Vulnerabilities > CVE-2018-1068 - Out-of-bounds Write vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-1318.NASL description From Red Hat Security Advisory 2018:1318 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087) * Kernel: error in exception handling leads to DoS (CVE-2018-8897) * Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939) * kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068) * kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199) * kernel: guest kernel crash during core dump on POWER9 host (CVE-2018-1091) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Andy Lutomirski for reporting CVE-2018-1087 and CVE-2018-1000199 and Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897. Bug Fix(es) : These updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article: https://access.redhat.com/ articles/3431641 last seen 2020-06-01 modified 2020-06-02 plugin id 109665 published 2018-05-10 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109665 title Oracle Linux 7 : kernel (ELSA-2018-1318) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:1318 and # Oracle Linux Security Advisory ELSA-2018-1318 respectively. # include("compat.inc"); if (description) { script_id(109665); script_version("1.8"); script_cvs_date("Date: 2019/09/27 13:00:38"); script_cve_id("CVE-2017-16939", "CVE-2018-1000199", "CVE-2018-1068", "CVE-2018-1087", "CVE-2018-1091", "CVE-2018-8897"); script_xref(name:"RHSA", value:"2018:1318"); script_name(english:"Oracle Linux 7 : kernel (ELSA-2018-1318)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2018:1318 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087) * Kernel: error in exception handling leads to DoS (CVE-2018-8897) * Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939) * kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068) * kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199) * kernel: guest kernel crash during core dump on POWER9 host (CVE-2018-1091) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Andy Lutomirski for reporting CVE-2018-1087 and CVE-2018-1000199 and Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897. Bug Fix(es) : These updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article: https://access.redhat.com/ articles/3431641" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2018-May/007683.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/24"); script_set_attribute(attribute:"patch_publication_date", value:"2018/05/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2017-16939", "CVE-2018-1000199", "CVE-2018-1068", "CVE-2018-1087", "CVE-2018-1091", "CVE-2018-8897"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2018-1318"); } else { __rpm_report = ksplice_reporting_text(); } } kernel_major_minor = get_kb_item("Host/uname/major_minor"); if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level."); expected_kernel_major_minor = "3.10"; if (kernel_major_minor != expected_kernel_major_minor) audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor); flag = 0; if (rpm_exists(release:"EL7", rpm:"kernel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-3.10.0-862.2.3.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-abi-whitelists-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-862.2.3.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-debug-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-862.2.3.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-debug-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-862.2.3.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-862.2.3.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-doc-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-doc-3.10.0-862.2.3.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-headers-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-862.2.3.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-tools-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-862.2.3.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-862.2.3.el7")) flag++; if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"perf-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"python-perf-3.10.0-862.2.3.el7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1005-1.NASL description This update for the Linux Kernel 3.12.74-60_64_57 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109254 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109254 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1005-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:1005-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(109254); script_version("1.4"); script_cvs_date("Date: 2019/09/10 13:51:47"); script_cve_id("CVE-2017-13166", "CVE-2018-1000004", "CVE-2018-1068", "CVE-2018-7566"); script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1005-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for the Linux Kernel 3.12.74-60_64_57 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1076017" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083488" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085114" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085447" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-13166/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1000004/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1068/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7566/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20181005-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c4edce14" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-690=1 SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-690=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_57-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_57-xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_57-default-7-2.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_57-xen-7-2.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1014-1.NASL description This update for the Linux Kernel 3.12.74-60_64_60 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109262 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109262 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1014-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:1014-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(109262); script_version("1.4"); script_cvs_date("Date: 2019/09/10 13:51:47"); script_cve_id("CVE-2017-13166", "CVE-2018-1000004", "CVE-2018-1068", "CVE-2018-7566"); script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1014-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for the Linux Kernel 3.12.74-60_64_60 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1076017" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083488" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085114" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085447" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-13166/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1000004/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1068/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7566/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20181014-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d3d70814" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-691=1 SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-691=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_60-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_60-xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_60-default-6-2.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_60-xen-6-2.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0999-1.NASL description This update for the Linux Kernel 3.12.61-52_77 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109249 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109249 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0999-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:0999-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(109249); script_version("1.4"); script_cvs_date("Date: 2019/09/10 13:51:47"); script_cve_id("CVE-2017-13166", "CVE-2018-1000004", "CVE-2018-1068", "CVE-2018-7566"); script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0999-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for the Linux Kernel 3.12.61-52_77 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1076017" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083488" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085114" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085447" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-13166/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1000004/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1068/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7566/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20180999-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a0390f74" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-2018-702=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_77-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_77-xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kgraft-patch-3_12_61-52_77-default-9-2.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kgraft-patch-3_12_61-52_77-xen-9-2.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1023.NASL description A weakness was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 110197 published 2018-05-30 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110197 title Amazon Linux AMI : kernel (ALAS-2018-1023) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2018-1023. # include("compat.inc"); if (description) { script_id(110197); script_version("1.7"); script_cvs_date("Date: 2019/07/10 16:04:12"); script_cve_id("CVE-2017-13215", "CVE-2017-16939", "CVE-2018-1000199", "CVE-2018-10675", "CVE-2018-1068", "CVE-2018-1087", "CVE-2018-10901", "CVE-2018-1091", "CVE-2018-1108", "CVE-2018-7995", "CVE-2018-8897"); script_xref(name:"ALAS", value:"2018-1023"); script_name(english:"Amazon Linux AMI : kernel (ALAS-2018-1023)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "A weakness was found in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. (CVE-2018-1108) A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in the denial of service. (CVE-2018-8897) A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. (CVE-2018-1068) The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interface(CONFIG_XFRM_USER) compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrm_dump_policy_done. A user/process could abuse this flaw to potentially escalate their privileges on a system. (CVE-2017-16939) A flaw was found in the Linux kernel where a crash can be triggered from unprivileged userspace during core dump on a POWER system with a certain configuration. This is due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path leading to a denial of service.(CVE-2018-1091) An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system.(CVE-2018-1000199) A flaw was found in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.(CVE-2018-1087) A flaw was found in the Linux kernel's skcipher component, which affects the skcipher_recvmsg function. Attackers using a specific input can lead to a privilege escalation.(CVE-2017-13215) The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2018-10675) A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.(CVE-2018-10901) A race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. (CVE-2018-7995)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2018-1023.html" ); script_set_attribute( attribute:"solution", value: "Run 'yum update kernel' then reboot the instance to update your system." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/24"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"kernel-4.14.42-52.37.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"kernel-debuginfo-4.14.42-52.37.amzn1")) flag++; if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-4.14.42-52.37.amzn1")) flag++; if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.14.42-52.37.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"kernel-devel-4.14.42-52.37.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"kernel-headers-4.14.42-52.37.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"kernel-tools-4.14.42-52.37.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-4.14.42-52.37.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"kernel-tools-devel-4.14.42-52.37.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perf-4.14.42-52.37.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perf-debuginfo-4.14.42-52.37.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0786-1.NASL description The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.120 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-13166: An elevation of privilege vulnerability in the v4l2 video driver. (bnc#1072865). - CVE-2017-15951: The KEYS subsystem did not correctly synchronize the actions of updating versus finding a key in the last seen 2020-06-01 modified 2020-06-02 plugin id 108649 published 2018-03-27 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108649 title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0786-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:0786-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(108649); script_version("1.5"); script_cvs_date("Date: 2019/09/10 13:51:47"); script_cve_id("CVE-2017-13166", "CVE-2017-15951", "CVE-2017-16644", "CVE-2017-16912", "CVE-2017-16913", "CVE-2017-17975", "CVE-2017-18174", "CVE-2017-18208", "CVE-2018-1000026", "CVE-2018-1068", "CVE-2018-8087"); script_name(english:"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0786-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.120 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-13166: An elevation of privilege vulnerability in the v4l2 video driver. (bnc#1072865). - CVE-2017-15951: The KEYS subsystem did not correctly synchronize the actions of updating versus finding a key in the 'negative' state to avoid a race condition, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls (bnc#1062840 bnc#1065615). - CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2017-16912: The 'get_pipe()' function (drivers/usb/usbip/stub_rx.c) allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673). - CVE-2017-16913: The 'stub_recv_cmd_submit()' function (drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672). - CVE-2017-17975: Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c allowed attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure (bnc#1074426). - CVE-2017-18174: The amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free (bnc#1080533). - CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2018-1000026: A insufficient input validation vulnerability in bnx2x network card driver could result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM. (bnc#1079384). - CVE-2018-8087: Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c allowed local users to cause a denial of service (memory consumption) by triggering an out-of-array error case (bnc#1085053). - CVE-2018-1068: Insufficient user provided offset checking in the ebtables compat code allowed local attackers to overwrite kernel memory and potentially execute code. (bsc#1085107) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1006867" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1015342" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1015343" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1020645" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1022607" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1024376" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1027054" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1031717" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1033587" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1034503" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1042286" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1043441" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1043725" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1043726" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1062840" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1065615" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1066223" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1067118" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1068032" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1068569" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1069135" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1070404" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1071306" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1071892" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1072363" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1072689" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1072739" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1072865" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1073401" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1073407" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1074198" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1074426" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1075087" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1076282" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1076693" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1076760" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1076982" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1077241" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1077285" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1077513" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1077560" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1077779" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1078583" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1078672" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1078673" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1078787" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1079029" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1079038" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1079195" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1079313" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1079384" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1079609" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1079886" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1079989" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1080014" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1080263" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1080321" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1080344" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1080364" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1080384" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1080464" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1080533" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1080656" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1080774" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1080813" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1080851" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1081134" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1081431" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1081436" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1081437" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1081491" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1081498" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1081500" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1081512" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1081514" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1081681" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1081735" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1082089" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1082223" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1082299" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1082373" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1082478" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1082632" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1082795" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1082864" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1082897" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1082979" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1082993" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083048" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083086" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083223" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083387" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083409" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083494" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083548" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083750" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083770" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1084041" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1084397" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1084427" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1084610" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1084772" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1084888" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1084926" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1084928" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1084967" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085011" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085015" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085045" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085047" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085050" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085053" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085054" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085056" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085107" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085224" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085239" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=863764" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=966170" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=966172" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=966328" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=969476" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=969477" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=975772" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=983145" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-13166/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-15951/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-16644/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-16912/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-16913/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-17975/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-18174/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-18208/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1000026/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1068/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-8087/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20180786-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4c0c8a30" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch SUSE-SLE-WE-12-SP3-2018-534=1 SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-534=1 SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-534=1 SUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-534=1 SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch SUSE-SLE-HA-12-SP3-2018-534=1 SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-534=1 SUSE CaaS Platform ALL : To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/28"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"3", cpu:"s390x", reference:"kernel-default-man-4.4.120-94.17.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-4.4.120-94.17.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-4.4.120-94.17.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-debuginfo-4.4.120-94.17.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debuginfo-4.4.120-94.17.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debugsource-4.4.120-94.17.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-devel-4.4.120-94.17.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-syms-4.4.120-94.17.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-4.4.120-94.17.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-debuginfo-4.4.120-94.17.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-debugsource-4.4.120-94.17.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-devel-4.4.120-94.17.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-4.4.120-94.17.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-debuginfo-4.4.120-94.17.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-syms-4.4.120-94.17.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1026-1.NASL description This update for the Linux Kernel 3.12.74-60_64_82 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: The Linux kernel had a buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109270 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109270 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1026-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:1026-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(109270); script_version("1.4"); script_cvs_date("Date: 2019/09/10 13:51:47"); script_cve_id("CVE-2017-13166", "CVE-2018-1068", "CVE-2018-7566"); script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1026-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for the Linux Kernel 3.12.74-60_64_82 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: The Linux kernel had a buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083488" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085114" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085447" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-13166/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1068/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7566/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20181026-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d7d9bb13" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-695=1 SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-695=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_82-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_82-xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_82-default-2-2.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_82-xen-2-2.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0993-1.NASL description This update for the Linux Kernel 4.4.74-92_35 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109245 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109245 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0993-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:0993-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(109245); script_version("1.4"); script_cvs_date("Date: 2019/09/10 13:51:47"); script_cve_id("CVE-2017-13166", "CVE-2018-1000004", "CVE-2018-1068", "CVE-2018-7566"); script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0993-1)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for the Linux Kernel 4.4.74-92_35 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1073230" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1076017" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083488" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085114" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085447" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-13166/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1000004/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1068/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7566/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20180993-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c055ff31" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-668=1 SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-668=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_74-92_35-default"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"kgraft-patch-4_4_74-92_35-default-8-2.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }NASL family Scientific Linux Local Security Checks NASL id SL_20180508_KERNEL_ON_SL7_X.NASL description Security Fix(es) : - Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087) - Kernel: error in exception handling leads to DoS (CVE-2018-8897) - Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939) - kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068) - kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199) - kernel: guest kernel crash during core dump on POWER9 host (CVE-2018-1091) last seen 2020-03-18 modified 2018-05-09 plugin id 109644 published 2018-05-09 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109644 title Scientific Linux Security Update : kernel on SL7.x x86_64 (20180508) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(109644); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24"); script_cve_id("CVE-2017-16939", "CVE-2018-1000199", "CVE-2018-1068", "CVE-2018-1087", "CVE-2018-1091", "CVE-2018-8897"); script_name(english:"Scientific Linux Security Update : kernel on SL7.x x86_64 (20180508)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087) - Kernel: error in exception handling leads to DoS (CVE-2018-8897) - Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939) - kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068) - kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199) - kernel: guest kernel crash during core dump on POWER9 host (CVE-2018-1091)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1805&L=scientific-linux-errata&F=&S=&P=1011 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1fbb7127" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/24"); script_set_attribute(attribute:"patch_publication_date", value:"2018/05/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"SL7", reference:"kernel-abi-whitelists-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"SL7", reference:"kernel-doc-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-3.10.0-862.2.3.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-862.2.3.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1000-1.NASL description This update for the Linux Kernel 3.12.61-52_89 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109250 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109250 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1000-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:1000-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(109250); script_version("1.4"); script_cvs_date("Date: 2019/09/10 13:51:47"); script_cve_id("CVE-2017-13166", "CVE-2018-1000004", "CVE-2018-1068", "CVE-2018-7566"); script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1000-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for the Linux Kernel 3.12.61-52_89 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1076017" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083488" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085114" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085447" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-13166/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1000004/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1068/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7566/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20181000-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?45cf311b" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-2018-706=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_89-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_89-xen"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kgraft-patch-3_12_61-52_89-default-7-2.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kgraft-patch-3_12_61-52_89-xen-7-2.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1256.NASL description According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 117565 published 2018-09-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117565 title EulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2018-1256) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZA-2018-014.NASL description According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - It was discovered that the implementation of ebtables in the kernel did not properly validate the offsets received from the user space. A local user with enough privileges in the user and network namespaces could use that to trigger an out-of-bounds write to the kernel address space. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 108565 published 2018-03-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108565 title Virtuozzo 7 : readykernel-patch (VZA-2018-014) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0996-1.NASL description This update for the Linux Kernel 3.12.61-52_83 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109248 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109248 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0996-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1003-1.NASL description This update for the Linux Kernel 4.4.114-92_67 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109252 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109252 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1003-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0995-1.NASL description This update for the Linux Kernel 3.12.61-52_101 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109247 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109247 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0995-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1132.NASL description According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access.(CVE-2018-7566) - The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2018-10675) - The Linux kernel has an undefined behavior when an argument of INT_MIN is passed to the kernel/signal.c:kill_something_info() function. A local attacker may be able to exploit this to cause a denial of service.(CVE-2018-10124) - A an integer overflow vulnerability was discovered in the Linux kernel, from version 3.4 through 4.15, in the drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An attacker with access to the udldrmfb driver could exploit this to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.(CVE-2018-8781) - The code in the drivers/scsi/libsas/sas_scsi_host.c file in the Linux kernel allow a physically proximate attacker to cause a memory leak in the ATA command queue and, thus, denial of service by triggering certain failure conditions.(CVE-2018-10021) - A flaw was found in the Linux kernel last seen 2020-06-10 modified 2018-05-29 plugin id 110136 published 2018-05-29 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110136 title EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1132) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3674-1.NASL description It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781) Xingyuan Lin discovered that a out-of-bounds read existed in the USB Video Class (UVC) driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-0627). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 110474 published 2018-06-12 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110474 title Ubuntu 14.04 LTS : linux vulnerabilities (USN-3674-1) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZA-2018-015.NASL description According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - It was discovered that the implementation of ebtables in the kernel did not properly validate the offsets received from the user space. A local user with enough privileges in the user and network namespaces could use that to trigger an out-of-bounds write to the kernel address space. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 108566 published 2018-03-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108566 title Virtuozzo 7 : readykernel-patch (VZA-2018-015) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1170.NASL description An update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the implementation of the last seen 2020-06-01 modified 2020-06-02 plugin id 125039 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125039 title RHEL 7 : kernel (RHSA-2019:1170) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1001-1.NASL description This update for the Linux Kernel 3.12.61-52_92 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109251 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109251 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1001-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1369.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-0861 Robb Glasser reported a potential use-after-free in the ALSA (sound) PCM core. We believe this was not possible in practice. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the last seen 2020-03-17 modified 2018-05-03 plugin id 109531 published 2018-05-03 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109531 title Debian DLA-1369-1 : linux security update (Spectre) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0988-1.NASL description This update for the Linux Kernel 3.12.74-60_64_69 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109240 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109240 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0988-1) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-971.NASL description Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c : A flaw was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 109133 published 2018-04-18 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109133 title Amazon Linux 2 : kernel (ALAS-2018-971) NASL family Fedora Local Security Checks NASL id FEDORA_2018-959AAC67A3.NASL description The 4.15.10 update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-03-21 plugin id 108505 published 2018-03-21 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108505 title Fedora 27 : kernel (2018-959aac67a3) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3654-1.NASL description Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the F2FS implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18193) It was discovered that a buffer overflow existed in the Hisilicon HNS Ethernet Device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18222) It was discovered that the netfilter subsystem in the Linux kernel did not validate that rules containing jumps contained user-defined chains. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1065) It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) It was discovered that a NULL pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130) It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803) It was discovered that a double free error existed in the block layer subsystem of the Linux kernel when setting up a request queue. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7480) It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757) It was discovered that a race condition existed in the x86 machine check handler in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7995) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 110048 published 2018-05-23 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110048 title Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, vulnerabilities (USN-3654-1) (Spectre) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3677-2.NASL description USN-3677-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. (CVE-2018-1092) It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492) It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2018-8087) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 110479 published 2018-06-12 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110479 title Ubuntu 16.04 LTS : linux-hwe, linux-gcp, linux-oem vulnerabilities (USN-3677-2) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1007-1.NASL description This update for the Linux Kernel 4.4.74-92_38 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109256 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109256 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1007-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-4109.NASL description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s). last seen 2020-06-01 modified 2020-06-02 plugin id 109829 published 2018-05-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109829 title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4109) (Meltdown) (Spectre) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0025_KERNEL.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - The xfrm_migrate() function in the net/xfrm/xfrm_policy.c file in the Linux kernel built with CONFIG_XFRM_MIGRATE does not verify if the dir parameter is less than XFRM_POLICY_MAX. This allows a local attacker to cause a denial of service (out-of- bounds access) or possibly have unspecified other impact by sending a XFRM_MSG_MIGRATE netlink message. This flaw is present in the Linux kernel since an introduction of XFRM_MSG_MIGRATE in 2.6.21-rc1, up to 4.13-rc3. (CVE-2017-11600) - A flaw was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 127185 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127185 title NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0025) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1029-1.NASL description This update for the Linux Kernel 3.12.61-52_106 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109271 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109271 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1029-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1010-1.NASL description This update for the Linux Kernel 3.12.61-52_72 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109259 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109259 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1010-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1031-1.NASL description This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109273 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109273 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1031-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1133.NASL description According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker.(CVE-2017-18203) - The futex_requeue function in kernel/futex.c in the Linux kernel, before 4.14.15, might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impacts by triggering a negative wake or requeue value. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2018-6927) - A flaw was found in the Linux kernel last seen 2020-05-06 modified 2018-05-29 plugin id 110137 published 2018-05-29 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110137 title EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1133) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1009-1.NASL description This update for the Linux Kernel 3.12.61-52_86 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109258 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109258 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1009-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1006-1.NASL description This update for the Linux Kernel 3.12.61-52_80 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109255 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109255 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1006-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3656-1.NASL description Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the F2FS implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18193) It was discovered that a buffer overflow existed in the Hisilicon HNS Ethernet Device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18222) It was discovered that the netfilter subsystem in the Linux kernel did not validate that rules containing jumps contained user-defined chains. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1065) It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) It was discovered that a NULL pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130) It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803) It was discovered that a double free error existed in the block layer subsystem of the Linux kernel when setting up a request queue. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7480) It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757) It was discovered that a race condition existed in the x86 machine check handler in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7995) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 110051 published 2018-05-23 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110051 title Ubuntu 16.04 LTS : linux-raspi2, linux-snapdragon vulnerabilities (USN-3656-1) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2018-0035.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0035 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 109158 published 2018-04-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109158 title OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0035) (Dirty COW) (Meltdown) (Spectre) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0994-1.NASL description This update for the Linux Kernel 3.12.61-52_111 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109246 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109246 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0994-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-4071.NASL description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s). last seen 2020-06-01 modified 2020-06-02 plugin id 109156 published 2018-04-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109156 title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4071) (Dirty COW) (Meltdown) (Spectre) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4187.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2015-9016 Ming Lei reported a race condition in the multiqueue block layer (blk-mq). On a system with a driver using blk-mq (mtip32xx, null_blk, or virtio_blk), a local user might be able to use this for denial of service or possibly for privilege escalation. - CVE-2017-0861 Robb Glasser reported a potential use-after-free in the ALSA (sound) PCM core. We believe this was not possible in practice. - CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the last seen 2020-06-01 modified 2020-06-02 plugin id 109517 published 2018-05-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109517 title Debian DSA-4187-1 : linux - security update (Spectre) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1021-1.NASL description This update for the Linux Kernel 4.4.59-92_24 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109267 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109267 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1021-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-4110.NASL description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s). last seen 2020-06-01 modified 2020-06-02 plugin id 109881 published 2018-05-17 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109881 title Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4110) (Meltdown) (Spectre) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0785-1.NASL description The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.120 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-13166: An elevation of privilege vulnerability in the v4l2 video driver was fixed. (bnc#1072865). - CVE-2017-15951: The KEYS subsystem did not correctly synchronize the actions of updating versus finding a key in the last seen 2020-06-01 modified 2020-06-02 plugin id 108648 published 2018-03-27 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108648 title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0785-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1008-1.NASL description This update for the Linux Kernel 3.12.74-60_64_45 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109257 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109257 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1008-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2366-1.NASL description The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-8405: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. (bnc#1099942). - CVE-2017-13305: A information disclosure vulnerability existed in the encrypted-keys handling. (bnc#1094353). - CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device could lead to a local kernel information leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files. (bnc#1096728). - CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107). - CVE-2018-1130: A NULL pointer dereference in dccp_write_xmit() function in net/dccp/output.c allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904). - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr (bnc#1097234). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c kernel could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 1100418). - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5803: An error in the last seen 2020-06-01 modified 2020-06-02 plugin id 111833 published 2018-08-17 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111833 title SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2366-1) (Foreshadow) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1033-1.NASL description This update for the Linux Kernel 4.4.74-92_29 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109275 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109275 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1033-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3677-1.NASL description It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. (CVE-2018-1092) It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492) It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2018-8087) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 110478 published 2018-06-12 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110478 title Ubuntu 17.10 : linux, linux-raspi2 vulnerabilities (USN-3677-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0834-1.NASL description The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-1068: Fixed flaw in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107). - CVE-2017-18221: The __munlock_pagevec function allowed local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls (bnc#1084323). - CVE-2018-1066: Prevent NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allowed an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response was mishandled during session recovery (bnc#1083640). - CVE-2017-13166: Prevent elevation of privilege vulnerability in the kernel v4l2 video driver (bnc#1072865). - CVE-2017-16911: The vhci_hcd driver allowed local attackers to disclose kernel memory addresses. Successful exploitation required that a USB device was attached over IP (bnc#1078674). - CVE-2017-15299: The KEYS subsystem mishandled use of add_key for a key that already exists but is uninstantiated, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call (bnc#1063416). - CVE-2017-18208: The madvise_willneed function kernel allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2018-7566: The ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user could have reset the pool size manually via ioctl concurrently, which may have lead UAF or out-of-bound access (bsc#1083483). - CVE-2017-18204: The ocfs2_setattr function allowed local users to cause a denial of service (deadlock) via DIO requests (bnc#1083244). - CVE-2017-16644: The hdpvr_probe function allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2018-6927: The futex_requeue function allowed attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757). - CVE-2017-16914: The last seen 2020-06-01 modified 2020-06-02 plugin id 108705 published 2018-03-29 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108705 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0834-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1016-1.NASL description This update for the Linux Kernel 3.12.61-52_119 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: The Linux kernel had a buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109264 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109264 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1016-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1012-1.NASL description This update for the Linux Kernel 4.4.59-92_17 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109261 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109261 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1012-1) NASL family Fedora Local Security Checks NASL id FEDORA_2018-296BF0C332.NASL description The 4.15.10 update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-03-21 plugin id 108495 published 2018-03-21 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108495 title Fedora 26 : kernel (2018-296bf0c332) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-971.NASL description Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c : A flaw was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 108414 published 2018-03-19 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108414 title Amazon Linux AMI : kernel (ALAS-2018-971) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0028_KERNEL-RT.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. (CVE-2015-2041) - net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. (CVE-2015-2042) - The xfrm_migrate() function in the net/xfrm/xfrm_policy.c file in the Linux kernel built with CONFIG_XFRM_MIGRATE does not verify if the dir parameter is less than XFRM_POLICY_MAX. This allows a local attacker to cause a denial of service (out-of- bounds access) or possibly have unspecified other impact by sending a XFRM_MSG_MIGRATE netlink message. This flaw is present in the Linux kernel since an introduction of XFRM_MSG_MIGRATE in 2.6.21-rc1, up to 4.13-rc3. (CVE-2017-11600) - A flaw was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 127192 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127192 title NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0028) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-994.NASL description Race condition in the store_int_with_restart() function in cpu/mcheck/mce.c : A race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. (CVE-2018-7995) Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c : A flaw was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 109177 published 2018-04-20 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109177 title Amazon Linux 2 : kernel (ALAS-2018-994) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1023-1.NASL description This update for the Linux Kernel 4.4.74-92_32 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109268 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109268 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1023-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1260.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 117569 published 2018-09-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117569 title EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1260) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-1318.NASL description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087) * Kernel: error in exception handling leads to DoS (CVE-2018-8897) * Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939) * kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068) * kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199) * kernel: guest kernel crash during core dump on POWER9 host (CVE-2018-1091) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Andy Lutomirski for reporting CVE-2018-1087 and CVE-2018-1000199 and Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897. Bug Fix(es) : These updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article: https://access.redhat.com/ articles/3431641 last seen 2020-06-01 modified 2020-06-02 plugin id 110245 published 2018-05-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110245 title CentOS 7 : kernel (CESA-2018:1318) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2948.NASL description An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor last seen 2020-06-01 modified 2020-06-02 plugin id 118513 published 2018-10-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118513 title RHEL 7 : kernel-alt (RHSA-2018:2948) (Spectre) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0989-1.NASL description This update for the Linux Kernel 4.4.90-92_45 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109241 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109241 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0989-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1034-1.NASL description This update for the Linux Kernel 3.12.74-60_64_63 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109276 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109276 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1034-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3654-2.NASL description USN-3654-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the F2FS implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18193) It was discovered that a buffer overflow existed in the Hisilicon HNS Ethernet Device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18222) It was discovered that the netfilter subsystem in the Linux kernel did not validate that rules containing jumps contained user-defined chains. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1065) It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) It was discovered that a NULL pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130) It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803) It was discovered that a double free error existed in the block layer subsystem of the Linux kernel when setting up a request queue. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7480) It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757) It was discovered that a race condition existed in the x86 machine check handler in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7995) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 110049 published 2018-05-23 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110049 title Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3654-2) (Spectre) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-1023.NASL description A weakness was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 110196 published 2018-05-30 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110196 title Amazon Linux 2 : kernel (ALAS-2018-1023) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-1355.NASL description An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087) * Kernel: error in exception handling leads to DoS (CVE-2018-8897) * Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939) * kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068) * kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Andy Lutomirski for reporting CVE-2018-1087 and CVE-2018-1000199 and Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897. Bug Fix(es) : * The kernel-rt packages have been upgraded to the 3.10.0-862.2.3 source tree, which provides a number of bug fixes over the previous version. (BZ# 1549768) last seen 2020-06-01 modified 2020-06-02 plugin id 109642 published 2018-05-09 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109642 title RHEL 7 : kernel-rt (RHSA-2018:1355) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1018-1.NASL description This update for the Linux Kernel 3.12.74-60_64_66 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109265 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109265 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1018-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1019-1.NASL description This update for the Linux Kernel 4.4.59-92_20 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109266 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109266 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1019-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0992-1.NASL description This update for the Linux Kernel 3.12.74-60_64_51 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109244 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109244 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0992-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0990-1.NASL description This update for the Linux Kernel 4.4.114-92_64 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109242 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109242 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0990-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0848-1.NASL description The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-1068: Fixed flaw in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107). - CVE-2017-18221: The __munlock_pagevec function allowed local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls (bnc#1084323). - CVE-2018-1066: Prevent NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allowed an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response was mishandled during session recovery (bnc#1083640). - CVE-2017-13166: Prevent elevation of privilege vulnerability in the kernel v4l2 video driver (bnc#1072865). - CVE-2017-16911: The vhci_hcd driver allowed local attackers to disclose kernel memory addresses. Successful exploitation required that a USB device was attached over IP (bnc#1078674). - CVE-2017-15299: The KEYS subsystem mishandled use of add_key for a key that already exists but is uninstantiated, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call (bnc#1063416). - CVE-2017-18208: The madvise_willneed function kernel allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2018-7566: The ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user could have reset the pool size manually via ioctl concurrently, which may have lead UAF or out-of-bound access (bsc#1083483). - CVE-2017-18204: The ocfs2_setattr function allowed local users to cause a denial of service (deadlock) via DIO requests (bnc#1083244). - CVE-2017-16644: The hdpvr_probe function allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2018-6927: The futex_requeue function allowed attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757). - CVE-2017-16914: The last seen 2020-06-01 modified 2020-06-02 plugin id 108748 published 2018-03-30 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108748 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0848-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2332-1.NASL description The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device could lead to a local kernel information leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files. (bnc#1096728). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 bnc#1100418). - CVE-2016-8405: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. (bnc#1099942). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. (bnc#1097234). - CVE-2017-13305: A information disclosure vulnerability in the Upstream kernel encrypted-keys. (bnc#1094353). - CVE-2018-1130: A NULL pointer dereference in dccp_write_xmit() function in net/dccp/output.c allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904). - CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107). - CVE-2018-5803: An error in the last seen 2020-06-01 modified 2020-06-02 plugin id 111782 published 2018-08-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111782 title SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2332-1) (Foreshadow) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-1318.NASL description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087) * Kernel: error in exception handling leads to DoS (CVE-2018-8897) * Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939) * kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068) * kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199) * kernel: guest kernel crash during core dump on POWER9 host (CVE-2018-1091) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Andy Lutomirski for reporting CVE-2018-1087 and CVE-2018-1000199 and Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897. Bug Fix(es) : These updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article: https://access.redhat.com/ articles/3431641 last seen 2020-06-01 modified 2020-06-02 plugin id 109633 published 2018-05-09 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109633 title RHEL 7 : kernel (RHSA-2018:1318) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1011-1.NASL description This update for the Linux Kernel 4.4.90-92_50 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109260 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109260 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1011-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-292.NASL description The openSUSE Leap 42.3 kernel was updated to 4.4.120 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-8087: Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c allowed local users to cause a denial of service (memory consumption) by triggering an out-of-array error case (bnc#1085053). - CVE-2017-13166: An elevation of privilege vulnerability in the v4l2 video driver was fixed. (bnc#1072865). - CVE-2017-18208: The madvise_willneed function in mm/madvise.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2017-17975: Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c allowed attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label last seen 2020-06-05 modified 2018-03-23 plugin id 108577 published 2018-03-23 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108577 title openSUSE Security Update : the Linux Kernel (openSUSE-2018-292) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1030-1.NASL description This update for the Linux Kernel 3.12.61-52_122 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: The Linux kernel had a buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109272 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109272 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1030-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4188.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the last seen 2020-06-01 modified 2020-06-02 plugin id 109518 published 2018-05-02 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109518 title Debian DSA-4188-1 : linux - security update (Spectre) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1190.NASL description An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A flaw was found in the implementation of the last seen 2020-06-01 modified 2020-06-02 plugin id 125192 published 2019-05-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125192 title RHEL 6 : MRG (RHSA-2019:1190) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-4159.NASL description An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Out-of-bounds heap access in xfrm (CVE-2017-7184) * kernel: Exploitable memory corruption due to UFO to non-UFO path switch (CVE-2017-1000112) * kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068) * kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405) * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * Kernel: page cache side channel attacks (CVE-2019-5489) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * IPv6 UDP inconsistent usage of UFO and HW checksums (BZ#1773816) * UDPv6 packets badly fragmented when ESP in use on devices supporting UFO (BZ#1774503) last seen 2020-06-01 modified 2020-06-02 plugin id 131980 published 2019-12-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131980 title RHEL 7 : kernel (RHSA-2019:4159) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1004-1.NASL description This update for the Linux Kernel 4.4.103-92_53 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109253 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109253 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1004-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1025-1.NASL description This update for the Linux Kernel 3.12.74-60_64_40 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109269 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109269 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1025-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1032-1.NASL description This update for the Linux Kernel 3.12.74-60_64_54 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109274 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109274 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1032-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1015-1.NASL description This update for the Linux Kernel 3.12.74-60_64_48 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109263 published 2018-04-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109263 title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1015-1)
Redhat
| advisories |
| ||||||||||||||||||||||||
| rpms |
|
References
- https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6
- https://bugzilla.redhat.com/show_bug.cgi?id=1552048
- https://marc.info/?l=linux-netdev&m=152025888924151&w=2
- https://marc.info/?l=linux-netdev&m=152023808817590&w=2
- http://www.securityfocus.com/bid/103459
- https://www.debian.org/security/2018/dsa-4188
- https://www.debian.org/security/2018/dsa-4187
- https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
- https://access.redhat.com/errata/RHSA-2018:1355
- https://access.redhat.com/errata/RHSA-2018:1318
- https://usn.ubuntu.com/3654-2/
- https://usn.ubuntu.com/3654-1/
- https://usn.ubuntu.com/3656-1/
- https://usn.ubuntu.com/3677-2/
- https://usn.ubuntu.com/3677-1/
- https://usn.ubuntu.com/3674-2/
- https://usn.ubuntu.com/3674-1/
- https://access.redhat.com/errata/RHSA-2018:2948
- https://access.redhat.com/errata/RHSA-2019:1170
- https://access.redhat.com/errata/RHSA-2019:1190
- https://access.redhat.com/errata/RHSA-2019:4159