2018-08-24
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112113
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-3754-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3586.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id119112
    published2018-11-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119112
    titleRHEL 6 : MRG (RHSA-2018:3586)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1375-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using
    last seen2020-06-01
    modified2020-06-02
    plugin id110040
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110040
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:1375-1) (Spectre)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0025_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - The xfrm_migrate() function in the net/xfrm/xfrm_policy.c file in the Linux kernel built with CONFIG_XFRM_MIGRATE does not verify if the dir parameter is less than XFRM_POLICY_MAX. This allows a local attacker to cause a denial of service (out-of- bounds access) or possibly have unspecified other impact by sending a XFRM_MSG_MIGRATE netlink message. This flaw is present in the Linux kernel since an introduction of XFRM_MSG_MIGRATE in 2.6.21-rc1, up to 4.13-rc3. (CVE-2017-11600) - A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127185
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127185
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0025)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1376-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using
    last seen2020-06-01
    modified2020-06-02
    plugin id110041
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110041
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2018:1376-1) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1374-1.NASL
    descriptionThe SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive several security fixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using
    last seen2020-06-01
    modified2020-06-02
    plugin id110039
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110039
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:1374-1) (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-2164.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111077
    published2018-07-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111077
    titleCentOS 6 : kernel (CESA-2018:2164) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2164.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111001
    published2018-07-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111001
    titleRHEL 6 : kernel (RHSA-2018:2164) (Spectre)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2018-041.NASL
    descriptionAccording to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - The do_get_mempolicy() function in
    last seen2020-06-01
    modified2020-06-02
    plugin id110694
    published2018-06-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110694
    titleVirtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-041)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4211.NASL
    descriptionDescription of changes: kernel-uek [3.8.13-118.24.1.el7uek] - mm/mempolicy: fix use after free when calling get_mempolicy (zhong jiang) [Orabug: 28022108] {CVE-2018-10675} - Fix up non-directory creation in SGID directories (Linus Torvalds) [Orabug: 28459478] {CVE-2018-13405} - ALSA: seq: Make ioctls race-free (Takashi Iwai) [Orabug: 28459729] {CVE-2018-7566} - ALSA: seq: Fix racy pool initializations (Takashi Iwai) [Orabug: 28459729] {CVE-2018-7566} - posix-timer: Properly check sigevent->sigev_notify (Thomas Gleixner) [Orabug: 28481409] {CVE-2017-18344}
    last seen2020-06-01
    modified2020-06-02
    plugin id117446
    published2018-09-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117446
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4211)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2395.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111736
    published2018-08-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111736
    titleRHEL 7 : kernel-rt (RHSA-2018:2395) (Foreshadow)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2924.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id118163
    published2018-10-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118163
    titleRHEL 6 : kernel (RHSA-2018:2924)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2791.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390 and CVE-2018-5391. Bug Fix(es) : * After updating the system to prevent the L1 Terminal Fault (L1TF) vulnerability, only one thread was detected on systems that offer processing of two threads on a single processor core. With this update, the
    last seen2020-06-01
    modified2020-06-02
    plugin id117783
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117783
    titleRHEL 6 : kernel (RHSA-2018:2791)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0028_KERNEL-RT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. (CVE-2015-2041) - net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. (CVE-2015-2042) - The xfrm_migrate() function in the net/xfrm/xfrm_policy.c file in the Linux kernel built with CONFIG_XFRM_MIGRATE does not verify if the dir parameter is less than XFRM_POLICY_MAX. This allows a local attacker to cause a denial of service (out-of- bounds access) or possibly have unspecified other impact by sending a XFRM_MSG_MIGRATE netlink message. This flaw is present in the Linux kernel since an introduction of XFRM_MSG_MIGRATE in 2.6.21-rc1, up to 4.13-rc3. (CVE-2017-11600) - A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127192
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127192
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0028)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-994.NASL
    descriptionRace condition in the store_int_with_restart() function in cpu/mcheck/mce.c : A race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. (CVE-2018-7995) Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c : A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id109177
    published2018-04-20
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109177
    titleAmazon Linux 2 : kernel (ALAS-2018-994)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4114.NASL
    descriptionDescription of changes: [4.1.12-124.15.2.el7uek] - KVM: SVM: Move spec control call after restore of GS (Thomas Gleixner) {CVE-2018-3639} - x86/bugs: Fix the parameters alignment and missing void (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Make cpu_show_common() static (Jiri Kosina) {CVE-2018-3639} - x86/bugs: Fix __ssb_select_mitigation() return type (Jiri Kosina) {CVE-2018-3639} - Documentation/spec_ctrl: Do some minor cleanups (Borislav Petkov) {CVE-2018-3639} - proc: Use underscores for SSBD in
    last seen2020-06-01
    modified2020-06-02
    plugin id110071
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110071
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4114) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2933.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id118165
    published2018-10-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118165
    titleRHEL 6 : kernel (RHSA-2018:2933)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_SPACE_JSA10917_183R1.NASL
    descriptionAccording to its self-reported version number, the remote Junos Space version is prior to 18.3R1. It is, therefore, affected by multiple vulnerabilities: - A use after free vulnerability exists in the do_get_mempolicy function. An local attacker can exploit this to cause a denial of service condition. (CVE-2018-10675) - A malicious authenticated user may be able to delete a device from the Junos Space database without the privileges through crafted Ajax interactions from another legitimate delete action performed by an administrative user. (CVE-2019-0016) - A flaw in validity checking of image files uploaded to Junos Space could allow an attacker to upload malicious scripts or images. (CVE-2019-0017) Additionally, Junos Space is affected by several other vulnerabilities exist as noted in the vendor advisory. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id121067
    published2019-01-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121067
    titleJuniper Junos Space < 18.3R1 Multiple Vulnerabilities (JSA10917)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1368-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using
    last seen2020-06-01
    modified2020-06-02
    plugin id110035
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110035
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2018:1368-1) (Spectre)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0223.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - KVM: SVM: Move spec control call after restore of GS (Thomas Gleixner) (CVE-2018-3639) - x86/bugs: Fix the parameters alignment and missing void (Konrad Rzeszutek Wilk) (CVE-2018-3639) - x86/bugs: Make cpu_show_common static (Jiri Kosina) (CVE-2018-3639) - x86/bugs: Fix __ssb_select_mitigation return type (Jiri Kosina) (CVE-2018-3639) - Documentation/spec_ctrl: Do some minor cleanups (Borislav Petkov) (CVE-2018-3639) - proc: Use underscores for SSBD in
    last seen2020-06-01
    modified2020-06-02
    plugin id110072
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110072
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0223) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3540.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id118946
    published2018-11-14
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118946
    titleRHEL 7 : kernel (RHSA-2018:3540)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2925.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id118164
    published2018-10-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118164
    titleRHEL 6 : kernel (RHSA-2018:2925)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-2384.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111703
    published2018-08-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111703
    titleCentOS 7 : kernel (CESA-2018:2384) (Foreshadow)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1471.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.(CVE-2013-2889i1/4%0 - The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.(CVE-2014-4014i1/4%0 - The function drivers/usb/core/config.c in the Linux kernel, allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.(CVE-2017-16531i1/4%0 - The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call.(CVE-2016-2545i1/4%0 - A flaw was found in the Linux kernel where the deletion of a file or directory could trigger an unmount and reveal data under a mount point. This flaw was inadvertently introduced with the new feature of being able to lazily unmount a mount tree when using file system user namespaces.(CVE-2015-4176i1/4%0 - The do_shmat function in ipc/shm.c in the Linux kernel, through 4.9.12, does not restrict the address calculated by a certain rounding operation. This allows privileged local users to map page zero and, consequently, bypass a protection mechanism that exists for the mmap system call. This is possible by making crafted shmget and shmat system calls in a privileged context.(CVE-2017-5669i1/4%0 - In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel, before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit.(CVE-2017-18218i1/4%0 - The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced.(CVE-2014-0155i1/4%0 - A flaw was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-05-13
    plugin id124795
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124795
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1471)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2353.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):The yam_ioctl function in drivers et/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.(CVE-2014-1446)The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.(CVE-2015-1350)A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.(CVE-2015-8816)In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.(CVE-2015-9289)The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2184)The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2185)The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2186)The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2187)Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.(CVE-2016-2384)The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.(CVE-2016-2782)The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.(CVE-2016-3138)The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3139)The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3140)The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.(CVE-2016-3689)The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.(CVE-2016-4569)sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.(CVE-2016-4578)The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.(CVE-2016-4580)The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.(CVE-2016-7425)The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.(CVE-2017-1000379)In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes(CVE-2017-11089)An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.(CVE-2017-13167)In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.(CVE-2017-13216)A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.(CVE-2017-13305)An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.(CVE-2017-14051)The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.(CVE-2017-18232)An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.(CVE-2017-18509)An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.(CVE-2017-18595)The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.(CVE-2017-7472)The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.(CVE-2018-10087)The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.(CVE-2018-10124)The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.(CVE-2018-10322)The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.(CVE-2018-10675)Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.(CVE-2018-10880)An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.(CVE-2018-12896)An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.(CVE-2018-17972)An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.(CVE-2018-18710 )An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers et/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.(CVE-2018-20511)An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.(CVE-2018-20856)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.(CVE-2018-3693)In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.(CVE-2018-9518 )Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-12-10
    plugin id131845
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131845
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2018-063.NASL
    descriptionAccording to the versions of the OVMF / crit / criu / criu-devel / ksm-vz / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id112206
    published2018-08-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112206
    titleVirtuozzo 7 : OVMF / crit / criu / criu-devel / ksm-vz / etc (VZA-2018-063)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-2384.NASL
    descriptionFrom Red Hat Security Advisory 2018:2384 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id111723
    published2018-08-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111723
    titleOracle Linux 7 : kernel (ELSA-2018-2384) (Foreshadow)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3590.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id118947
    published2018-11-14
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118947
    titleRHEL 7 : kernel (RHSA-2018:3590)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2274.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.(CVE-2017-5754)The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.(CVE-2017-5897)The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.(CVE-2017-7472)A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.(CVE-2017-7518)The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.(CVE-2018-10124)The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.(CVE-2018-1066)The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.(CVE-2018-10675)An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.(CVE-2018-13094)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.(CVE-2018-3693)In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck directory. NOTE: a third party has indicated that this report is not security relevant.(CVE-2018-7995)In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.(CVE-2018-9363)In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.(CVE-2018-9518)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-11-08
    plugin id130736
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130736
    titleEulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1507.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The Linux kernel has an undefined behavior when an argument of INT_MIN is passed to the kernel/signal.c:kill_something_info() function. A local attacker may be able to exploit this to cause a denial of service.(CVE-2018-10124) - The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel can cause a NULL pointer dereference in xfs_ilock_attr_map_shared function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted xfs filesystem image to cause a kernel panic and thus a denial of service.(CVE-2018-10322) - A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id124830
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124830
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1507)

Redhat

advisories
  • rhsa
    idRHSA-2018:2164
  • rhsa
    idRHSA-2018:2384
  • rhsa
    idRHSA-2018:2395
  • rhsa
    idRHSA-2018:2785
  • rhsa
    idRHSA-2018:2791
  • rhsa
    idRHSA-2018:2924
  • rhsa
    idRHSA-2018:2925
  • rhsa
    idRHSA-2018:2933
  • rhsa
    idRHSA-2018:3540
  • rhsa
    idRHSA-2018:3586
  • rhsa
    idRHSA-2018:3590
rpms
  • kernel-0:2.6.32-754.2.1.el6
  • kernel-abi-whitelists-0:2.6.32-754.2.1.el6
  • kernel-bootwrapper-0:2.6.32-754.2.1.el6
  • kernel-debug-0:2.6.32-754.2.1.el6
  • kernel-debug-debuginfo-0:2.6.32-754.2.1.el6
  • kernel-debug-devel-0:2.6.32-754.2.1.el6
  • kernel-debuginfo-0:2.6.32-754.2.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-754.2.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-754.2.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-754.2.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-754.2.1.el6
  • kernel-devel-0:2.6.32-754.2.1.el6
  • kernel-doc-0:2.6.32-754.2.1.el6
  • kernel-firmware-0:2.6.32-754.2.1.el6
  • kernel-headers-0:2.6.32-754.2.1.el6
  • kernel-kdump-0:2.6.32-754.2.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-754.2.1.el6
  • kernel-kdump-devel-0:2.6.32-754.2.1.el6
  • perf-0:2.6.32-754.2.1.el6
  • perf-debuginfo-0:2.6.32-754.2.1.el6
  • python-perf-0:2.6.32-754.2.1.el6
  • python-perf-debuginfo-0:2.6.32-754.2.1.el6
  • kernel-0:3.10.0-862.11.6.el7
  • kernel-abi-whitelists-0:3.10.0-862.11.6.el7
  • kernel-bootwrapper-0:3.10.0-862.11.6.el7
  • kernel-debug-0:3.10.0-862.11.6.el7
  • kernel-debug-debuginfo-0:3.10.0-862.11.6.el7
  • kernel-debug-devel-0:3.10.0-862.11.6.el7
  • kernel-debuginfo-0:3.10.0-862.11.6.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-862.11.6.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-862.11.6.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-862.11.6.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-862.11.6.el7
  • kernel-devel-0:3.10.0-862.11.6.el7
  • kernel-doc-0:3.10.0-862.11.6.el7
  • kernel-headers-0:3.10.0-862.11.6.el7
  • kernel-kdump-0:3.10.0-862.11.6.el7
  • kernel-kdump-debuginfo-0:3.10.0-862.11.6.el7
  • kernel-kdump-devel-0:3.10.0-862.11.6.el7
  • kernel-tools-0:3.10.0-862.11.6.el7
  • kernel-tools-debuginfo-0:3.10.0-862.11.6.el7
  • kernel-tools-libs-0:3.10.0-862.11.6.el7
  • kernel-tools-libs-devel-0:3.10.0-862.11.6.el7
  • perf-0:3.10.0-862.11.6.el7
  • perf-debuginfo-0:3.10.0-862.11.6.el7
  • python-perf-0:3.10.0-862.11.6.el7
  • python-perf-debuginfo-0:3.10.0-862.11.6.el7
  • kernel-rt-0:3.10.0-862.11.6.rt56.819.el7
  • kernel-rt-debug-0:3.10.0-862.11.6.rt56.819.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-862.11.6.rt56.819.el7
  • kernel-rt-debug-devel-0:3.10.0-862.11.6.rt56.819.el7
  • kernel-rt-debug-kvm-0:3.10.0-862.11.6.rt56.819.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-862.11.6.rt56.819.el7
  • kernel-rt-debuginfo-0:3.10.0-862.11.6.rt56.819.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-862.11.6.rt56.819.el7
  • kernel-rt-devel-0:3.10.0-862.11.6.rt56.819.el7
  • kernel-rt-doc-0:3.10.0-862.11.6.rt56.819.el7
  • kernel-rt-kvm-0:3.10.0-862.11.6.rt56.819.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-862.11.6.rt56.819.el7
  • kernel-rt-trace-0:3.10.0-862.11.6.rt56.819.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-862.11.6.rt56.819.el7
  • kernel-rt-trace-devel-0:3.10.0-862.11.6.rt56.819.el7
  • kernel-rt-trace-kvm-0:3.10.0-862.11.6.rt56.819.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-862.11.6.rt56.819.el7
  • kernel-0:3.10.0-514.58.1.el7
  • kernel-abi-whitelists-0:3.10.0-514.58.1.el7
  • kernel-bootwrapper-0:3.10.0-514.58.1.el7
  • kernel-debug-0:3.10.0-514.58.1.el7
  • kernel-debug-debuginfo-0:3.10.0-514.58.1.el7
  • kernel-debug-devel-0:3.10.0-514.58.1.el7
  • kernel-debuginfo-0:3.10.0-514.58.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-514.58.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-514.58.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-514.58.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-514.58.1.el7
  • kernel-devel-0:3.10.0-514.58.1.el7
  • kernel-doc-0:3.10.0-514.58.1.el7
  • kernel-headers-0:3.10.0-514.58.1.el7
  • kernel-kdump-0:3.10.0-514.58.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-514.58.1.el7
  • kernel-kdump-devel-0:3.10.0-514.58.1.el7
  • kernel-tools-0:3.10.0-514.58.1.el7
  • kernel-tools-debuginfo-0:3.10.0-514.58.1.el7
  • kernel-tools-libs-0:3.10.0-514.58.1.el7
  • kernel-tools-libs-devel-0:3.10.0-514.58.1.el7
  • perf-0:3.10.0-514.58.1.el7
  • perf-debuginfo-0:3.10.0-514.58.1.el7
  • python-perf-0:3.10.0-514.58.1.el7
  • python-perf-debuginfo-0:3.10.0-514.58.1.el7
  • kernel-0:2.6.32-358.93.1.el6
  • kernel-debug-0:2.6.32-358.93.1.el6
  • kernel-debug-debuginfo-0:2.6.32-358.93.1.el6
  • kernel-debug-devel-0:2.6.32-358.93.1.el6
  • kernel-debuginfo-0:2.6.32-358.93.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.93.1.el6
  • kernel-devel-0:2.6.32-358.93.1.el6
  • kernel-doc-0:2.6.32-358.93.1.el6
  • kernel-firmware-0:2.6.32-358.93.1.el6
  • kernel-headers-0:2.6.32-358.93.1.el6
  • perf-0:2.6.32-358.93.1.el6
  • perf-debuginfo-0:2.6.32-358.93.1.el6
  • python-perf-0:2.6.32-358.93.1.el6
  • python-perf-debuginfo-0:2.6.32-358.93.1.el6
  • kernel-0:2.6.32-504.76.2.el6
  • kernel-abi-whitelists-0:2.6.32-504.76.2.el6
  • kernel-debug-0:2.6.32-504.76.2.el6
  • kernel-debug-debuginfo-0:2.6.32-504.76.2.el6
  • kernel-debug-devel-0:2.6.32-504.76.2.el6
  • kernel-debuginfo-0:2.6.32-504.76.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-504.76.2.el6
  • kernel-devel-0:2.6.32-504.76.2.el6
  • kernel-doc-0:2.6.32-504.76.2.el6
  • kernel-firmware-0:2.6.32-504.76.2.el6
  • kernel-headers-0:2.6.32-504.76.2.el6
  • perf-0:2.6.32-504.76.2.el6
  • perf-debuginfo-0:2.6.32-504.76.2.el6
  • python-perf-0:2.6.32-504.76.2.el6
  • python-perf-debuginfo-0:2.6.32-504.76.2.el6
  • kernel-0:2.6.32-573.65.2.el6
  • kernel-abi-whitelists-0:2.6.32-573.65.2.el6
  • kernel-bootwrapper-0:2.6.32-573.65.2.el6
  • kernel-debug-0:2.6.32-573.65.2.el6
  • kernel-debug-debuginfo-0:2.6.32-573.65.2.el6
  • kernel-debug-devel-0:2.6.32-573.65.2.el6
  • kernel-debuginfo-0:2.6.32-573.65.2.el6
  • kernel-debuginfo-common-i686-0:2.6.32-573.65.2.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-573.65.2.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-573.65.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-573.65.2.el6
  • kernel-devel-0:2.6.32-573.65.2.el6
  • kernel-doc-0:2.6.32-573.65.2.el6
  • kernel-firmware-0:2.6.32-573.65.2.el6
  • kernel-headers-0:2.6.32-573.65.2.el6
  • kernel-kdump-0:2.6.32-573.65.2.el6
  • kernel-kdump-debuginfo-0:2.6.32-573.65.2.el6
  • kernel-kdump-devel-0:2.6.32-573.65.2.el6
  • perf-0:2.6.32-573.65.2.el6
  • perf-debuginfo-0:2.6.32-573.65.2.el6
  • python-perf-0:2.6.32-573.65.2.el6
  • python-perf-debuginfo-0:2.6.32-573.65.2.el6
  • kernel-0:2.6.32-431.93.2.el6
  • kernel-abi-whitelists-0:2.6.32-431.93.2.el6
  • kernel-debug-0:2.6.32-431.93.2.el6
  • kernel-debug-debuginfo-0:2.6.32-431.93.2.el6
  • kernel-debug-devel-0:2.6.32-431.93.2.el6
  • kernel-debuginfo-0:2.6.32-431.93.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-431.93.2.el6
  • kernel-devel-0:2.6.32-431.93.2.el6
  • kernel-doc-0:2.6.32-431.93.2.el6
  • kernel-firmware-0:2.6.32-431.93.2.el6
  • kernel-headers-0:2.6.32-431.93.2.el6
  • perf-0:2.6.32-431.93.2.el6
  • perf-debuginfo-0:2.6.32-431.93.2.el6
  • python-perf-0:2.6.32-431.93.2.el6
  • python-perf-debuginfo-0:2.6.32-431.93.2.el6
  • kernel-0:3.10.0-693.43.1.el7
  • kernel-abi-whitelists-0:3.10.0-693.43.1.el7
  • kernel-bootwrapper-0:3.10.0-693.43.1.el7
  • kernel-debug-0:3.10.0-693.43.1.el7
  • kernel-debug-debuginfo-0:3.10.0-693.43.1.el7
  • kernel-debug-devel-0:3.10.0-693.43.1.el7
  • kernel-debuginfo-0:3.10.0-693.43.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-693.43.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-693.43.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-693.43.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-693.43.1.el7
  • kernel-devel-0:3.10.0-693.43.1.el7
  • kernel-doc-0:3.10.0-693.43.1.el7
  • kernel-headers-0:3.10.0-693.43.1.el7
  • kernel-kdump-0:3.10.0-693.43.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-693.43.1.el7
  • kernel-kdump-devel-0:3.10.0-693.43.1.el7
  • kernel-tools-0:3.10.0-693.43.1.el7
  • kernel-tools-debuginfo-0:3.10.0-693.43.1.el7
  • kernel-tools-libs-0:3.10.0-693.43.1.el7
  • kernel-tools-libs-devel-0:3.10.0-693.43.1.el7
  • perf-0:3.10.0-693.43.1.el7
  • perf-debuginfo-0:3.10.0-693.43.1.el7
  • python-perf-0:3.10.0-693.43.1.el7
  • python-perf-debuginfo-0:3.10.0-693.43.1.el7
  • kernel-rt-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-debug-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-debug-devel-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-debuginfo-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-devel-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-doc-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-firmware-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-trace-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-trace-devel-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-vanilla-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-0:3.10.0-327.76.1.el7
  • kernel-abi-whitelists-0:3.10.0-327.76.1.el7
  • kernel-debug-0:3.10.0-327.76.1.el7
  • kernel-debug-debuginfo-0:3.10.0-327.76.1.el7
  • kernel-debug-devel-0:3.10.0-327.76.1.el7
  • kernel-debuginfo-0:3.10.0-327.76.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-327.76.1.el7
  • kernel-devel-0:3.10.0-327.76.1.el7
  • kernel-doc-0:3.10.0-327.76.1.el7
  • kernel-headers-0:3.10.0-327.76.1.el7
  • kernel-tools-0:3.10.0-327.76.1.el7
  • kernel-tools-debuginfo-0:3.10.0-327.76.1.el7
  • kernel-tools-libs-0:3.10.0-327.76.1.el7
  • kernel-tools-libs-devel-0:3.10.0-327.76.1.el7
  • perf-0:3.10.0-327.76.1.el7
  • perf-debuginfo-0:3.10.0-327.76.1.el7
  • python-perf-0:3.10.0-327.76.1.el7
  • python-perf-debuginfo-0:3.10.0-327.76.1.el7

References