Vulnerabilities > CVE-2018-10877

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3871-4. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(121594);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20");

  script_cve_id("CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-14625", "CVE-2018-16882", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-19407", "CVE-2018-9516");
  script_xref(name:"USN", value:"3871-4");

  script_name(english:"Ubuntu 16.04 LTS : linux-hwe, linux-aws-hwe, linux-gcp vulnerabilities (USN-3871-4)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.

Wen Xu discovered that a use-after-free vulnerability existed in the
ext4 filesystem implementation in the Linux kernel. An attacker could
use this to construct a malicious ext4 image that, when mounted, could
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-10876, CVE-2018-10879)

Wen Xu discovered that a buffer overflow existed in the ext4
filesystem implementation in the Linux kernel. An attacker could use
this to construct a malicious ext4 image that, when mounted, could
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-10877)

Wen Xu discovered that an out-of-bounds write vulnerability existed in
the ext4 filesystem implementation in the Linux kernel. An attacker
could use this to construct a malicious ext4 image that, when mounted,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2018-10878, CVE-2018-10882)

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly ensure that xattr information remained in
inode bodies. An attacker could use this to construct a malicious ext4
image that, when mounted, could cause a denial of service (system
crash). (CVE-2018-10880)

Wen Xu discovered that the ext4 file system implementation in the
Linux kernel could possibly perform an out of bounds write when
updating the journal for an inline file. An attacker could use this to
construct a malicious ext4 image that, when mounted, could cause a
denial of service (system crash). (CVE-2018-10883)

It was discovered that a race condition existed in the vsock address
family implementation of the Linux kernel that could lead to a
use-after-free condition. A local attacker in a guest virtual machine
could use this to expose sensitive information (host machine kernel
memory). (CVE-2018-14625)

Cfir Cohen discovered that a use-after-free vulnerability existed in
the KVM implementation of the Linux kernel, when handling interrupts
in environments where nested virtualization is in use (nested KVM
virtualization is not enabled by default in Ubuntu kernels). A local
attacker in a guest VM could possibly use this to gain administrative
privileges in a host machine. (CVE-2018-16882)

Jann Horn discovered that the procfs file system implementation in the
Linux kernel did not properly restrict the ability to inspect the
kernel stack of an arbitrary task. A local attacker could use this to
expose sensitive information. (CVE-2018-17972)

Jann Horn discovered that the mremap() system call in the Linux kernel
did not properly flush the TLB when completing, potentially leaving
access to a physical page after it has been released to the page
allocator. A local attacker could use this to cause a denial of
service (system crash), expose sensitive information, or possibly
execute arbitrary code. (CVE-2018-18281)

Wei Wu discovered that the KVM implementation in the Linux kernel did
not properly ensure that ioapics were initialized. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2018-19407)

It was discovered that the debug interface for the Linux kernel's HID
subsystem did not properly perform bounds checking in some situations.
An attacker with access to debugfs could use this to cause a denial of
service or possibly gain additional privileges. (CVE-2018-9516).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/3871-4/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-9516");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/02/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/05");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-14625", "CVE-2018-16882", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-19407", "CVE-2018-9516");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3871-4");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-1027-gcp", pkgver:"4.15.0-1027.28~16.04.1")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-1032-aws", pkgver:"4.15.0-1032.34~16.04.1")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-45-generic", pkgver:"4.15.0-45.48~16.04.1")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-45-generic-lpae", pkgver:"4.15.0-45.48~16.04.1")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-45-lowlatency", pkgver:"4.15.0-45.48~16.04.1")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-aws-hwe", pkgver:"4.15.0.1032.33")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-gcp", pkgver:"4.15.0.1027.41")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-hwe-16.04", pkgver:"4.15.0.45.66")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-lpae-hwe-16.04", pkgver:"4.15.0.45.66")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-gke", pkgver:"4.15.0.1027.41")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-lowlatency-hwe-16.04", pkgver:"4.15.0.45.66")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-oem", pkgver:"4.15.0.45.66")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-virtual-hwe-16.04", pkgver:"4.15.0.45.66")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.15-aws / linux-image-4.15-gcp / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3753-2. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(112112);
  script_version("1.7");
  script_cvs_date("Date: 2019/09/18 12:31:48");

  script_cve_id("CVE-2017-13168", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-12233", "CVE-2018-13094", "CVE-2018-13405", "CVE-2018-13406");
  script_xref(name:"USN", value:"3753-2");

  script_name(english:"Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3753-2)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"USN-3753-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

It was discovered that the generic SCSI driver in the Linux kernel did
not properly enforce permissions on kernel memory access. A local
attacker could use this to expose sensitive information or possibly
elevate privileges. (CVE-2017-13168)

Wen Xu discovered that a use-after-free vulnerability existed in the
ext4 filesystem implementation in the Linux kernel. An attacker could
use this to construct a malicious ext4 image that, when mounted, could
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-10876, CVE-2018-10879)

Wen Xu discovered that a buffer overflow existed in the ext4
filesystem implementation in the Linux kernel. An attacker could use
this to construct a malicious ext4 image that, when mounted, could
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-10877)

Wen Xu discovered that an out-of-bounds write vulnerability existed in
the ext4 filesystem implementation in the Linux kernel. An attacker
could use this to construct a malicious ext4 image that, when mounted,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2018-10878, CVE-2018-10882)

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly keep meta-data information consistent in some
situations. An attacker could use this to construct a malicious ext4
image that, when mounted, could cause a denial of service (system
crash). (CVE-2018-10881)

Shankara Pailoor discovered that the JFS filesystem implementation in
the Linux kernel contained a buffer overflow when handling extended
attributes. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.
(CVE-2018-12233)

Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly handle an error condition with a corrupted xfs
image. An attacker could use this to construct a malicious xfs image
that, when mounted, could cause a denial of service (system crash).
(CVE-2018-13094)

It was discovered that the Linux kernel did not properly handle setgid
file creation when performed by a non-member of the group. A local
attacker could use this to gain elevated privileges. (CVE-2018-13405)

Silvio Cesare discovered that the generic VESA frame buffer driver in
the Linux kernel contained an integer overflow. A local attacker could
use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2018-13406).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/3753-2/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2017-13168", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-12233", "CVE-2018-13094", "CVE-2018-13405", "CVE-2018-13406");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3753-2");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-1028-aws", pkgver:"4.4.0-1028.31")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-134-generic", pkgver:"4.4.0-134.160~14.04.1")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-134-generic-lpae", pkgver:"4.4.0-134.160~14.04.1")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-134-lowlatency", pkgver:"4.4.0-134.160~14.04.1")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-aws", pkgver:"4.4.0.1028.28")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-generic-lpae-lts-xenial", pkgver:"4.4.0.134.114")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-generic-lts-xenial", pkgver:"4.4.0.134.114")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-lowlatency-lts-xenial", pkgver:"4.4.0.134.114")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.4-aws / linux-image-4.4-generic / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:2908-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(117824);
  script_version("1.5");
  script_cvs_date("Date: 2019/09/10 13:51:49");

  script_cve_id("CVE-2018-10853", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-10940", "CVE-2018-12896", "CVE-2018-13093", "CVE-2018-14617", "CVE-2018-14634", "CVE-2018-16276", "CVE-2018-16658", "CVE-2018-6554", "CVE-2018-6555");

  script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2908-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 12 SP1 kernel was updated receive various
security and bugfixes.

The following security bugs were fixed :

CVE-2018-14634: Prevent integer overflow in create_elf_tables that
allowed a local attacker to exploit this vulnerability via a SUID-root
binary and obtain full root privileges (bsc#1108912)

CVE-2018-14617: Prevent NULL pointer dereference and panic in
hfsplus_lookup() when opening a file (that is purportedly a hard link)
in an hfs+ filesystem that has malformed catalog data, and is mounted
read-only without a metadata directory (bsc#1102870)

CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in
yurex_read allowed local attackers to use user access read/writes to
crash the kernel or potentially escalate privileges (bsc#1106095)

CVE-2018-12896: Prevent integer overflow in the POSIX timer code that
was caused by the way the overrun accounting works. Depending on
interval and expiry time values, the overrun can be larger than
INT_MAX, but the accounting is int based. This basically made the
accounting values, which are visible to user space via
timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a
local user to cause a denial of service (signed integer overflow) via
crafted mmap, futex, timer_create, and timer_settime system calls
(bnc#1099922)

CVE-2018-13093: Prevent NULL pointer dereference and panic in
lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a
corrupted xfs image. This occured because of a lack of proper
validation that cached inodes are free during allocation (bnc#1100001)

CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local
attackers to use a incorrect bounds check in the CDROM driver
CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)

CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status
that could have been used by local attackers to read kernel memory
(bnc#1107689)

CVE-2018-6555: The irda_setsockopt function allowed local users to
cause a denial of service (ias_object use-after-free and system crash)
or possibly have unspecified other impact via an AF_IRDA socket
(bnc#1106511)

CVE-2018-6554: Prevent memory leak in the irda_bind function that
allowed local users to cause a denial of service (memory consumption)
by repeatedly binding an AF_IRDA socket (bnc#1106509)

CVE-2018-10902: Protect against concurrent access to prevent double
realloc (double free) in snd_rawmidi_input_params() and
snd_rawmidi_output_status(). A malicious local attacker could have
used this for privilege escalation (bnc#1105322)

CVE-2018-10879: A local user could have caused a use-after-free in
ext4_xattr_set_entry function and a denial of service or unspecified
other impact by renaming a file in a crafted ext4 filesystem image
(bsc#1099844)

CVE-2018-10883: A local user could have caused an out-of-bounds write
in jbd2_journal_dirty_metadata(), a denial of service, and a system
crash by mounting and operating on a crafted ext4 filesystem image
(bsc#1099863)

CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4
filesystem code when mounting and writing to a crafted ext4 image in
ext4_update_inline_data(). An attacker could have used this to cause a
system crash and a denial of service (bsc#1099845)

CVE-2018-10882: A local user could have caused an out-of-bound write,
a denial of service, and a system crash by unmounting a crafted ext4
filesystem image (bsc#1099849)

CVE-2018-10881: A local user could have caused an out-of-bound access
in ext4_get_group_info function, a denial of service, and a system
crash by mounting and operating on a crafted ext4 filesystem image
(bsc#1099864)

CVE-2018-10877: Prevent out-of-bound access in the
ext4_ext_drop_refs() function when operating on a crafted ext4
filesystem image (bsc#1099846)

CVE-2018-10876: A use-after-free was possible in
ext4_ext_remove_space() function when mounting and operating a crafted
ext4 image (bsc#1099811)

CVE-2018-10878: A local user could have caused an out-of-bounds write
and a denial of service or unspecified other impact by mounting and
operating a crafted ext4 filesystem image (bsc#1099813)

CVE-2018-10853: The KVM hypervisor did not check current
privilege(CPL) level while emulating unprivileged instructions. An
unprivileged guest user/process could have used this flaw to
potentially escalate privileges inside guest (bsc#1097104).

The update package also includes non-security fixes. See advisory for
details.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1024788"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1062604"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1064233"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1065999"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1090534"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1090955"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1091171"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1092903"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1096547"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1097104"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1097108"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099811"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099844"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099845"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099846"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099849"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099863"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099864"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099922"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1100001"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1102870"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1103445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104319"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104495"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104818"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104906"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105100"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105322"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105323"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105396"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106095"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106369"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106509"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106511"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1107689"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1108912"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10853/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10876/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10877/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10878/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10879/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10880/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10881/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10882/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10883/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10902/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10940/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-12896/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-13093/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-14617/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-14634/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-16276/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-16658/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-6554/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-6555/"
  );
  # https://www.suse.com/support/update/announcement/2018/suse-su-20182908-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?e50fcd04"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2018-2063=1

SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch
SUSE-SLE-Module-Public-Cloud-12-2018-2063=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/09/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/28");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-3.12.74-60.64.104.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-3.12.74-60.64.104.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.74-60.64.104.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.74-60.64.104.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.74-60.64.104.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-devel-3.12.74-60.64.104.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"s390x", reference:"kernel-default-man-3.12.74-60.64.104.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-3.12.74-60.64.104.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-3.12.74-60.64.104.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-debuginfo-3.12.74-60.64.104.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debuginfo-3.12.74-60.64.104.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debugsource-3.12.74-60.64.104.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-devel-3.12.74-60.64.104.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-syms-3.12.74-60.64.104.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:2858-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(117800);
  script_version("1.5");
  script_cvs_date("Date: 2019/09/10 13:51:49");

  script_cve_id("CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-10938", "CVE-2018-10940", "CVE-2018-1128", "CVE-2018-1129", "CVE-2018-12896", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-15572", "CVE-2018-16658", "CVE-2018-6554", "CVE-2018-6555", "CVE-2018-9363");

  script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2858-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 12 SP3 azure kernel was updated to 4.4.155
to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2018-13093: Prevent NULL pointer dereference and panic in
lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a
corrupted xfs image. This occured because of a lack of proper
validation that cached inodes are free during allocation (bnc#1100001)

CVE-2018-13095: Prevent denial of service (memory corruption and BUG)
that could have occurred for a corrupted xfs image upon encountering
an inode that is in extent format, but has more extents than fit in
the inode fork (bnc#1099999)

CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs
image after xfs_da_shrink_inode() is called with a NULL bp
(bnc#1100000)

CVE-2018-12896: Prevent integer overflow in the POSIX timer code that
was caused by the way the overrun accounting works. Depending on
interval and expiry time values, the overrun can be larger than
INT_MAX, but the accounting is int based. This basically made the
accounting values, which are visible to user space via
timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a
local user to cause a denial of service (signed integer overflow) via
crafted mmap, futex, timer_create, and timer_settime system calls
(bnc#1099922)

CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status
that could have been used by local attackers to read kernel memory
(bnc#1107689)

CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local
attackers to use a incorrect bounds check in the CDROM driver
CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)

CVE-2018-6555: The irda_setsockopt function allowed local users to
cause a denial of service (ias_object use-after-free and system crash)
or possibly have unspecified other impact via an AF_IRDA socket
(bnc#1106511)

CVE-2018-6554: Prevent memory leak in the irda_bind function that
allowed local users to cause a denial of service (memory consumption)
by repeatedly binding an AF_IRDA socket (bnc#1106509)

CVE-2018-1129: A flaw was found in the way signature calculation was
handled by cephx authentication protocol. An attacker having access to
ceph cluster network who is able to alter the message payload was able
to bypass signature checks done by cephx protocol (bnc#1096748)

CVE-2018-1128: It was found that cephx authentication protocol did not
verify ceph clients correctly and was vulnerable to replay attack. Any
attacker having access to ceph cluster network who is able to sniff
packets on network can use this vulnerability to authenticate with
ceph service and perform actions allowed by ceph service (bnc#1096748)

CVE-2018-10938: A crafted network packet sent remotely by an attacker
forced the kernel to enter an infinite loop in the cipso_v4_optptr()
function leading to a denial-of-service (bnc#1106016)

CVE-2018-15572: The spectre_v2_select_mitigation function did not
always fill RSB upon a context switch, which made it easier for
attackers to conduct userspace-userspace spectreRSB attacks
(bnc#1102517)

CVE-2018-10902: Protect against concurrent access to prevent double
realloc (double free) in snd_rawmidi_input_params() and
snd_rawmidi_output_status(). A malicious local attacker could have
used this for privilege escalation (bnc#1105322).

CVE-2018-9363: Prevent buffer overflow in hidp_process_report
(bsc#1105292)

CVE-2018-10883: A local user could have caused an out-of-bounds write
in jbd2_journal_dirty_metadata(), a denial of service, and a system
crash by mounting and operating on a crafted ext4 filesystem image
(bsc#1099863)

CVE-2018-10879: A local user could have caused a use-after-free in
ext4_xattr_set_entry function and a denial of service or unspecified
other impact by renaming a file in a crafted ext4 filesystem image
(bsc#1099844)

CVE-2018-10878: A local user could have caused an out-of-bounds write
and a denial of service or unspecified other impact by mounting and
operating a crafted ext4 filesystem image (bsc#1099813)

CVE-2018-10876: A use-after-free was possible in
ext4_ext_remove_space() function when mounting and operating a crafted
ext4 image (bsc#1099811)

CVE-2018-10877: Prevent out-of-bound access in the
ext4_ext_drop_refs() function when operating on a crafted ext4
filesystem image (bsc#1099846)

CVE-2018-10881: A local user could have caused an out-of-bound access
in ext4_get_group_info function, a denial of service, and a system
crash by mounting and operating on a crafted ext4 filesystem image
(bsc#1099864)

CVE-2018-10882: A local user could have caused an out-of-bound write,
a denial of service, and a system crash by unmounting a crafted ext4
filesystem image (bsc#1099849)

CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4
filesystem code when mounting and writing to a crafted ext4 image in
ext4_update_inline_data(). An attacker could have used this to cause a
system crash and a denial of service (bsc#1099845)

The update package also includes non-security fixes. See advisory for
details.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1015342"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1015343"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1017967"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1019695"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1019699"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1020412"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1021121"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1022604"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1024361"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1024365"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1024376"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1027968"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1030552"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1033962"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1042286"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1048317"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1050431"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1053685"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1055014"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1056596"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1062604"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1063646"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1064232"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1065364"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1066223"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1068032"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1068075"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1069138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1078921"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1080157"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1083663"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1085042"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1085536"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1085539"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1086457"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1087092"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1089066"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1090888"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1091171"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1091860"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1092903"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1096254"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1096748"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1097105"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1098253"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1098822"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099597"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099810"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099811"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099832"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099844"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099845"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099846"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099849"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099863"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099864"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099922"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099999"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1100000"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1100001"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1100132"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1101822"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1101841"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1102346"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1102486"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1102517"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1102715"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1102797"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1103269"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1103445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104319"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104485"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104494"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104495"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104683"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104897"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105271"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105292"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105322"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105392"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105396"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105524"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105536"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105769"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106016"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106105"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106185"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106229"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106271"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106275"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106276"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106278"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106281"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106283"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106369"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106509"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106511"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106594"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106697"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106929"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106934"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106995"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1107060"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1107078"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1107319"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1107320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1107689"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1107735"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1107966"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=963575"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=966170"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=966172"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=969470"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=969476"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=969477"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=970506"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10876/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10877/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10878/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10879/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10880/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10881/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10882/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10883/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10902/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10938/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10940/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-1128/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-1129/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-12896/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-13093/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-13094/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-13095/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-15572/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-16658/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-6554/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-6555/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-9363/"
  );
  # https://www.suse.com/support/update/announcement/2018/suse-su-20182858-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?737e2176"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2018-2004=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2018-2004=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms-azure");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/09/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);


sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-4.4.155-4.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-base-4.4.155-4.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-base-debuginfo-4.4.155-4.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-debuginfo-4.4.155-4.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-debugsource-4.4.155-4.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-devel-4.4.155-4.16.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-syms-azure-4.4.155-4.16.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3754-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(112113);
  script_version("1.6");
  script_cvs_date("Date: 2019/09/18 12:31:48");

  script_cve_id("CVE-2016-10208", "CVE-2017-11472", "CVE-2017-11473", "CVE-2017-14991", "CVE-2017-15649", "CVE-2017-16526", "CVE-2017-16527", "CVE-2017-16529", "CVE-2017-16531", "CVE-2017-16532", "CVE-2017-16533", "CVE-2017-16535", "CVE-2017-16536", "CVE-2017-16537", "CVE-2017-16538", "CVE-2017-16643", "CVE-2017-16644", "CVE-2017-16645", "CVE-2017-16650", "CVE-2017-16911", "CVE-2017-16912", "CVE-2017-16913", "CVE-2017-16914", "CVE-2017-17558", "CVE-2017-18255", "CVE-2017-18270", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-2671", "CVE-2017-5549", "CVE-2017-5897", "CVE-2017-6345", "CVE-2017-6348", "CVE-2017-7518", "CVE-2017-7645", "CVE-2017-8831", "CVE-2017-9984", "CVE-2017-9985", "CVE-2018-1000204", "CVE-2018-10021", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-10323", "CVE-2018-10675", "CVE-2018-10877", "CVE-2018-10881", "CVE-2018-1092", "CVE-2018-1093", "CVE-2018-10940", "CVE-2018-12233", "CVE-2018-13094", "CVE-2018-13405", "CVE-2018-13406");
  script_xref(name:"USN", value:"3754-1");

  script_name(english:"Ubuntu 14.04 LTS : linux vulnerabilities (USN-3754-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Ralf Spenneberg discovered that the ext4 implementation in the Linux
kernel did not properly validate meta block groups. An attacker with
physical access could use this to specially craft an ext4 image that
causes a denial of service (system crash). (CVE-2016-10208)

It was discovered that an information disclosure vulnerability existed
in the ACPI implementation of the Linux kernel. A local attacker could
use this to expose sensitive information (kernel memory addresses).
(CVE-2017-11472)

It was discovered that a buffer overflow existed in the ACPI table
parsing implementation in the Linux kernel. A local attacker could use
this to construct a malicious ACPI table that, when loaded, caused a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-11473)

It was discovered that the generic SCSI driver in the Linux kernel did
not properly initialize data returned to user space in some
situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2017-14991)

It was discovered that a race condition existed in the packet fanout
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-15649)

Andrey Konovalov discovered that the Ultra Wide Band driver in the
Linux kernel did not properly check for an error condition. A
physically proximate attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.
(CVE-2017-16526)

Andrey Konovalov discovered that the ALSA subsystem in the Linux
kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2017-16527)

Andrey Konovalov discovered that the ALSA subsystem in the Linux
kernel did not properly validate USB audio buffer descriptors. A
physically proximate attacker could use this cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-16529)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel
did not properly validate USB interface association descriptors. A
physically proximate attacker could use this to cause a denial of
service (system crash). (CVE-2017-16531)

Andrey Konovalov discovered that the usbtest device driver in the
Linux kernel did not properly validate endpoint metadata. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-16532)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel
did not properly validate USB HID descriptors. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2017-16533)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel
did not properly validate USB BOS metadata. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2017-16535)

Andrey Konovalov discovered that the Conexant cx231xx USB video
capture driver in the Linux kernel did not properly validate interface
descriptors. A physically proximate attacker could use this to cause a
denial of service (system crash). (CVE-2017-16536)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the
Linux kernel did not properly validate device metadata. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2017-16537)

It was discovered that the DM04/QQBOX USB driver in the Linux kernel
did not properly handle device attachment and warm-start. A physically
proximate attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2017-16538)

Andrey Konovalov discovered an out-of-bounds read in the GTCO
digitizer USB driver for the Linux kernel. A physically proximate
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-16643)

Andrey Konovalov discovered that the video4linux driver for Hauppauge
HD PVR USB devices in the Linux kernel did not properly handle some
error conditions. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-16644)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB
driver in the Linux kernel did not properly validate device
descriptors. A physically proximate attacker could use this to cause a
denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the QMI WWAN USB driver did not
properly validate device descriptors. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2017-16650)

It was discovered that the USB Virtual Host Controller Interface
(VHCI) driver in the Linux kernel contained an information disclosure
vulnerability. A physically proximate attacker could use this to
expose sensitive information (kernel memory). (CVE-2017-16911)

It was discovered that the USB over IP implementation in the Linux
kernel did not validate endpoint numbers. A remote attacker could use
this to cause a denial of service (system crash). (CVE-2017-16912)

It was discovered that the USB over IP implementation in the Linux
kernel did not properly validate CMD_SUBMIT packets. A remote attacker
could use this to cause a denial of service (excessive memory
consumption). (CVE-2017-16913)

It was discovered that the USB over IP implementation in the Linux
kernel contained a NULL pointer dereference error. A remote attacker
could use this to cause a denial of service (system crash).
(CVE-2017-16914)

It was discovered that the core USB subsystem in the Linux kernel did
not validate the number of configurations and interfaces in a device.
A physically proximate attacker could use this to cause a denial of
service (system crash). (CVE-2017-17558)

It was discovered that an integer overflow existed in the perf
subsystem of the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2017-18255)

It was discovered that the keyring subsystem in the Linux kernel did
not properly prevent a user from creating keyrings for other users. A
local attacker could use this cause a denial of service or expose
sensitive information. (CVE-2017-18270)

Andy Lutomirski and Willy Tarreau discovered that the KVM
implementation in the Linux kernel did not properly emulate
instructions on the SS segment register. A local attacker in a guest
virtual machine could use this to cause a denial of service (guest OS
crash) or possibly gain administrative privileges in the guest OS.
(CVE-2017-2583)

Dmitry Vyukov discovered that the KVM implementation in the Linux
kernel improperly emulated certain instructions. A local attacker
could use this to obtain sensitive information (kernel memory).
(CVE-2017-2584)

It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver
in the Linux kernel did not properly initialize memory related to
logging. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2017-5549)

Andrey Konovalov discovered an out-of-bounds access in the IPv6
Generic Routing Encapsulation (GRE) tunneling implementation in the
Linux kernel. An attacker could use this to possibly expose sensitive
information. (CVE-2017-5897)

Andrey Konovalov discovered that the LLC subsytem in the Linux kernel
did not properly set up a destructor in certain situations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2017-6345)

Dmitry Vyukov discovered race conditions in the Infrared (IrDA)
subsystem in the Linux kernel. A local attacker could use this to
cause a denial of service (deadlock). (CVE-2017-6348)

Andy Lutomirski discovered that the KVM implementation in the Linux
kernel was vulnerable to a debug exception error when single-stepping
through a syscall. A local attacker in a non-Linux guest vm could
possibly use this to gain administrative privileges in the guest vm.
(CVE-2017-7518)

Tuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3
server implementations in the Linux kernel did not properly handle
certain long RPC replies. A remote attacker could use this to cause a
denial of service (system crash). (CVE-2017-7645)

Pengfei Wang discovered that a race condition existed in the NXP
SAA7164 TV Decoder driver for the Linux kernel. A local attacker could
use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2017-8831)

Pengfei Wang discovered that the Turtle Beach MultiSound audio device
driver in the Linux kernel contained race conditions when fetching
from the ring-buffer. A local attacker could use this to cause a
denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985)

It was discovered that the wait4() system call in the Linux kernel did
not properly validate its arguments in some situations. A local
attacker could possibly use this to cause a denial of service.
(CVE-2018-10087)

It was discovered that the kill() system call implementation in the
Linux kernel did not properly validate its arguments in some
situations. A local attacker could possibly use this to cause a denial
of service. (CVE-2018-10124)

Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate meta-data information. An attacker
could use this to construct a malicious xfs image that, when mounted,
could cause a denial of service (system crash). (CVE-2018-10323)

Zhong Jiang discovered that a use-after-free vulnerability existed in
the NUMA memory policy implementation in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-10675)

Wen Xu discovered that a buffer overflow existed in the ext4
filesystem implementation in the Linux kernel. An attacker could use
this to construct a malicious ext4 image that, when mounted, could
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-10877)

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly keep meta-data information consistent in some
situations. An attacker could use this to construct a malicious ext4
image that, when mounted, could cause a denial of service (system
crash). (CVE-2018-10881)

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations.
An attacker could use this to specially craft an ext4 file system that
caused a denial of service (system crash) when mounted.
(CVE-2018-1092)

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly handle corrupted meta data in some situations.
An attacker could use this to specially craft an ext4 filesystem that
caused a denial of service (system crash) when mounted.
(CVE-2018-1093)

It was discovered that the cdrom driver in the Linux kernel contained
an incorrect bounds check. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-10940)

Shankara Pailoor discovered that the JFS filesystem implementation in
the Linux kernel contained a buffer overflow when handling extended
attributes. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.
(CVE-2018-12233)

Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly handle an error condition with a corrupted xfs
image. An attacker could use this to construct a malicious xfs image
that, when mounted, could cause a denial of service (system crash).
(CVE-2018-13094)

It was discovered that the Linux kernel did not properly handle setgid
file creation when performed by a non-member of the group. A local
attacker could use this to gain elevated privileges. (CVE-2018-13405)

Silvio Cesare discovered that the generic VESA frame buffer driver in
the Linux kernel contained an integer overflow. A local attacker could
use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2018-13406)

Daniel Jiang discovered that a race condition existed in the ipv4 ping
socket implementation in the Linux kernel. A local privileged attacker
could use this to cause a denial of service (system crash).
(CVE-2017-2671)

It was discovered that an information leak existed in the generic SCSI
driver in the Linux kernel. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-1000204)

It was discovered that a memory leak existed in the Serial Attached
SCSI (SAS) implementation in the Linux kernel. A physically proximate
attacker could use this to cause a denial of service (memory
exhaustion). (CVE-2018-10021).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/3754-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2016-10208", "CVE-2017-11472", "CVE-2017-11473", "CVE-2017-14991", "CVE-2017-15649", "CVE-2017-16526", "CVE-2017-16527", "CVE-2017-16529", "CVE-2017-16531", "CVE-2017-16532", "CVE-2017-16533", "CVE-2017-16535", "CVE-2017-16536", "CVE-2017-16537", "CVE-2017-16538", "CVE-2017-16643", "CVE-2017-16644", "CVE-2017-16645", "CVE-2017-16650", "CVE-2017-16911", "CVE-2017-16912", "CVE-2017-16913", "CVE-2017-16914", "CVE-2017-17558", "CVE-2017-18255", "CVE-2017-18270", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-2671", "CVE-2017-5549", "CVE-2017-5897", "CVE-2017-6345", "CVE-2017-6348", "CVE-2017-7518", "CVE-2017-7645", "CVE-2017-8831", "CVE-2017-9984", "CVE-2017-9985", "CVE-2018-1000204", "CVE-2018-10021", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-10323", "CVE-2018-10675", "CVE-2018-10877", "CVE-2018-10881", "CVE-2018-1092", "CVE-2018-1093", "CVE-2018-10940", "CVE-2018-12233", "CVE-2018-13094", "CVE-2018-13405", "CVE-2018-13406");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3754-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-157-generic", pkgver:"3.13.0-157.207")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-157-generic-lpae", pkgver:"3.13.0-157.207")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-157-lowlatency", pkgver:"3.13.0-157.207")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-generic", pkgver:"3.13.0.157.167")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-generic-lpae", pkgver:"3.13.0.157.167")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"linux-image-lowlatency", pkgver:"3.13.0.157.167")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1423-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(111165);
  script_version("1.7");
  script_cvs_date("Date: 2019/07/15 14:20:30");

  script_cve_id("CVE-2017-18255", "CVE-2017-5753", "CVE-2018-1000204", "CVE-2018-10021", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-10853", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-11506", "CVE-2018-12233", "CVE-2018-3639", "CVE-2018-5814");

  script_name(english:"Debian DLA-1423-1 : linux-4.9 new package (Spectre)");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Linux 4.9 has been packaged for Debian 8 as linux-4.9. This provides a
supported upgrade path for systems that currently use kernel packages
from the 'jessie-backports' suite.

There is no need to upgrade systems using Linux 3.16, as that kernel
version will also continue to be supported in the LTS period.

This backport does not include the following binary packages :

hyperv-daemons libcpupower1 libcpupower-dev libusbip-dev
linux-compiler-gcc-4.9-x86 linux-cpupower linux-libc-dev usbip

Older versions of most of those are built from other source packages
in Debian 8.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2017-5753

Further instances of code that was vulnerable to Spectre variant 1
(bounds-check bypass) have been mitigated.

CVE-2017-18255

It was discovered that the performance events subsystem did not
properly validate the value of the kernel.perf_cpu_time_max_percent
sysctl. Setting a large value could have an unspecified security
impact. However, only a privileged user can set this sysctl.

CVE-2018-1118

The syzbot software found that the vhost driver did not initialise
message buffers which would later be read by user processes. A user
with access to the /dev/vhost-net device could use this to read
sensitive information from the kernel or other users' processes.

CVE-2018-1120

Qualys reported that a user able to mount FUSE filesystems can create
a process such that when another process attempting to read its
command line will be blocked for an arbitrarily long time. This could
be used for denial of service, or to aid in exploiting a race
condition in the other program.

CVE-2018-1130

The syzbot software found that the DCCP implementation of sendmsg()
does not check the socket state, potentially leading to a NULL pointer
dereference. A local user could use this to cause a denial of service
(crash). 

CVE-2018-3639

Multiple researchers have discovered that Speculative Store Bypass
(SSB), a feature implemented in many processors, could be used to read
sensitive information from another context. In particular, code in a
software sandbox may be able to read sensitive information from
outside the sandbox. This issue is also known as Spectre variant 4.

This update allows the issue to be mitigated on some x86
processors by disabling SSB. This requires an update to the
processor's microcode, which is non-free. It may be included
in an update to the system BIOS or UEFI firmware, or in a
future update to the intel-microcode or amd64-microcode
packages.

Disabling SSB can reduce performance significantly, so by
default it is only done in tasks that use the seccomp
feature. Applications that require this mitigation should
request it explicitly through the prctl() system call. Users
can control where the mitigation is enabled with the
spec_store_bypass_disable kernel parameter.

CVE-2018-5814

Jakub Jirasek reported race conditions in the USB/IP host driver. A
malicious client could use this to cause a denial of service (crash or
memory corruption), and possibly to execute code, on a USB/IP server.

CVE-2018-10021

A physically present attacker who unplugs a SAS cable can cause a
denial of service (memory leak and WARN).

CVE-2018-10087, CVE-2018-10124

zhongjiang found that the wait4() and kill() system call
implementations did not check for the invalid pid value of INT_MIN. If
a user passed this value, the behaviour of the code was formally
undefined and might have had a security impact.

CVE-2018-10853

Andy Lutomirski and Mika Penttilä reported that KVM for x86
processors did not perform a necessary privilege check when emulating
certain instructions. This could be used by an unprivileged user in a
guest VM to escalate their privileges within the guest.

CVE-2018-10876, CVE-2018-10877, CVE-2018-10878, CVE-2018-10879,
CVE-2018-10880, CVE-2018-10881, CVE-2018-10882, CVE-2018-10883

Wen Xu at SSLab, Gatech, reported that crafted ext4 filesystem images
could trigger a crash or memory corruption. A local user able to mount
arbitrary filesystems, or an attacker providing filesystems to be
mounted, could use this for denial of service or possibly for
privilege escalation.

CVE-2018-10940

Dan Carpenter reported that the optical disc driver (cdrom) does not
correctly validate the parameter to the CDROM_MEDIA_CHANGED ioctl. A
user with access to a cdrom device could use this to cause a denial of
service (crash).

CVE-2018-11506

Piotr Gabriel Kosinski and Daniel Shapira reported that the SCSI
optical disc driver (sr) did not allocate a sufficiently large buffer
for sense data. A user with access to a SCSI optical disc device that
can produce more than 64 bytes of sense data could use this to cause a
denial of service (crash or memory corruption), and possibly for
privilege escalation.

CVE-2018-12233

Shankara Pailoor reported that a crafted JFS filesystem image could
trigger a denial of service (memory corruption). This could possibly
also be used for privilege escalation.

CVE-2018-1000204

The syzbot software found that the SCSI generic driver (sg) would in
some circumstances allow reading data from uninitialised buffers,
which could include sensitive information from the kernel or other
tasks. However, only privileged users with the CAP_SYS_ADMIN or
CAP_SYS_RAWIO capability were allowed to do this, so this has little
or no security impact.

For Debian 8 'Jessie', these problems have been fixed in version
4.9.110-1~deb8u1. This update additionally fixes Debian bugs #860900,
#872907, #892057, #896775, #897590, and #898137; and includes many
more bug fixes from stable updates 4.9.89-4.9.110 inclusive.

We recommend that you upgrade your linux-4.9 packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/linux-4.9"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:ND/RC:ND");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:X/RC:X");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-doc-4.9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-manual-4.9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-perf-4.9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-source-4.9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/07/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/20");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.9-arm", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-doc-4.9", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-686", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-686-pae", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-amd64", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-armel", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-armhf", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-i386", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-amd64", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-armmp", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-armmp-lpae", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-common", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-common-rt", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-marvell", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-rt-686-pae", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-rt-amd64", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686-pae", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686-pae-dbg", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-amd64", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-amd64-dbg", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-armmp", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-armmp-lpae", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-marvell", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-686-pae", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-amd64", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-kbuild-4.9", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-manual-4.9", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-perf-4.9", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-source-4.9", reference:"4.9.110-1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-support-4.9.0-0.bpo.7", reference:"4.9.110-1~deb8u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2019-4600.
#

include("compat.inc");

if (description)
{
  script_id(123961);
  script_version("1.5");
  script_cvs_date("Date: 2020/01/23");

  script_cve_id("CVE-2018-10877", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10882", "CVE-2019-3701");

  script_name(english:"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4600)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Description of changes:

kernel-uek
[3.8.13-118.32.1.el7uek]
- x86/fpu: Factor out memset(xstate, 0) in fpu_finit() paths (Oleg 
Nesterov) [Orabug: 29012034]
- x86/fpu: Always allow FPU in interrupt if use_eager_fpu() (Oleg 
Nesterov) [Orabug: 29012034]
- x86/fpu: Fix 32-bit signal frame handling (Dave Hansen) [Orabug: 29012034]
- x86/fpu: Don't do __thread_fpu_end() if use_eager_fpu() (Oleg 
Nesterov) [Orabug: 29012034]
- x86/fpu: Don't reset fpu_counter (Oleg Nesterov) [Orabug: 29012034]
- x86, fpu: Fix math_state_restore() race with kernel_fpu_begin() (Oleg 
Nesterov) [Orabug: 29012034]
- x86, fpu: Introduce per-cpu in_kernel_fpu state (Oleg Nesterov) 
[Orabug: 29012034]
- x86, fpu: Don't abuse has_fpu in __kernel_fpu_begin/end() (Oleg 
Nesterov) [Orabug: 29012034]
- x86: Allow FPU to be used at interrupt time even with eagerfpu (Pekka 
Riikonen) [Orabug: 29012034]
- can: gw: ensure DLC boundaries after CAN frame modification (Oliver 
Hartkopp) [Orabug: 29215300] {CVE-2019-3701} {CVE-2019-3701}
- ext4: verify the depth of extent tree in ext4_find_extent() (Theodore 
Ts'o) [Orabug: 29396713] {CVE-2018-10877} {CVE-2018-10877}
- ext4: always verify the magic number in xattr blocks (Theodore Ts'o) 
[Orabug: 29437128] {CVE-2018-10879} {CVE-2018-10879}
- ext4: add corruption check in ext4_xattr_set_entry() (Theodore Ts'o) 
[Orabug: 29437128] {CVE-2018-10879} {CVE-2018-10879}
- ext4: clear i_data in ext4_inode_info when removing inline data 
(Theodore Ts'o) [Orabug: 29540710] {CVE-2018-10881} {CVE-2018-10881}
- ext4: add more inode number paranoia checks (Theodore Ts'o) [Orabug: 
29545567] {CVE-2018-10882} {CVE-2018-10882}"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2019-April/008626.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2019-April/008627.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected unbreakable enterprise kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10877");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.32.1.el6uek");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.32.1.el7uek");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/04/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
include("ksplice.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2018-10877", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10882", "CVE-2019-3701");  
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2019-4600");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

kernel_major_minor = get_kb_item("Host/uname/major_minor");
if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
expected_kernel_major_minor = "3.8";
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);

flag = 0;
if (rpm_check(release:"EL6", cpu:"x86_64", reference:"dtrace-modules-3.8.13-118.32.1.el6uek-0.4.5-3.el6")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-3.8.13-118.32.1.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-3.8.13-118.32.1.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-devel-3.8.13-118.32.1.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-devel-3.8.13-118.32.1.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-doc-3.8.13-118.32.1.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-firmware-3.8.13-118.32.1.el6uek")) flag++;

if (rpm_check(release:"EL7", cpu:"x86_64", reference:"dtrace-modules-3.8.13-118.32.1.el7uek-0.4.5-3.el7")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-3.8.13-118.32.1.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-3.8.13-118.32.1.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-devel-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-devel-3.8.13-118.32.1.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-devel-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-devel-3.8.13-118.32.1.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-doc-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-doc-3.8.13-118.32.1.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-firmware-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-firmware-3.8.13-118.32.1.el7uek")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2019-4575.
#

include("compat.inc");

if (description)
{
  script_id(122803);
  script_version("1.8");
  script_cvs_date("Date: 2020/02/05");

  script_cve_id("CVE-2017-17807", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-16862", "CVE-2018-18559", "CVE-2018-9568");

  script_name(english:"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4575)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Description of changes:

[4.1.12-124.26.1.el7uek]
- NFS: commit direct writes even if they fail partially (J. Bruce 
Fields) [Orabug: 28212440] - rds: update correct congestion map for 
loopback transport (Mukesh Kacker) [Orabug: 29175685] - ext4: only look 
at the bg_flags field if it is valid (Theodore Ts'o) [Orabug: 29316684] 
{CVE-2018-10876} {CVE-2018-10876}
- uek-rpm: Add kernel-uek version to kernel-ueknano provides 
(Somasundaram Krishnasamy) [Orabug: 29357643] - net: Set sk_prot_creator 
when cloning sockets to the right proto (Christoph Paasch) [Orabug: 
29422739] {CVE-2018-9568}
- ext4: always check block group bounds in ext4_init_block_bitmap() 
(Theodore Ts'o) [Orabug: 29428607] {CVE-2018-10878}
- ext4: make sure bitmaps and the inode table don't overlap with bg 
descriptors (Theodore Ts'o) [Orabug: 29428607] {CVE-2018-10878}
- vfs: Add sb_rdonly(sb) to query the MS_RDONLY flag on s_flags (David 
Howells) [Orabug: 29428607] {CVE-2018-10878}
- iscsi: Capture iscsi debug messages using tracepoints (Fred Herard) 
[Orabug: 29429855]

[4.1.12-124.25.4.el7uek]
- KEYS: add missing permission check for request_key() destination (Eric 
Biggers) [Orabug: 29304551] {CVE-2017-17807}
- KEYS: Don't permit request_key() to construct a new keyring (David 
Howells) [Orabug: 29304551] {CVE-2017-17807}
- mlx4_ib: Distribute completion vectors when zero is supplied (H&aring kon 
Bugge) [Orabug: 29318191] - bnxt_en: Fix TX timeout during netpoll. 
(Michael Chan) [Orabug: 29357977] - bnxt_en: Fix for system hang if 
request_irq fails (Vikas Gupta) [Orabug: 29357977] - bnxt_en: Fix 
firmware message delay loop regression. (Michael Chan) [Orabug: 
29357977] - bnxt_en: reduce timeout on initial HWRM calls (Andy 
Gospodarek) [Orabug: 29357977] - bnxt_en: Fix NULL pointer dereference 
at bnxt_free_irq(). (Michael Chan) [Orabug: 29357977] - bnxt_en: Check 
valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). (Michael Chan) [Orabug: 
29357977] - bnxt_en: Do not modify max IRQ count after RDMA driver 
requests/frees IRQs. (Michael Chan) [Orabug: 29357977] - mm: cleancache: 
fix corruption on missed inode invalidation (Pavel Tikhomirov) [Orabug: 
29364670] {CVE-2018-16862}
- l2tp: fix reading optional fields of L2TPv3 (Jacob Wen) [Orabug: 
29368048] - net/packet: fix a race in packet_bind() and 
packet_notifier() (Eric Dumazet) [Orabug: 29385593] {CVE-2018-18559}
- ext4: verify the depth of extent tree in ext4_find_extent() (Theodore 
Ts'o) [Orabug: 29396712] {CVE-2018-10877} {CVE-2018-10877}

[4.1.12-124.25.3.el7uek]
- blk-mq: Do not invoke .queue_rq() for a stopped queue (Bart Van 
Assche) [Orabug: 28766011] - uek-rpm: use multi-threaded xz compression 
for rpms (Alexander Burmashev) [Orabug: 29323635] - uek-rpm: optimize 
find-requires usage (Alexander Burmashev) [Orabug: 29323635] - 
find-debuginfo.sh: backport parallel files procession (Alexander 
Burmashev) [Orabug: 29323635] - KVM: SVM: Add MSR-based feature support 
for serializing LFENCE (Tom Lendacky) [Orabug: 29335274]

[4.1.12-124.25.2.el7uek]
- Enable RANDOMIZE_BASE (John Haxby) [Orabug: 29305587] - slub: make 
->cpu_partial unsigned (Alexey Dobriyan) [Orabug: 28620592] - dtrace: 
support kernels built with RANDOMIZE_BASE (Kris Van Hees) [Orabug: 29204005]"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2019-March/008522.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2019-March/008523.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected unbreakable enterprise kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-9568");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
include("ksplice.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2017-17807", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-16862", "CVE-2018-18559", "CVE-2018-9568");  
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2019-4575");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

kernel_major_minor = get_kb_item("Host/uname/major_minor");
if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
expected_kernel_major_minor = "4.1";
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);

flag = 0;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-4.1.12-124.26.1.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-4.1.12-124.26.1.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-devel-4.1.12-124.26.1.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-devel-4.1.12-124.26.1.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-doc-4.1.12-124.26.1.el6uek")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-firmware-4.1.12-124.26.1.el6uek")) flag++;

if (rpm_exists(release:"EL7", rpm:"kernel-uek-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-4.1.12-124.26.1.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-4.1.12-124.26.1.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-devel-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-devel-4.1.12-124.26.1.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-devel-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-devel-4.1.12-124.26.1.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-doc-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-doc-4.1.12-124.26.1.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-firmware-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-firmware-4.1.12-124.26.1.el7uek")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-618.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(123269);
  script_version("1.3");
  script_cvs_date("Date: 2020/01/30");

  script_cve_id("CVE-2018-10853", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-3620", "CVE-2018-3646", "CVE-2018-5391");

  script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2019-618) (Foreshadow)");
  script_summary(english:"Check for the openSUSE-2019-618 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The openSUSE Leap 15.0 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed :

  - CVE-2018-10853: A flaw was found in KVM in which certain
    instructions such as sgdt/sidt call segmented_write_std
    doesn't propagate access correctly. As such, during
    userspace induced exception, the guest can incorrectly
    assume that the exception happened in the kernel and
    panic (bnc#1097104).

  - CVE-2018-10876: A flaw was found in the ext4 filesystem
    code. A use-after-free is possible in
    ext4_ext_remove_space() function when mounting and
    operating a crafted ext4 image. (bnc#1099811)

  - CVE-2018-10877: Linux kernel ext4 filesystem is
    vulnerable to an out-of-bound access in the
    ext4_ext_drop_refs() function when operating on a
    crafted ext4 filesystem image. (bnc#1099846)

  - CVE-2018-10878: A flaw was found in the ext4 filesystem.
    A local user can cause an out-of-bounds write and a
    denial of service or unspecified other impact is
    possible by mounting and operating a crafted ext4
    filesystem image. (bnc#1099813)

  - CVE-2018-10879: A flaw was found in the ext4 filesystem.
    A local user can cause a use-after-free in
    ext4_xattr_set_entry function and a denial of service or
    unspecified other impact may occur by renaming a file in
    a crafted ext4 filesystem image. (bnc#1099844)

  - CVE-2018-10880: Linux kernel is vulnerable to a
    stack-out-of-bounds write in the ext4 filesystem code
    when mounting and writing to a crafted ext4 image in
    ext4_update_inline_data(). An attacker could use this to
    cause a system crash and a denial of service.
    (bnc#1099845)

  - CVE-2018-10881: A flaw was found in the ext4 filesystem.
    A local user can cause an out-of-bound access in
    ext4_get_group_info function, a denial of service, and a
    system crash by mounting and operating on a crafted ext4
    filesystem image. (bnc#1099864)

  - CVE-2018-10882: A flaw was found in the ext4 filesystem.
    A local user can cause an out-of-bound write in in
    fs/jbd2/transaction.c code, a denial of service, and a
    system crash by unmounting a crafted ext4 filesystem
    image. (bnc#1099849)

  - CVE-2018-10883: A flaw was found in the ext4 filesystem.
    A local user can cause an out-of-bounds write in
    jbd2_journal_dirty_metadata(), a denial of service, and
    a system crash by mounting and operating on a crafted
    ext4 filesystem image. (bnc#1099863)

  - CVE-2018-3620: Systems with microprocessors utilizing
    speculative execution and address translations may allow
    unauthorized disclosure of information residing in the
    L1 data cache to an attacker with local user access via
    a terminal page fault and a side-channel analysis
    (bnc#1087081).

  - CVE-2018-3646: Systems with microprocessors utilizing
    speculative execution and address translations may allow
    unauthorized disclosure of information residing in the
    L1 data cache to an attacker with local user access with
    guest OS privilege via a terminal page fault and a
    side-channel analysis (bnc#1089343 bnc#1104365).

  - CVE-2018-5391 aka 'FragmentSmack': A flaw in the IP
    packet reassembly could be used by remote attackers to
    consume lots of CPU time (bnc#1103097).

The following non-security bugs were fixed :

  - afs: Fix directory permissions check (bsc#1101828).

  - bdi: Move cgroup bdi_writeback to a dedicated low
    concurrency workqueue (bsc#1101867).

  - be2net: gather debug info and reset adapter (only for
    Lancer) on a tx-timeout (bsc#1086288).

  - be2net: Update the driver version to 12.0.0.0
    (bsc#1086288 ).

  - befs_lookup(): use d_splice_alias() (bsc#1101844).

  - block: Fix transfer when chunk sectors exceeds max
    (bsc#1101874).

  - bpf, ppc64: fix unexpected r0=0 exit path inside
    bpf_xadd (bsc#1083647).

  - branch-check: fix long->int truncation when profiling
    branches (bsc#1101116,).

  - cdrom: do not call check_disk_change() inside
    cdrom_open() (bsc#1101872).

  - compiler.h: enable builtin overflow checkers and add
    fallback code (bsc#1101116,).

  - cpu/hotplug: Make bringup/teardown of smp threads
    symmetric (bsc#1089343).

  - cpu/hotplug: Provide knobs to control SMT (bsc#1089343).

  - cpu/hotplug: Split do_cpu_down() (bsc#1089343).

  - delayacct: fix crash in delayacct_blkio_end() after
    delayacct init failure (bsc#1104066).

  - dm: add writecache target (bsc#1101116,).

  - dm writecache: support optional offset for start of
    device (bsc#1101116,).

  - dm writecache: use 2-factor allocator arguments
    (bsc#1101116,).

  - EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[]
    (bsc#1103886).

  - EDAC: Drop duplicated array of strings for memory type
    names (bsc#1103886).

  - ext2: fix a block leak (bsc#1101875).

  - ext4: add more mount time checks of the superblock
    (bsc#1101900).

  - ext4: bubble errors from ext4_find_inline_data_nolock()
    up to ext4_iget() (bsc#1101896).

  - ext4: check for allocation block validity with block
    group locked (bsc#1104495).

  - ext4: check superblock mapped prior to committing
    (bsc#1101902).

  - ext4: do not update s_last_mounted of a frozen fs
    (bsc#1101841).

  - ext4: factor out helper ext4_sample_last_mounted()
    (bsc#1101841).

  - ext4: fix check to prevent initializing reserved inodes
    (bsc#1104319).

  - ext4: fix false negatives *and* false positives in
    ext4_check_descriptors() (bsc#1103445).

  - ext4: fix fencepost error in check for inode count
    overflow during resize (bsc#1101853).

  - ext4: fix inline data updates with checksums enabled
    (bsc#1104494).

  - ext4: include the illegal physical block in the bad map
    ext4_error msg (bsc#1101903).

  - ext4: report delalloc reserve as non-free in statfs for
    project quota (bsc#1101843).

  - ext4: update mtime in ext4_punch_hole even if no blocks
    are released (bsc#1101895).

  - f2fs: call unlock_new_inode() before d_instantiate()
    (bsc#1101837).

  - fix io_destroy()/aio_complete() race (bsc#1101852).

  - Force log to disk before reading the AGF during a fstrim
    (bsc#1101893).

  - fscache: Fix hanging wait on page discarded by writeback
    (bsc#1101885).

  - fs: clear writeback errors in inode_init_always
    (bsc#1101882).

  - fs: do not scan the inode cache before SB_BORN is set
    (bsc#1101883).

  - hns3: fix unused function warning (bsc#1104353).

  - hns3pf: do not check handle during mqprio offload
    (bsc#1104353 ).

  - hns3pf: fix hns3_del_tunnel_port() (bsc#1104353).

  - hns3pf: Fix some harmless copy and paste bugs
    (bsc#1104353 ).

  - hv_netvsc: Fix napi reschedule while receive completion
    is busy ().

  - hv/netvsc: Fix NULL dereference at single queue mode
    fallback (bsc#1104708).

  - hwmon: (asus_atk0110) Replace deprecated device register
    call (bsc#1103363).

  - IB/hns: Annotate iomem pointers correctly (bsc#1104427
    ).

  - IB/hns: Avoid compile test under non 64bit environments
    (bsc#1104427).

  - IB/hns: Declare local functions 'static' (bsc#1104427 ).

  - IB/hns: fix boolreturn.cocci warnings (bsc#1104427).

  - IB/hns: Fix for checkpatch.pl comment style warnings
    (bsc#1104427).

  - IB/hns: fix memory leak on ah on error return path
    (bsc#1104427 ).

  - IB/hns: fix returnvar.cocci warnings (bsc#1104427).

  - IB/hns: fix semicolon.cocci warnings (bsc#1104427).

  - IB/hns: Fix the bug of polling cq failed for loopback
    Qps (bsc#1104427). Refresh
    patches.suse/0001-IB-hns-checking-for-IS_ERR-instead-of-
    NULL.patch.

  - IB/hns: Fix the bug with modifying the MAC address
    without removing the driver (bsc#1104427).

  - IB/hns: Fix the bug with rdma operation (bsc#1104427 ).

  - IB/hns: Fix the bug with wild pointer when destroy rc qp
    (bsc#1104427).

  - IB/hns: include linux/interrupt.h (bsc#1104427).

  - IB/hns: Support compile test for hns RoCE driver
    (bsc#1104427 ).

  - IB/hns: Use zeroing memory allocator instead of
    allocator/memset (bsc#1104427).

  - isofs: fix potential memory leak in mount option parsing
    (bsc#1101887).

  - jump_label: Fix concurrent static_key_enable/disable()
    (bsc#1089343).

  - jump_label: Provide hotplug context variants
    (bsc#1089343).

  - jump_label: Reorder hotplug lock and jump_label_lock
    (bsc#1089343).

  - kabi/severities: Allow kABI changes for kvm/x86 (except
    for kvm_x86_ops)

  - kabi/severities: ignore qla2xxx as all symbols are
    internal

  - kabi/severities: ignore x86_kvm_ops; lttng-modules would
    have to be adjusted in case they depend on this
    particular change

  - kabi/severities: Relax kvm_vcpu_* kABI breakage

  - media: rc: oops in ir_timer_keyup after device unplug
    (bsc#1090888).

  - mm: fix __gup_device_huge vs unmap (bsc#1101839).

  - net: hns3: Add a check for client instance init state
    (bsc#1104353).

  - net: hns3: add a mask initialization for mac_vlan table
    (bsc#1104353).

  - net: hns3: Add *Asserting Reset* mailbox message &
    handling in VF (bsc#1104353).

  - net: hns3: add Asym Pause support to phy default
    features (bsc#1104353).

  - net: hns3: Add dcb netlink interface for the support of
    DCB feature (bsc#1104353).

  - net: hns3: Add DCB support when interacting with network
    stack (bsc#1104353).

  - net: hns3: Add ethtool interface for vlan filter
    (bsc#1104353 ).

  - net: hns3: add ethtool_ops.get_channels support for VF
    (bsc#1104353).

  - net: hns3: add ethtool_ops.get_coalesce support to PF
    (bsc#1104353).

  - net: hns3: add ethtool_ops.set_coalesce support to PF
    (bsc#1104353).

  - net: hns3: add ethtool -p support for fiber port
    (bsc#1104353 ).

  - net: hns3: add ethtool related offload command
    (bsc#1104353 ).

  - net: hns3: Add Ethtool support to HNS3 driver
    (bsc#1104353 ).

  - net: hns3: add existence checking before adding unicast
    mac address (bsc#1104353).

  - net: hns3: add existence check when remove old uc mac
    address (bsc#1104353).

  - net: hns3: add feature check when feature changed
    (bsc#1104353 ).

  - net: hns3: add get_link support to VF (bsc#1104353).

  - net: hns3: add get/set_coalesce support to VF
    (bsc#1104353 ).

  - net: hns3: add handling vlan tag offload in bd
    (bsc#1104353 ).

  - net: hns3: Add hclge_dcb module for the support of DCB
    feature (bsc#1104353).

  - net: hns3: Add HNS3 Acceleration Engine & Compatibility
    Layer Support (bsc#1104353).

  - net: hns3: Add HNS3 driver to kernel build framework &
    MAINTAINERS (bsc#1104353).

  - net: hns3: Add hns3_get_handle macro in hns3 driver
    (bsc#1104353 ).

  - net: hns3: Add HNS3 IMP(Integrated Mgmt Proc) Cmd
    Interface Support (bsc#1104353).

  - net: hns3: Add HNS3 VF driver to kernel build framework
    (bsc#1104353).

  - net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer)
    Support (bsc#1104353).

  - net: hns3: Add HNS3 VF IMP(Integrated Management Proc)
    cmd interface (bsc#1104353).

  - net: hns3: add int_gl_idx setup for TX and RX queues
    (bsc#1104353).

  - net: hns3: add int_gl_idx setup for VF (bsc#1104353 ).

  - net: hns3: Add mac loopback selftest support in hns3
    driver (bsc#1104353).

  - net: hns3: Add mailbox interrupt handling to PF driver
    (bsc#1104353).

  - net: hns3: Add mailbox support to PF driver (bsc#1104353
    ).

  - net: hns3: Add mailbox support to VF driver (bsc#1104353
    ).

  - net: hns3: add manager table initialization for hardware
    (bsc#1104353).

  - net: hns3: Add MDIO support to HNS3 Ethernet driver for
    hip08 SoC (bsc#1104353).

  - net: hns3: Add missing break in misc_irq_handle
    (bsc#1104353 ).

  - net: hns3: Add more packet size statisctics (bsc#1104353
    ).

  - net: hns3: add MTU initialization for hardware
    (bsc#1104353 ).

  - net: hns3: add net status led support for fiber port
    (bsc#1104353).

  - net: hns3: add nic_client check when initialize roce
    base information (bsc#1104353).

  - net: hns3: add querying speed and duplex support to VF
    (bsc#1104353).

  - net: hns3: Add repeat address checking for setting mac
    address (bsc#1104353).

  - net: hns3: Add reset interface implementation in client
    (bsc#1104353).

  - net: hns3: Add reset process in hclge_main (bsc#1104353
    ).

  - net: hns3: Add reset service task for handling reset
    requests (bsc#1104353).

  - net: hns3: add result checking for VF when modify
    unicast mac address (bsc#1104353).

  - net: hns3: Add some interface for the support of DCB
    feature (bsc#1104353).

  - net: hns3: Adds support for led locate command for
    copper port (bsc#1104353).

  - net: hns3: Add STRP_TAGP field support for hardware
    revision 0x21 (bsc#1104353).

  - net: hns3: Add support for dynamically buffer
    reallocation (bsc#1104353).

  - net: hns3: add support for ETHTOOL_GRXFH (bsc#1104353 ).

  - net: hns3: add support for get_regs (bsc#1104353).

  - net: hns3: Add support for IFF_ALLMULTI flag
    (bsc#1104353 ).

  - net: hns3: Add support for misc interrupt (bsc#1104353
    ).

  - net: hns3: add support for nway_reset (bsc#1104353).

  - net: hns3: Add support for PFC setting in TM module
    (bsc#1104353 ).

  - net: hns3: Add support for port shaper setting in TM
    module (bsc#1104353).

  - net: hns3: add support for querying advertised pause
    frame by ethtool ethx (bsc#1104353).

  - net: hns3: add support for querying pfc puase packets
    statistic (bsc#1104353).

  - net: hns3: add support for set_link_ksettings
    (bsc#1104353 ).

  - net: hns3: add support for set_pauseparam (bsc#1104353
    ).

  - net: hns3: add support for set_ringparam (bsc#1104353 ).

  - net: hns3: add support for set_rxnfc (bsc#1104353).

  - net: hns3: Add support for tx_accept_tag2 and
    tx_accept_untag2 config (bsc#1104353).

  - net: hns3: add support for VF driver inner interface
    hclgevf_ops.get_tqps_and_rss_info (bsc#1104353).

  - net: hns3: Add support of hardware rx-vlan-offload to
    HNS3 VF driver (bsc#1104353).

  - net: hns3: Add support of HNS3 Ethernet Driver for hip08
    SoC (bsc#1104353).

  - net: hns3: Add support of .sriov_configure in HNS3
    driver (bsc#1104353).

  - net: hns3: Add support of the HNAE3 framework
    (bsc#1104353 ).

  - net: hns3: Add support of TX Scheduler & Shaper to HNS3
    driver (bsc#1104353).

  - net: hns3: Add support to change MTU in HNS3 hardware
    (bsc#1104353).

  - net: hns3: Add support to enable TX/RX promisc mode for
    H/W rev(0x21) (bsc#1104353).

  - net: hns3: add support to modify tqps number
    (bsc#1104353 ).

  - net: hns3: add support to query tqps number (bsc#1104353
    ).

  - net: hns3: Add support to re-initialize the hclge device
    (bsc#1104353).

  - net: hns3: Add support to request VF Reset to PF
    (bsc#1104353 ).

  - net: hns3: Add support to reset the enet/ring mgmt layer
    (bsc#1104353).

  - net: hns3: add support to update flow control settings
    after autoneg (bsc#1104353).

  - net: hns3: Add tc-based TM support for sriov enabled
    port (bsc#1104353).

  - net: hns3: Add timeout process in hns3_enet (bsc#1104353
    ).

  - net: hns3: Add VF Reset device state and its handling
    (bsc#1104353).

  - net: hns3: Add VF Reset Service Task to support event
    handling (bsc#1104353).

  - net: hns3: add vlan offload config command (bsc#1104353
    ).

  - net: hns3: change GL update rate (bsc#1104353).

  - net: hns3: Change PF to add ring-vect binding & resetQ
    to mailbox (bsc#1104353).

  - net: hns3: Change return type of hnae3_register_ae_algo
    (bsc#1104353).

  - net: hns3: Change return type of hnae3_register_ae_dev
    (bsc#1104353).

  - net: hns3: Change return value in hnae3_register_client
    (bsc#1104353).

  - net: hns3: Changes required in PF mailbox to support VF
    reset (bsc#1104353).

  - net: hns3: Changes to make enet watchdog timeout func
    common for PF/VF (bsc#1104353).

  - net: hns3: Changes to support ARQ(Asynchronous Receive
    Queue) (bsc#1104353).

  - net: hns3: change the returned tqp number by ethtool -x
    (bsc#1104353).

  - net: hns3: change the time interval of int_gl
    calculating (bsc#1104353).

  - net: hns3: change the unit of GL value macro
    (bsc#1104353 ).

  - net: hns3: change TM sched mode to TC-based mode when
    SRIOV enabled (bsc#1104353).

  - net: hns3: check for NULL function pointer in
    hns3_nic_set_features (bsc#1104353).

  - net: hns3: Cleanup for endian issue in hns3 driver
    (bsc#1104353 ).

  - net: hns3: Cleanup for non-static function in hns3
    driver (bsc#1104353).

  - net: hns3: Cleanup for ROCE capability flag in ae_dev
    (bsc#1104353).

  - net: hns3: Cleanup for shifting true in hns3 driver
    (bsc#1104353 ).

  - net: hns3: Cleanup for struct that used to send cmd to
    firmware (bsc#1104353).

  - net: hns3: Cleanup indentation for Kconfig in the the
    hisilicon folder (bsc#1104353).

  - net: hns3: cleanup mac auto-negotiation state query
    (bsc#1104353 ).

  - net: hns3: cleanup mac auto-negotiation state query in
    hclge_update_speed_duplex (bsc#1104353).

  - net: hns3: cleanup of return values in
    hclge_init_client_instance() (bsc#1104353).

  - net: hns3: Clear TX/RX rings when stopping port &
    un-initializing client (bsc#1104353).

  - net: hns3: Consistently using GENMASK in hns3 driver
    (bsc#1104353).

  - net: hns3: converting spaces into tabs to avoid
    checkpatch.pl warning (bsc#1104353).

  - net: hns3: Disable VFs change rxvlan offload status
    (bsc#1104353 ).

  - net: hns3: Disable vf vlan filter when vf vlan table is
    full (bsc#1104353).

  - net: hns3: ensure media_type is uninitialized
    (bsc#1104353 ).

  - net: hns3: export pci table of hclge and hclgevf to
    userspace (bsc#1104353).

  - net: hns3: fix a bug about hns3_clean_tx_ring
    (bsc#1104353 ).

  - net: hns3: fix a bug for phy supported feature
    initialization (bsc#1104353).

  - net: hns3: fix a bug in hclge_uninit_client_instance
    (bsc#1104353).

  - net: hns3: fix a bug in hns3_driv_to_eth_caps
    (bsc#1104353 ).

  - net: hns3: fix a bug when alloc new buffer (bsc#1104353
    ).

  - net: hns3: fix a bug when getting phy address from
    NCL_config file (bsc#1104353).

  - net: hns3: fix a dead loop in hclge_cmd_csq_clean
    (bsc#1104353 ).

  - net: hns3: fix a handful of spelling mistakes
    (bsc#1104353 ).

  - net: hns3: Fix a loop index error of tqp statistics
    query (bsc#1104353).

  - net: hns3: Fix a misuse to devm_free_irq (bsc#1104353 ).

  - net: hns3: Fix an error handling path in
    'hclge_rss_init_hw()' (bsc#1104353).

  - net: hns3: Fix an error macro definition of
    HNS3_TQP_STAT (bsc#1104353).

  - net: hns3: Fix an error of total drop packet statistics
    (bsc#1104353).

  - net: hns3: Fix a response data read error of tqp
    statistics query (bsc#1104353).

  - net: hns3: fix endian issue when PF get mbx message flag
    (bsc#1104353).

  - net: hns3: fix error type definition of return value
    (bsc#1104353).

  - net: hns3: Fixes API to fetch ethernet header length
    with kernel default (bsc#1104353).

  - net: hns3: Fixes error reported by Kbuild and internal
    review (bsc#1104353).

  - net: hns3: Fixes initalization of RoCE handle and makes
    it conditional (bsc#1104353).

  - net: hns3: Fixes initialization of phy address from
    firmware (bsc#1104353).

  - net: hns3: Fixes kernel panic issue during rmmod hns3
    driver (bsc#1104353).

  - net: hns3: Fixes ring-to-vector map-and-unmap command
    (bsc#1104353).

  - net: hns3: Fixes the back pressure setting when sriov is
    enabled (bsc#1104353).

  - net: hns3: Fixes the command used to unmap ring from
    vector (bsc#1104353).

  - net: hns3: Fixes the default VLAN-id of PF (bsc#1104353
    ).

  - net: hns3: Fixes the error legs in hclge_init_ae_dev
    function (bsc#1104353).

  - net: hns3: Fixes the ether address copy with appropriate
    API (bsc#1104353).

  - net: hns3: Fixes the initialization of MAC address in
    hardware (bsc#1104353).

  - net: hns3: Fixes the init of the VALID BD info in the
    descriptor (bsc#1104353).

  - net: hns3: Fixes the missing PCI iounmap for various
    legs (bsc#1104353).

  - net: hns3: Fixes the missing u64_stats_fetch_begin_irq
    in 64-bit stats fetch (bsc#1104353).

  - net: hns3: Fixes the out of bounds access in
    hclge_map_tqp (bsc#1104353).

  - net: hns3: Fixes the premature exit of loop when
    matching clients (bsc#1104353).

  - net: hns3: fixes the ring index in hns3_fini_ring
    (bsc#1104353 ).

  - net: hns3: Fixes the state to indicate client-type
    initialization (bsc#1104353).

  - net: hns3: Fixes the static checker error warning in
    hns3_get_link_ksettings() (bsc#1104353).

  - net: hns3: Fixes the static check warning due to missing
    unsupp L3 proto check (bsc#1104353).

  - net: hns3: Fixes the wrong IS_ERR check on the returned
    phydev value (bsc#1104353).

  - net: hns3: fix for buffer overflow smatch warning
    (bsc#1104353 ).

  - net: hns3: fix for changing MTU (bsc#1104353).

  - net: hns3: fix for cleaning ring problem (bsc#1104353 ).

  - net: hns3: Fix for CMDQ and Misc. interrupt init order
    problem (bsc#1104353).

  - net: hns3: fix for coal configuation lost when setting
    the channel (bsc#1104353).

  - net: hns3: fix for coalesce configuration lost during
    reset (bsc#1104353).

  - net: hns3: Fix for deadlock problem occurring when
    unregistering ae_algo (bsc#1104353).

  - net: hns3: Fix for DEFAULT_DV when dev does not support
    DCB (bsc#1104353).

  - net: hns3: Fix for fiber link up problem (bsc#1104353 ).

  - net: hns3: fix for getting advertised_caps in
    hns3_get_link_ksettings (bsc#1104353).

  - net: hns3: fix for getting autoneg in
    hns3_get_link_ksettings (bsc#1104353).

  - net: hns3: fix for getting auto-negotiation state in
    hclge_get_autoneg (bsc#1104353).

  - net: hns3: fix for getting wrong link mode problem
    (bsc#1104353 ).

  - net: hns3: Fix for hclge_reset running repeatly problem
    (bsc#1104353).

  - net: hns3: Fix for hns3 module is loaded multiple times
    problem (bsc#1104353).

  - net: hns3: fix for ipv6 address loss problem after
    setting channels (bsc#1104353).

  - net: hns3: fix for loopback failure when vlan filter is
    enable (bsc#1104353).

  - net: hns3: fix for netdev not running problem after
    calling net_stop and net_open (bsc#1104353).

  - net: hns3: Fix for netdev not running problem after
    calling net_stop and net_open (bsc#1104353).

  - net: hns3: fix for not initializing VF rss_hash_key
    problem (bsc#1104353).

  - net: hns3: fix for not returning problem in
    get_link_ksettings when phy exists (bsc#1104353).

  - net: hns3: fix for not setting pause parameters
    (bsc#1104353 ).

  - net: hns3: Fix for not setting rx private buffer size to
    zero (bsc#1104353).

  - net: hns3: Fix for packet loss due wrong filter config
    in VLAN tbls (bsc#1104353).

  - net: hns3: fix for pause configuration lost during reset
    (bsc#1104353).

  - net: hns3: Fix for PF mailbox receving unknown message
    (bsc#1104353).

  - net: hns3: fix for phy_addr error in
    hclge_mac_mdio_config (bsc#1104353).

  - net: hns3: Fix for phy not link up problem after
    resetting (bsc#1104353).

  - net: hns3: Fix for pri to tc mapping in TM (bsc#1104353
    ).

  - net: hns3: fix for returning wrong value problem in
    hns3_get_rss_indir_size (bsc#1104353).

  - net: hns3: fix for returning wrong value problem in
    hns3_get_rss_key_size (bsc#1104353).

  - net: hns3: fix for RSS configuration loss problem during
    reset (bsc#1104353).

  - net: hns3: Fix for rx priv buf allocation when DCB is
    not supported (bsc#1104353).

  - net: hns3: Fix for rx_priv_buf_alloc not setting rx
    shared buffer (bsc#1104353).

  - net: hns3: Fix for service_task not running problem
    after resetting (bsc#1104353).

  - net: hns3: Fix for setting mac address when resetting
    (bsc#1104353).

  - net: hns3: fix for setting MTU (bsc#1104353).

  - net: hns3: Fix for setting rss_size incorrectly
    (bsc#1104353 ).

  - net: hns3: Fix for the NULL pointer problem occurring
    when initializing ae_dev failed (bsc#1104353).

  - net: hns3: fix for the wrong shift problem in
    hns3_set_txbd_baseinfo (bsc#1104353).

  - net: hns3: fix for updating fc_mode_last_time
    (bsc#1104353 ).

  - net: hns3: fix for use-after-free when setting ring
    parameter (bsc#1104353).

  - net: hns3: Fix for VF mailbox cannot receiving PF
    response (bsc#1104353).

  - net: hns3: Fix for VF mailbox receiving unknown message
    (bsc#1104353).

  - net: hns3: fix for vlan table lost problem when
    resetting (bsc#1104353).

  - net: hns3: Fix for vxlan tx checksum bug (bsc#1104353 ).

  - net: hns3: Fix initialization when cmd is not supported
    (bsc#1104353).

  - net: hns3: fix length overflow when
    CONFIG_ARM64_64K_PAGES (bsc#1104353).

  - net: hns3: fix NULL pointer dereference before null
    check (bsc#1104353).

  - net: hns3: fix return value error of
    hclge_get_mac_vlan_cmd_status() (bsc#1104353).

  - net: hns3: fix rx path skb->truesize reporting bug
    (bsc#1104353 ).

  - net: hns3: Fix setting mac address error (bsc#1104353 ).

  - net: hns3: Fix spelling errors (bsc#1104353).

  - net: hns3: fix spelling mistake: 'capabilty' ->
    'capability' (bsc#1104353).

  - net: hns3: fix the bug of hns3_set_txbd_baseinfo
    (bsc#1104353 ).

  - net: hns3: fix the bug when map buffer fail (bsc#1104353
    ).

  - net: hns3: fix the bug when reuse command description in
    hclge_add_mac_vlan_tbl (bsc#1104353).

  - net: hns3: Fix the missing client list node
    initialization (bsc#1104353).

  - net: hns3: fix the ops check in hns3_get_rxnfc
    (bsc#1104353 ).

  - net: hns3: fix the queue id for tqp enable&&reset
    (bsc#1104353 ).

  - net: hns3: fix the ring count for ETHTOOL_GRXRINGS
    (bsc#1104353 ).

  - net: hns3: fix the TX/RX ring.queue_index in
    hns3_ring_get_cfg (bsc#1104353).

  - net: hns3: fix the VF queue reset flow error
    (bsc#1104353 ).

  - net: hns3: fix to correctly fetch l4 protocol outer
    header (bsc#1104353).

  - net: hns3: Fix to support autoneg only for port attached
    with phy (bsc#1104353).

  - net: hns3: Fix typo error for feild in hclge_tm
    (bsc#1104353 ).

  - net: hns3: free the ring_data structrue when change tqps
    (bsc#1104353).

  - net: hns3: get rss_size_max from configuration but not
    hardcode (bsc#1104353).

  - net: hns3: get vf count by pci_sriov_get_totalvfs
    (bsc#1104353 ).

  - net: hns3: hclge_inform_reset_assert_to_vf() can be
    static (bsc#1104353).

  - net: hns3: hns3:fix a bug about statistic counter in
    reset process (bsc#1104353).

  - net: hns3: hns3_get_channels() can be static
    (bsc#1104353 ).

  - net: hns3: Increase the default depth of bucket for TM
    shaper (bsc#1104353).

  - net: hns3: increase the max time for IMP handle command
    (bsc#1104353).

  - net: hns3: make local functions static (bsc#1104353 ).

  - net: hns3: Mask the packet statistics query when NIC is
    down (bsc#1104353).

  - net: hns3: Modify the update period of packet statistics
    (bsc#1104353).

  - net: hns3: never send command queue message to IMP when
    reset (bsc#1104353).

  - net: hns3: Optimize PF CMDQ interrupt switching process
    (bsc#1104353).

  - net: hns3: Optimize the PF's process of updating
    multicast MAC (bsc#1104353).

  - net: hns3: Optimize the VF's process of updating
    multicast MAC (bsc#1104353).

  - net: hns3: reallocate tx/rx buffer after changing mtu
    (bsc#1104353).

  - net: hns3: refactor GL update function (bsc#1104353 ).

  - net: hns3: refactor interrupt coalescing init function
    (bsc#1104353).

  - net: hns3: Refactor mac_init function (bsc#1104353).

  - net: hns3: Refactor of the reset interrupt handling
    logic (bsc#1104353).

  - net: hns3: Refactors the requested reset & pending reset
    handling code (bsc#1104353).

  - net: hns3: refactor the coalesce related struct
    (bsc#1104353 ).

  - net: hns3: refactor the get/put_vector function
    (bsc#1104353 ).

  - net: hns3: refactor the hclge_get/set_rss function
    (bsc#1104353 ).

  - net: hns3: refactor the hclge_get/set_rss_tuple function
    (bsc#1104353).

  - net: hns3: Refactor the initialization of command queue
    (bsc#1104353).

  - net: hns3: refactor the loopback related function
    (bsc#1104353 ).

  - net: hns3: Refactor the mapping of tqp to vport
    (bsc#1104353 ).

  - net: hns3: Refactor the skb receiving and transmitting
    function (bsc#1104353).

  - net: hns3: remove a couple of redundant assignments
    (bsc#1104353 ).

  - net: hns3: remove add/del_tunnel_udp in hns3_enet module
    (bsc#1104353).

  - net: hns3: Remove a useless member of struct hns3_stats
    (bsc#1104353).

  - net: hns3: Remove error log when getting pfc stats fails
    (bsc#1104353).

  - net: hns3: Remove packet statistics in the range of
    8192~12287 (bsc#1104353).

  - net: hns3: remove redundant memset when alloc buffer
    (bsc#1104353).

  - net: hns3: remove redundant semicolon (bsc#1104353).

  - net: hns3: Remove repeat statistic of rx_errors
    (bsc#1104353 ).

  - net: hns3: Removes unnecessary check when clearing TX/RX
    rings (bsc#1104353).

  - net: hns3: remove TSO config command from VF driver
    (bsc#1104353 ).

  - net: hns3: remove unnecessary pci_set_drvdata() and
    devm_kfree() (bsc#1104353).

  - net: hns3: remove unused GL setup function (bsc#1104353
    ).

  - net: hns3: remove unused hclgevf_cfg_func_mta_filter
    (bsc#1104353).

  - net: hns3: Remove unused led control code (bsc#1104353
    ).

  - net: hns3: report the function type the same line with
    hns3_nic_get_stats64 (bsc#1104353).

  - net: hns3: set the cmdq out_vld bit to 0 after used
    (bsc#1104353 ).

  - net: hns3: set the max ring num when alloc netdev
    (bsc#1104353 ).

  - net: hns3: Setting for fc_mode and dcb enable flag in TM
    module (bsc#1104353).

  - net: hns3: Support for dynamically assigning tx buffer
    to TC (bsc#1104353).

  - net: hns3: Unified HNS3 (VF|PF) Ethernet Driver for
    hip08 SoC (bsc#1104353).

  - net: hns3: unify the pause params setup function
    (bsc#1104353 ).

  - net: hns3: Unify the strings display of packet
    statistics (bsc#1104353).

  - net: hns3: Updates MSI/MSI-X alloc/free APIs(depricated)
    to new APIs (bsc#1104353).

  - net: hns3: Updates RX packet info fetch in case of multi
    BD (bsc#1104353).

  - net: hns3: Use enums instead of magic number in
    hclge_is_special_opcode (bsc#1104353).

  - net: hns3: VF should get the real rss_size instead of
    rss_size_max (bsc#1104353).

  - net: lan78xx: Fix race in tx pending skb size
    calculation (bsc#1100132).

  - net: lan78xx: fix rx handling before first packet is
    send (bsc#1100132).

  - net: qmi_wwan: add BroadMobi BM806U 2020:2033
    (bsc#1087092).

  - net: qmi_wwan: Add Netgear Aircard 779S (bsc#1090888).

  - net-usb: add qmi_wwan if on lte modem wistron neweb
    d18q1 (bsc#1087092).

  - net: usb: asix: replace mii_nway_restart in resume path
    (bsc#1100132).

  - orangefs: report attributes_mask and attributes for
    statx (bsc#1101832).

  - orangefs: set i_size on new symlink (bsc#1101845).

  - overflow.h: Add allocation size calculation helpers
    (bsc#1101116,).

  - powerpc/64: Add GENERIC_CPU support for little endian
    ().

  - powerpc/fadump: handle crash memory ranges array index
    overflow (bsc#1103269).

  - powerpc/fadump: merge adjacent memory ranges to reduce
    PT_LOAD segements (bsc#1103269).

  - powerpc/pkeys: Deny read/write/execute by default
    (bsc#1097577).

  - powerpc/pkeys: Fix calculation of total pkeys
    (bsc#1097577).

  - powerpc/pkeys: Give all threads control of their key
    permissions (bsc#1097577).

  - powerpc/pkeys: key allocation/deallocation must not
    change pkey registers (bsc#1097577).

  - powerpc/pkeys: make protection key 0 less special
    (bsc#1097577).

  - powerpc/pkeys: Preallocate execute-only key
    (bsc#1097577).

  - powerpc/pkeys: Save the pkey registers before fork
    (bsc#1097577).

  - qed*: Add link change count value to ethtool statistics
    display (bsc#1086314).

  - qed: Add qed APIs for PHY module query (bsc#1086314 ).

  - qed: Add srq core support for RoCE and iWARP
    (bsc#1086314 ).

  - qede: Add driver callbacks for eeprom module query
    (bsc#1086314 ).

  - qedf: Add get_generic_tlv_data handler (bsc#1086317).

  - qedf: Add support for populating ethernet TLVs
    (bsc#1086317).

  - qed: fix spelling mistake 'successffuly' ->
    'successfully' (bsc#1086314).

  - qedi: Add get_generic_tlv_data handler (bsc#1086315).

  - qedi: Add support for populating ethernet TLVs
    (bsc#1086315).

  - qed: Make some functions static (bsc#1086314).

  - qed: remove redundant functions qed_get_cm_pq_idx_rl
    (bsc#1086314).

  - qed: remove redundant functions
    qed_set_gft_event_id_cm_hdr (bsc#1086314).

  - qed: remove redundant pointer 'name' (bsc#1086314).

  - qed: use dma_zalloc_coherent instead of allocator/memset
    (bsc#1086314).

  - qed*: Utilize FW 8.37.2.0 (bsc#1086314).

  - rdma/hns: Add 64KB page size support for hip08
    (bsc#1104427 ).

  - rdma/hns: Add command queue support for hip08 RoCE
    driver (bsc#1104427).

  - rdma/hns: Add CQ operations support for hip08 RoCE
    driver (bsc#1104427).

  - rdma/hns: Add detailed comments for mb() call
    (bsc#1104427 ).

  - rdma/hns: Add eq support of hip08 (bsc#1104427).

  - rdma/hns: Add gsi qp support for modifying qp in hip08
    (bsc#1104427).

  - rdma/hns: Add mailbox's implementation for hip08 RoCE
    driver (bsc#1104427).

  - rdma/hns: Add modify CQ support for hip08 (bsc#1104427
    ).

  - rdma/hns: Add names to function arguments in function
    pointers (bsc#1104427).

  - rdma/hns: Add profile support for hip08 driver
    (bsc#1104427 ).

  - rdma/hns: Add QP operations support for hip08 SoC
    (bsc#1104427 ).

  - rdma/hns: Add releasing resource operation in error
    branch (bsc#1104427).

  - rdma/hns: Add rereg mr support for hip08 (bsc#1104427 ).

  - rdma/hns: Add reset process for RoCE in hip08
    (bsc#1104427 ).

  - rdma/hns: Add return operation when configured global
    param fail (bsc#1104427).

  - rdma/hns: Add rq inline data support for hip08 RoCE
    (bsc#1104427 ).

  - rdma/hns: Add rq inline flags judgement (bsc#1104427 ).

  - rdma/hns: Add sq_invld_flg field in QP context
    (bsc#1104427 ).

  - rdma/hns: Add support for processing send wr and receive
    wr (bsc#1104427).

  - rdma/hns: Add the interfaces to support multi hop
    addressing for the contexts in hip08 (bsc#1104427).

  - rdma/hns: Adjust the order of cleanup hem table
    (bsc#1104427 ).

  - rdma/hns: Assign dest_qp when deregistering mr
    (bsc#1104427 ).

  - rdma/hns: Assign the correct value for tx_cqn
    (bsc#1104427 ).

  - rdma/hns: Assign zero for pkey_index of wc in hip08
    (bsc#1104427 ).

  - rdma/hns: Avoid NULL pointer exception (bsc#1104427 ).

  - rdma/hns: Bugfix for cq record db for kernel
    (bsc#1104427 ).

  - rdma/hns: Bugfix for init hem table (bsc#1104427).

  - rdma/hns: Bugfix for rq record db for kernel
    (bsc#1104427 ).

  - rdma/hns: Check return value of kzalloc (bsc#1104427 ).

  - rdma/hns: Configure BT BA and BT attribute for the
    contexts in hip08 (bsc#1104427).

  - rdma/hns: Configure fence attribute in hip08 RoCE
    (bsc#1104427 ).

  - rdma/hns: Configure mac&gid and user access region for
    hip08 RoCE driver (bsc#1104427).

  - rdma/hns: Configure sgid type for hip08 RoCE
    (bsc#1104427 ).

  - rdma/hns: Configure the MTPT in hip08 (bsc#1104427).

  - rdma/hns: Configure TRRL field in hip08 RoCE device
    (bsc#1104427 ).

  - rdma/hns: Create gsi qp in hip08 (bsc#1104427).

  - rdma/hns: Delete the unnecessary initializing enum to
    zero (bsc#1104427).

  - rdma/hns: Do not unregister a callback we didn't
    register (bsc#1104427).

  - rdma/hns: Drop local zgid in favor of core defined
    variable (bsc#1104427).

  - rdma/hns: Enable inner_pa_vld filed of mpt (bsc#1104427
    ).

  - rdma/hns: Enable the cqe field of sqwqe of RC
    (bsc#1104427 ).

  - rdma/hns: ensure for-loop actually iterates and free's
    buffers (bsc#1104427).

  - rdma/hns: Fill sq wqe context of ud type in hip08
    (bsc#1104427 ).

  - rdma/hns: Filter for zero length of sge in hip08 kernel
    mode (bsc#1104427).

  - rdma/hns: Fix a bug with modifying mac address
    (bsc#1104427 ).

  - rdma/hns: Fix a couple misspellings (bsc#1104427).

  - rdma/hns: Fix calltrace for sleeping in atomic
    (bsc#1104427 ).

  - rdma/hns: Fix cqn type and init resp (bsc#1104427).

  - rdma/hns: Fix cq record doorbell enable in kernel
    (bsc#1104427 ).

  - rdma/hns: Fix endian problems around imm_data and rkey
    (bsc#1104427).

  - rdma/hns: Fix inconsistent warning (bsc#1104427).

  - rdma/hns: Fix init resp when alloc ucontext (bsc#1104427
    ).

  - rdma/hns: Fix misplaced call to
    hns_roce_cleanup_hem_table (bsc#1104427).

  - rdma/hns: Fix QP state judgement before receiving work
    requests (bsc#1104427).

  - rdma/hns: Fix QP state judgement before sending work
    requests (bsc#1104427).

  - rdma/hns: fix spelling mistake: 'Reseved' -> 'Reserved'
    (bsc#1104427).

  - rdma/hns: Fix the bug with NULL pointer (bsc#1104427 ).

  - rdma/hns: Fix the bug with rq sge (bsc#1104427).

  - rdma/hns: Fix the endian problem for hns (bsc#1104427 ).

  - rdma/hns: Fix the illegal memory operation when cross
    page (bsc#1104427).

  - rdma/hns: Fix the issue of IOVA not page continuous in
    hip08 (bsc#1104427).

  - rdma/hns: Fix the qp context state diagram (bsc#1104427
    ).

  - rdma/hns: Generate gid type of RoCEv2 (bsc#1104427).

  - rdma/hns: Get rid of page operation after
    dma_alloc_coherent (bsc#1104427).

  - rdma/hns: Get rid of virt_to_page and vmap calls after
    dma_alloc_coherent (bsc#1104427).

  - rdma/hns: Implement the disassociate_ucontext API
    (bsc#1104427 ).

  - rdma/hns: Increase checking CMQ status timeout value
    (bsc#1104427).

  - rdma/hns: Initialize the PCI device for hip08 RoCE
    (bsc#1104427 ).

  - rdma/hns: Intercept illegal RDMA operation when use
    inline data (bsc#1104427).

  - rdma/hns: Load the RoCE dirver automatically
    (bsc#1104427 ).

  - rdma/hns: make various function static, fixes warnings
    (bsc#1104427).

  - rdma/hns: Modify assignment device variable to support
    both PCI device and platform device (bsc#1104427).

  - rdma/hns: Modify the usage of cmd_sn in hip08
    (bsc#1104427 ).

  - rdma/hns: Modify the value with rd&dest_rd of qp_attr
    (bsc#1104427).

  - rdma/hns: Modify uar allocation algorithm to avoid
    bitmap exhaust (bsc#1104427).

  - rdma/hns: Move priv in order to add multiple hns_roce
    support (bsc#1104427).

  - rdma/hns: Move the location for initializing tmp_len
    (bsc#1104427).

  - rdma/hns: Not support qp transition from reset to reset
    for hip06 (bsc#1104427).

  - rdma/hns: Only assign dest_qp if IB_QP_DEST_QPN bit is
    set (bsc#1104427).

  - rdma/hns: Only assign dqpn if IB_QP_PATH_DEST_QPN bit is
    set (bsc#1104427).

  - rdma/hns: Only assign mtu if IB_QP_PATH_MTU bit is set
    (bsc#1104427).

  - rdma/hns: Refactor code for readability (bsc#1104427 ).

  - rdma/hns: Refactor eq code for hip06 (bsc#1104427).

  - rdma/hns: remove redundant assignment to variable j
    (bsc#1104427 ).

  - rdma/hns: Remove some unnecessary attr_mask judgement
    (bsc#1104427).

  - rdma/hns: Remove unnecessary operator (bsc#1104427).

  - rdma/hns: Remove unnecessary platform_get_resource()
    error check (bsc#1104427).

  - rdma/hns: Rename the idx field of db (bsc#1104427).

  - rdma/hns: Replace condition statement using hardware
    version information (bsc#1104427).

  - rdma/hns: Replace __raw_write*(cpu_to_le*()) with LE
    write*() (bsc#1104427).

  - rdma/hns: return 0 rather than return a garbage status
    value (bsc#1104427).

  - rdma/hns_roce: Do not check return value of
    zap_vma_ptes() (bsc#1104427).

  - rdma/hns: Set access flags of hip08 RoCE (bsc#1104427 ).

  - rdma/hns: Set desc_dma_addr for zero when free cmq desc
    (bsc#1104427).

  - rdma/hns: Set NULL for __internal_mr (bsc#1104427).

  - rdma/hns: Set rdma_ah_attr type for querying qp
    (bsc#1104427 ).

  - rdma/hns: Set se attribute of sqwqe in hip08
    (bsc#1104427 ).

  - rdma/hns: Set sq_cur_sge_blk_addr field in QPC in hip08
    (bsc#1104427).

  - rdma/hns: Set the guid for hip08 RoCE device
    (bsc#1104427 ).

  - rdma/hns: Set the owner field of SQWQE in hip08 RoCE
    (bsc#1104427).

  - rdma/hns: Split CQE from MTT in hip08 (bsc#1104427).

  - rdma/hns: Split hw v1 driver from hns roce driver
    (bsc#1104427 ).

  - rdma/hns: Submit bad wr (bsc#1104427).

  - rdma/hns: Support cq record doorbell for kernel space
    (bsc#1104427).

  - rdma/hns: Support cq record doorbell for the user space
    (bsc#1104427).

  - rdma/hns: Support multi hop addressing for PBL in hip08
    (bsc#1104427).

  - rdma/hns: Support rq record doorbell for kernel space
    (bsc#1104427).

  - rdma/hns: Support rq record doorbell for the user space
    (bsc#1104427).

  - rdma/hns: Support WQE/CQE/PBL page size configurable
    feature in hip08 (bsc#1104427).

  - rdma/hns: Unify the calculation for hem index in hip08
    (bsc#1104427).

  - rdma/hns: Update assignment method for owner field of
    send wqe (bsc#1104427).

  - rdma/hns: Update calculation of irrl_ba field for hip08
    (bsc#1104427).

  - rdma/hns: Update convert function of endian format
    (bsc#1104427 ).

  - rdma/hns: Update the interfaces for MTT/CQE multi hop
    addressing in hip08 (bsc#1104427).

  - rdma/hns: Update the IRRL table chunk size in hip08
    (bsc#1104427 ).

  - rdma/hns: Update the PD&CQE&MTT specification in hip08
    (bsc#1104427).

  - rdma/hns: Update the usage of ack timeout in hip08
    (bsc#1104427 ).

  - rdma/hns: Update the usage of sr_max and rr_max field
    (bsc#1104427).

  - rdma/hns: Update the verbs of polling for completion
    (bsc#1104427).

  - rdma/hns: Use free_pages function instead of free_page
    (bsc#1104427).

  - rdma/hns: Use structs to describe the uABI instead of
    opencoding (bsc#1104427).

  - rdma/qedr: Fix NULL pointer dereference when running
    over iWARP without RDMA-CM (bsc#1086314).

  - rdma/qedr: fix spelling mistake: 'adrresses' ->
    'addresses' (bsc#1086314).

  - rdma/qedr: fix spelling mistake: 'failes' -> 'fails'
    (bsc#1086314).

  - reiserfs: fix buffer overflow with long warning messages
    (bsc#1101847).

  -
    reiserfs-fix-buffer-overflow-with-long-warning-messa.pat
    ch: Silence bogus compiler warning about unused result
    of strscpy().

  - s390/dasd: configurable IFCC handling (bsc#1097808).

  - sched/smt: Update sched_smt_present at runtime
    (bsc#1089343).

  - scsi: mpt3sas: Add an I/O barrier (bsc#1086906,).

  - scsi: mpt3sas: Added support for SAS Device Discovery
    Error Event (bsc#1086906,).

  - scsi: mpt3sas: Add PCI device ID for Andromeda
    (bsc#1086906,).

  - scsi: mpt3sas: Allow processing of events during driver
    unload (bsc#1086906,).

  - scsi: mpt3sas: As per MPI-spec, use combined reply queue
    for SAS3.5 controllers when HBA supports more than 16
    MSI-x vectors (bsc#1086906,).

  - scsi: mpt3sas: Bug fix for big endian systems
    (bsc#1086906,).

  - scsi: mpt3sas: Cache enclosure pages during enclosure
    add (bsc#1086906,).

  - scsi: mpt3sas: clarify mmio pointer types
    (bsc#1086906,).

  - scsi: mpt3sas: Configure reply post queue depth, DMA and
    sgl tablesize (bsc#1086906,).

  - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives
    while processing Async Broadcast primitive event
    (bsc#1086906,).

  - scsi: mpt3sas: Do not access the structure after
    decrementing it's instance reference count
    (bsc#1086906,).

  - scsi: mpt3sas: Do not mark fw_event workqueue as
    WQ_MEM_RECLAIM (bsc#1086906,).

  - scsi: mpt3sas: Enhanced handling of Sense Buffer
    (bsc#1086906,).

  - scsi: mpt3sas: Fix, False timeout prints for ioctl and
    other internal commands during controller reset
    (bsc#1086906,).

  - scsi: mpt3sas: fix possible memory leak (bsc#1086906,).

  - scsi: mpt3sas: fix spelling mistake: 'disbale' ->
    'disable' (bsc#1086906,).

  - scsi: mpt3sas: For NVME device, issue a protocol level
    reset (bsc#1086906,).

  - scsi: mpt3sas: Incorrect command status was set/marked
    as not used (bsc#1086906,).

  - scsi: mpt3sas: Increase event log buffer to support 24
    port HBA's (bsc#1086906,).

  - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer
    address (bsc#1086906,).

  - scsi: mpt3sas: Introduce Base function for cloning
    (bsc#1086906,).

  - scsi: mpt3sas: Introduce function to clone mpi reply
    (bsc#1086906,).

  - scsi: mpt3sas: Introduce function to clone mpi request
    (bsc#1086906,).

  - scsi: mpt3sas: Lockless access for chain buffers
    (bsc#1086906,).

  - scsi: mpt3sas: Optimize I/O memory consumption in driver
    (bsc#1086906,).

  - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot
    time (bsc#1086906,).

  - scsi: mpt3sas: Replace PCI pool old API (bsc#1081917). -
    Refresh
    patches.drivers/scsi-mpt3sas-SGL-to-PRP-Translation-for-
    I-Os-to-NVMe.patch.

  - scsi: mpt3sas: Report Firmware Package Version from HBA
    Driver (bsc#1086906,).

  - scsi: mpt3sas: Update driver version '25.100.00.00'
    (bsc#1086906,).

  - scsi: mpt3sas: Update driver version '26.100.00.00'
    (bsc#1086906,).

  - scsi: mpt3sas: Update MPI Headers (bsc#1086906,).

  - scsi: qedf: Add additional checks when restarting an
    rport due to ABTS timeout (bsc#1086317).

  - scsi: qedf: Add check for offload before flushing I/Os
    for target (bsc#1086317).

  - scsi: qedf: Add dcbx_not_wait module parameter so we
    won't wait for DCBX convergence to start discovery
    (bsc#1086317).

  - scsi: qedf: Add missing skb frees in error path
    (bsc#1086317).

  - scsi: qedf: Add more defensive checks for concurrent
    error conditions (bsc#1086317).

  - scsi: qedf: Add task id to kref_get_unless_zero() debug
    messages when flushing requests (bsc#1086317).

  - scsi: qedf: Check if link is already up when receiving a
    link up event from qed (bsc#1086317).

  - scsi: qedf: fix LTO-enabled build (bsc#1086317).

  - scsi: qedf: Fix VLAN display when printing sent FIP
    frames (bsc#1086317).

  - scsi: qedf: Honor default_prio module parameter even if
    DCBX does not converge (bsc#1086317).

  - scsi: qedf: Honor priority from DCBX FCoE App tag
    (bsc#1086317).

  - scsi: qedf: If qed fails to enable MSI-X fail PCI probe
    (bsc#1086317).

  - scsi: qedf: Improve firmware debug dump handling
    (bsc#1086317).

  - scsi: qedf: Increase the number of default FIP VLAN
    request retries to 60 (bsc#1086317).

  - scsi: qedf: Release RRQ reference correctly when RRQ
    command times out (bsc#1086317).

  - scsi: qedf: remove redundant initialization of 'fcport'
    (bsc#1086317).

  - scsi: qedf: Remove setting DCBX pending during soft
    context reset (bsc#1086317).

  - scsi: qedf: Return request as DID_NO_CONNECT if MSI-X is
    not enabled (bsc#1086317).

  - scsi: qedf: Sanity check FCoE/FIP priority value to make
    sure it's between 0 and 7 (bsc#1086317).

  - scsi: qedf: Send the driver state to MFW (bsc#1086317).

  - scsi: qedf: Set the UNLOADING flag when removing a vport
    (bsc#1086317).

  - scsi: qedf: Synchronize rport restarts when multiple ELS
    commands time out (bsc#1086317).

  - scsi: qedf: Update copyright for 2018 (bsc#1086317).

  - scsi: qedf: Update version number to 8.33.16.20
    (bsc#1086317).

  - scsi: qedf: use correct strncpy() size (bsc#1086317).

  - scsi: qedi: fix building with LTO (bsc#1086315).

  - scsi: qedi: fix build regression (bsc#1086315).

  - scsi: qedi: Fix kernel crash during port toggle
    (bsc#1086315).

  - scsi: qedi: Send driver state to MFW (bsc#1086315).

  - scsi: qla2xxx: correctly shift host byte (bsc#1086327,).

  - scsi: qla2xxx: Correct setting of
    SAM_STAT_CHECK_CONDITION (bsc#1086327,).

  - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command
    (bsc#1086327,).

  - scsi: qla2xxx: Fix Inquiry command being dropped in
    Target mode (bsc#1086327,).

  - scsi: qla2xxx: Fix race condition between iocb timeout
    and initialisation (bsc#1086327,).

  - scsi: qla2xxx: Fix Rport and session state getting out
    of sync (bsc#1086327,).

  - scsi: qla2xxx: Fix sending ADISC command for login
    (bsc#1086327,).

  - scsi: qla2xxx: Fix setting lower transfer speed if GPSC
    fails (bsc#1086327,).

  - scsi: qla2xxx: Fix TMF and Multi-Queue config
    (bsc#1086327,).

  - scsi: qla2xxx: Move GPSC and GFPNID out of session
    management (bsc#1086327,).

  - scsi: qla2xxx: Prevent relogin loop by removing stale
    code (bsc#1086327,).

  - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs
    (bsc#1086327,).

  - scsi: qla2xxx: remove irq save in qla2x00_poll()
    (bsc#1086327,).

  - scsi: qla2xxx: Remove stale debug value for login_retry
    flag (bsc#1086327,).

  - scsi: qla2xxx: Update driver version to 10.00.00.07-k
    (bsc#1086327,).

  - scsi: qla2xxx: Use predefined get_datalen_for_atio()
    inline function (bsc#1086327,).

  - scsi: qla4xxx: Move an array from a .h into a .c file
    (bsc#1086331).

  - scsi: qla4xxx: Remove unused symbols (bsc#1086331).

  - scsi: qla4xxx: skip error recovery in case of register
    disconnect (bsc#1086331).

  - scsi: qla4xxx: Use dma_pool_zalloc() (bsc#1086331).

  - scsi: qla4xxx: Use zeroing allocator rather than
    allocator/memset (bsc#1086331).

  - selftests/powerpc: Fix core-pkey for default execute
    permission change (bsc#1097577).

  - selftests/powerpc: Fix ptrace-pkey for default execute
    permission change (bsc#1097577).

  - supported.conf: add drivers/md/dm-writecache

  - supported.conf: added hns3 modules

  - supported.conf: added hns-roce-hw-v1 and hns-roce-hw-v2

  - supported.conf: Enable HiSi v3 SAS adapter ()

  - tcp_rbd depends on BLK_DEV_RBD ().

  - typec: tcpm: fusb302: Resolve out of order messaging
    events (bsc#1087092).

  - udf: Detect incorrect directory size (bsc#1101891).

  - udf: Provide saner default for invalid uid / gid
    (bsc#1101890).

  - vfs: add the sb_start_intwrite_trylock() helper
    (bsc#1101841).

  - x86/apic: Ignore secondary threads if nosmt=force
    (bsc#1089343).

  - x86/CPU/AMD: Do not check CPUID max ext level before
    parsing SMP info (bsc#1089343).

  - x86/cpu/AMD: Evaluate smp_num_siblings early
    (bsc#1089343).

  - x86/CPU/AMD: Move TOPOEXT reenablement before reading
    smp_num_siblings (bsc#1089343).

  - x86/cpu/AMD: Remove the pointless detect_ht() call
    (bsc#1089343).

  - x86/cpu/common: Provide detect_ht_early() (bsc#1089343).

  - x86/cpu/intel: Evaluate smp_num_siblings early
    (bsc#1089343).

  - x86/cpu: Remove the pointless CPU printout
    (bsc#1089343).

  - x86/cpu/topology: Provide
    detect_extended_topology_early() (bsc#1089343).

  - x86/KVM/VMX: Add module argument for L1TF mitigation.

  - x86/smp: Provide topology_is_primary_thread()
    (bsc#1089343).

  - x86/topology: Provide topology_smt_supported()
    (bsc#1089343).

  - x86/xen: init %gs very early to avoid page faults with
    stack protector (bnc#1104777).

  - xen-netback: fix input validation in
    xenvif_set_hash_mapping() (bnc#1103277).

  - xen/netfront: do not cache skb_shinfo() (bnc#1065600).

  - xfs: catch inode allocation state mismatch corruption
    (bsc#1104211).

  - xfs: prevent creating negative-sized file via
    INSERT_RANGE (bsc#1101833)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1081917"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086288"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086314"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086315"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086317"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086327"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086331"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086906"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087081"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087092"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089343"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090888"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097104"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097577"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097808"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099811"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099844"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099845"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099846"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099849"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099863"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099864"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100132"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101116"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101828"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101832"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101833"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101837"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101839"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101841"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101844"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101845"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101847"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101852"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101853"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101867"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101872"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101874"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101875"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101882"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101883"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101885"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101887"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101890"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101891"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101893"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101895"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101896"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101900"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101903"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102340"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103097"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103269"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103277"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103363"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103886"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104066"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104211"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104319"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104353"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104365"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104494"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104495"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104708"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104777"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected the Linux Kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10877");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-base-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-base-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-debugsource-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-devel-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-devel-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-base-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-base-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-debugsource-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-devel-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-devel-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-devel-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-docs-html-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-base-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-debugsource-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-devel-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-macros-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-build-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-build-debugsource-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-qa-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-source-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-source-vanilla-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-syms-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-base-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-debugsource-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-devel-4.12.14-lp150.12.16.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.16.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-885.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(111997);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2017-18344", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-14734", "CVE-2018-3620", "CVE-2018-3646", "CVE-2018-5390", "CVE-2018-5391");

  script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2018-885) (Foreshadow)");
  script_summary(english:"Check for the openSUSE-2018-885 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The openSUSE Leap 42.3 kernel was updated to 4.4.143 to receive
various security and bugfixes.

The following security bugs were fixed :

  - CVE-2017-18344: The timer_create syscall implementation
    in kernel/time/posix-timers.c didn't properly validate
    the sigevent->sigev_notify field, which leads to
    out-of-bounds access in the show_timer function (called
    when /proc/$PID/timers is read). This allowed userspace
    applications to read arbitrary kernel memory (on a
    kernel built with CONFIG_POSIX_TIMERS and
    CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 bnc#1103580).

  - CVE-2018-10876: A flaw was found in Linux kernel in the
    ext4 filesystem code. A use-after-free is possible in
    ext4_ext_remove_space() function when mounting and
    operating a crafted ext4 image. (bnc#1099811)

  - CVE-2018-10877: Linux kernel ext4 filesystem is
    vulnerable to an out-of-bound access in the
    ext4_ext_drop_refs() function when operating on a
    crafted ext4 filesystem image. (bnc#1099846)

  - CVE-2018-10878: A flaw was found in the ext4 filesystem.
    A local user can cause an out-of-bounds write and a
    denial of service or unspecified other impact is
    possible by mounting and operating a crafted ext4
    filesystem image. (bnc#1099813)

  - CVE-2018-10879: A flaw was found in the ext4 filesystem.
    A local user can cause a use-after-free in
    ext4_xattr_set_entry function and a denial of service or
    unspecified other impact may occur by renaming a file in
    a crafted ext4 filesystem image. (bnc#1099844)

  - CVE-2018-10880: Linux kernel is vulnerable to a
    stack-out-of-bounds write in the ext4 filesystem code
    when mounting and writing to a crafted ext4 image in
    ext4_update_inline_data(). An attacker could use this to
    cause a system crash and a denial of service.
    (bnc#1099845)

  - CVE-2018-10881: A flaw was found in the ext4 filesystem.
    A local user can cause an out-of-bound access in
    ext4_get_group_info function, a denial of service, and a
    system crash by mounting and operating on a crafted ext4
    filesystem image. (bnc#1099864)

  - CVE-2018-10882: A flaw was found in the ext4 filesystem.
    A local user can cause an out-of-bound write in in
    fs/jbd2/transaction.c code, a denial of service, and a
    system crash by unmounting a crafted ext4 filesystem
    image. (bnc#1099849)

  - CVE-2018-10883: A flaw was found in the ext4 filesystem.
    A local user can cause an out-of-bounds write in
    jbd2_journal_dirty_metadata(), a denial of service, and
    a system crash by mounting and operating on a crafted
    ext4 filesystem image. (bnc#1099863)

  - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed
    ucma_leave_multicast to access a certain data structure
    after a cleanup step in ucma_process_join, which allowed
    attackers to cause a denial of service (use-after-free)
    (bnc#1103119).

  - CVE-2018-3620: Systems with microprocessors utilizing
    speculative execution and address translations may allow
    unauthorized disclosure of information residing in the
    L1 data cache to an attacker with local user access via
    a terminal page fault and a side-channel analysis
    (bnc#1087081 1089343 ).

  - CVE-2018-3646: Systems with microprocessors utilizing
    speculative execution and address translations may allow
    unauthorized disclosure of information residing in the
    L1 data cache to an attacker with local user access with
    guest OS privilege via a terminal page fault and a
    side-channel analysis (bnc#1089343 1104365).

  - CVE-2018-5390 aka 'SegmentSmack': The Linux kernel could
    be forced to make very expensive calls to
    tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for
    every incoming packet which can lead to a denial of
    service (bnc#1102340).

  - CVE-2018-5391 aka 'FragmentSmack': A flaw in the IP
    packet reassembly could be used by remote attackers to
    consume lots of CPU time (bnc#1103097).

The following non-security bugs were fixed :

  - Add support for 5,25,50, and 100G to 802.3ad bonding
    driver (bsc#1096978)

  - ahci: Disable LPM on Lenovo 50 series laptops with a too
    old BIOS (bnc#1012382).

  - arm64: do not open code page table entry creation
    (bsc#1102197).

  - arm64: kpti: Use early_param for kpti= command-line
    option (bsc#1102188).

  - arm64: Make sure permission updates happen for pmd/pud
    (bsc#1102197).

  - atm: zatm: Fix potential Spectre v1 (bnc#1012382).

  - bcm63xx_enet: correct clock usage (bnc#1012382).

  - bcm63xx_enet: do not write to random DMA channel on
    BCM6345 (bnc#1012382).

  - blkcg: simplify statistic accumulation code
    (bsc#1082979).

  - block: copy ioprio in __bio_clone_fast() (bsc#1082653).

  - block/swim: Fix array bounds check (bsc#1082979).

  - bpf: fix loading of BPF_MAXINSNS sized programs
    (bsc#1012382).

  - bpf, x64: fix memleak when not converging after image
    (bsc#1012382).

  - btrfs: Do not remove block group still has pinned down
    bytes (bsc#1086457).

  - cachefiles: Fix missing clear of the
    CACHEFILES_OBJECT_ACTIVE flag (bsc#1099858).

  - cachefiles: Fix refcounting bug in backing-file read
    monitoring (bsc#1099858).

  - cachefiles: Wait rather than BUG'ing on 'Unexpected
    object collision' (bsc#1099858).

  - cifs: fix bad/NULL ptr dereferencing in
    SMB2_sess_setup() (bsc#1090123).

  - compiler, clang: always inline when
    CONFIG_OPTIMIZE_INLINING is disabled (bnc#1012382).

  - compiler, clang: properly override 'inline' for clang
    (bnc#1012382).

  - compiler, clang: suppress warning for unused static
    inline functions (bnc#1012382).

  - compiler-gcc.h: Add __attribute__((gnu_inline)) to all
    inline declarations (bnc#1012382).

  - cpu/hotplug: Add sysfs state interface (bsc#1089343).

  - cpu/hotplug: Provide knobs to control SMT (bsc#1089343).

  - cpu/hotplug: Split do_cpu_down() (bsc#1089343).

  - crypto: crypto4xx - fix crypto4xx_build_pdr,
    crypto4xx_build_sdr leak (bnc#1012382).

  - crypto: crypto4xx - remove bad list_del (bnc#1012382).

  - dm thin metadata: remove needless work from
    __commit_transaction (bsc#1082979).

  - drm/msm: Fix possible null dereference on failure of
    get_pages() (bsc#1102394).

  - drm: re-enable error handling (bsc#1103884).

  - esp6: fix memleak on error path in esp6_input
    (git-fixes).

  - ext4: check for allocation block validity with block
    group locked (bsc#1104495).

  - ext4: do not update s_last_mounted of a frozen fs
    (bsc#1101841).

  - ext4: factor out helper ext4_sample_last_mounted()
    (bsc#1101841).

  - ext4: fix check to prevent initializing reserved inodes
    (bsc#1104319).

  - ext4: fix false negatives *and* false positives in
    ext4_check_descriptors() (bsc#1103445).

  - ext4: fix inline data updates with checksums enabled
    (bsc#1104494).

  - fscache: Allow cancelled operations to be enqueued
    (bsc#1099858).

  - fscache: Fix reference overput in
    fscache_attach_object() error handling (bsc#1099858).

  - genirq: Make force irq threading setup more robust
    (bsc#1082979).

  - hid: usbhid: add quirk for innomedia INNEX GENESIS/ATARI
    adapter (bnc#1012382).

  - ib/isert: fix T10-pi check mask setting (bsc#1082979).

  - ibmasm: do not write out of bounds in read handler
    (bnc#1012382).

  - ibmvnic: Fix error recovery on login failure
    (bsc#1101789).

  - ibmvnic: Remove code to request error information
    (bsc#1104174).

  - ibmvnic: Revise RX/TX queue error messages
    (bsc#1101331).

  - ibmvnic: Update firmware error reporting with cause
    string (bsc#1104174).

  - iw_cxgb4: correctly enforce the max reg_mr depth
    (bnc#1012382).

  - kabi protect includes in include/linux/inet.h
    (bsc#1095643).

  - kabi protect net/core/utils.c includes (bsc#1095643).

  - kABI: protect struct loop_device (kabi).

  - kABI: reintroduce __static_cpu_has_safe (kabi).

  - Kbuild: fix # escaping in .cmd files for future Make
    (bnc#1012382).

  - keys: DNS: fix parsing multiple options (bnc#1012382).

  - kvm: arm/arm64: Drop resource size check for GICV window
    (bsc#1102215).

  - kvm: arm/arm64: Set dist->spis to NULL after kfree
    (bsc#1102214).

  - libata: do not try to pass through NCQ commands to
    non-NCQ devices (bsc#1082979).

  - loop: add recursion validation to LOOP_CHANGE_FD
    (bnc#1012382).

  - loop: remember whether sysfs_create_group() was done
    (bnc#1012382).

  - mmc: dw_mmc: fix card threshold control configuration
    (bsc#1102203).

  - mm: check VMA flags to avoid invalid PROT_NONE NUMA
    balancing (bsc#1097771).

  - net: cxgb3_main: fix potential Spectre v1 (bnc#1012382).

  - net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
    (bnc#1012382).

  - net: dccp: switch rx_tstamp_last_feedback to monotonic
    clock (bnc#1012382).

  - netfilter: ebtables: reject non-bridge targets
    (bnc#1012382).

  - netfilter: nf_queue: augment nfqa_cfg_policy
    (bnc#1012382).

  - netfilter: x_tables: initialise match/target check
    parameter struct (bnc#1012382).

  - net/mlx5: Fix command interface race in polling mode
    (bnc#1012382).

  - net/mlx5: Fix incorrect raw command length parsing
    (bnc#1012382).

  - net: mvneta: fix the Rx desc DMA address in the Rx path
    (bsc#1102207).

  - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned
    NULL (bnc#1012382).

  - net: off by one in inet6_pton() (bsc#1095643).

  - net: phy: marvell: Use strlcpy() for
    ethtool::get_strings (bsc#1102205).

  - net_sched: blackhole: tell upper qdisc about dropped
    packets (bnc#1012382).

  - net: sungem: fix rx checksum support (bnc#1012382).

  - net/utils: generic inet_pton_with_scope helper
    (bsc#1095643).

  - null_blk: use sector_div instead of do_div
    (bsc#1082979).

  - nvme-rdma: Check remotely invalidated rkey matches our
    expected rkey (bsc#1092001).

  - nvme-rdma: default MR page size to 4k (bsc#1092001).

  - nvme-rdma: do not complete requests before a send work
    request has completed (bsc#1092001).

  - nvme-rdma: do not suppress send completions
    (bsc#1092001).

  - nvme-rdma: Fix command completion race at error recovery
    (bsc#1090435).

  - nvme-rdma: make nvme_rdma_[create|destroy]_queue_ib
    symmetrical (bsc#1092001).

  - nvme-rdma: use inet_pton_with_scope helper
    (bsc#1095643).

  - nvme-rdma: Use mr pool (bsc#1092001).

  - nvme-rdma: wait for local invalidation before completing
    a request (bsc#1092001).

  - ocfs2: subsystem.su_mutex is required while accessing
    the item->ci_parent (bnc#1012382).

  - pci: ibmphp: Fix use-before-set in get_max_bus_speed()
    (bsc#1100132).

  - perf tools: Move syscall number fallbacks from
    perf-sys.h to tools/arch/x86/include/asm/ (bnc#1012382).

  - pm / hibernate: Fix oops at snapshot_write()
    (bnc#1012382).

  - powerpc/64: Initialise thread_info for emergency stacks
    (bsc#1094244, bsc#1100930, bsc#1102683).

  - powerpc/fadump: handle crash memory ranges array index
    overflow (bsc#1103269).

  - powerpc/fadump: merge adjacent memory ranges to reduce
    PT_LOAD segements (bsc#1103269).

  - qed: Limit msix vectors in kdump kernel to the minimum
    required count (bnc#1012382).

  - r8152: napi hangup fix after disconnect (bnc#1012382).

  - rdma/ocrdma: Fix an error code in ocrdma_alloc_pd()
    (bsc#1082979).

  - rdma/ocrdma: Fix error codes in ocrdma_create_srq()
    (bsc#1082979).

  - rdma/ucm: Mark UCM interface as BROKEN (bnc#1012382).

  - rds: avoid unenecessary cong_update in loop transport
    (bnc#1012382).

  - Revert
    'block-cancel-workqueue-entries-on-blk_mq_freeze_queue'
    (bsc#1103717)

  - Revert 'sit: reload iphdr in ipip6_rcv' (bnc#1012382).

  - Revert 'x86/cpufeature: Move some of the scattered
    feature bits to x86_capability' (kabi).

  - Revert 'x86/cpu: Probe CPUID leaf 6 even when
    cpuid_level == 6' (kabi).

  - rtlwifi: rtl8821ae: fix firmware is not ready to run
    (bnc#1012382).

  - s390/qeth: fix error handling in adapter command
    callbacks (bnc#1103745, LTC#169699).

  - sched/smt: Update sched_smt_present at runtime
    (bsc#1089343).

  - scsi: qlogicpti: Fix an error handling path in
    'qpti_sbus_probe()' (bsc#1082979).

  - scsi: sg: fix minor memory leak in error path
    (bsc#1082979).

  - scsi: target: fix crash with iscsi target and dvd
    (bsc#1082979).

  - smsc75xx: Add workaround for gigabit link up hardware
    errata (bsc#1100132).

  - smsc95xx: Configure pause time to 0xffff when tx flow
    control enabled (bsc#1085536).

  - supported.conf: Do not build KMP for openSUSE kernels
    The merge of kselftest-kmp was overseen, and bad for
    openSUSE-42.3

  - tcp: fix Fast Open key endianness (bnc#1012382).

  - tcp: prevent bogus FRTO undos with non-SACK flows
    (bnc#1012382).

  - tools build: fix # escaping in .cmd files for future
    Make (bnc#1012382).

  - uprobes/x86: Remove incorrect WARN_ON() in
    uprobe_init_insn() (bnc#1012382).

  - usb: core: handle hub C_PORT_OVER_CURRENT condition
    (bsc#1100132).

  - usb: quirks: add delay quirks for Corsair Strafe
    (bnc#1012382).

  - usb: serial: ch341: fix type promotion bug in
    ch341_control_in() (bnc#1012382).

  - usb: serial: cp210x: add another USB ID for Qivicon
    ZigBee stick (bnc#1012382).

  - usb: serial: keyspan_pda: fix modem-status error
    handling (bnc#1012382).

  - usb: serial: mos7840: fix status-register error handling
    (bnc#1012382).

  - usb: yurex: fix out-of-bounds uaccess in read handler
    (bnc#1012382).

  - vfio: platform: Fix reset module leak in error path
    (bsc#1102211).

  - vfs: add the sb_start_intwrite_trylock() helper
    (bsc#1101841).

  - vhost_net: validate sock before trying to put its fd
    (bnc#1012382).

  - vmw_balloon: fix inflation with batching (bnc#1012382).

  - x86/alternatives: Add an auxilary section (bnc#1012382).

  - x86/alternatives: Discard dynamic check after init
    (bnc#1012382).

  - x86/apic: Ignore secondary threads if nosmt=force
    (bsc#1089343).

  - x86/asm: Add _ASM_ARG* constants for argument registers
    to <asm/asm.h> (bnc#1012382).

  - x86/boot: Simplify kernel load address alignment check
    (bnc#1012382).

  - x86/CPU/AMD: Do not check CPUID max ext level before
    parsing SMP info (bsc#1089343).

  - x86/cpu/AMD: Evaluate smp_num_siblings early
    (bsc#1089343).

  - x86/CPU/AMD: Move TOPOEXT reenablement before reading
    smp_num_siblings (bsc#1089343). Update config files.

  - x86/cpu/AMD: Remove the pointless detect_ht() call
    (bsc#1089343).

  - x86/cpu/common: Provide detect_ht_early() (bsc#1089343).

  - x86/cpufeature: Add helper macro for mask check macros
    (bnc#1012382).

  - x86/cpufeature: Carve out X86_FEATURE_* (bnc#1012382).

  - x86/cpufeature: Get rid of the non-asm goto variant
    (bnc#1012382).

  - x86/cpufeature: Make sure DISABLED/REQUIRED macros are
    updated (bnc#1012382).

  - x86/cpufeature: Move some of the scattered feature bits
    to x86_capability (bnc#1012382).

  - x86/cpufeature: Replace the old static_cpu_has() with
    safe variant (bnc#1012382).

  - x86/cpufeature: Speed up cpu_feature_enabled()
    (bnc#1012382).

  - x86/cpufeature: Update cpufeaure macros (bnc#1012382).

  - x86/cpu/intel: Evaluate smp_num_siblings early
    (bsc#1089343).

  - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
    (bnc#1012382).

  - x86/cpu: Provide a config option to disable
    static_cpu_has (bnc#1012382).

  - x86/cpu: Remove the pointless CPU printout
    (bsc#1089343).

  - x86/cpu/topology: Provide
    detect_extended_topology_early() (bsc#1089343).

  - x86/fpu: Add an XSTATE_OP() macro (bnc#1012382).

  - x86/fpu: Get rid of xstate_fault() (bnc#1012382).

  - x86/headers: Do not include asm/processor.h in
    asm/atomic.h (bnc#1012382).

  - x86/mm/pkeys: Fix mismerge of protection keys CPUID bits
    (bnc#1012382).

  - x86/mm: Simplify p[g4um]d_page() macros (1087081).

  - x86/smpboot: Do not use smp_num_siblings in
    __max_logical_packages calculation (bsc#1089343).

  - x86/smp: Provide topology_is_primary_thread()
    (bsc#1089343).

  - x86/topology: Add topology_max_smt_threads()
    (bsc#1089343).

  - x86/topology: Provide topology_smt_supported()
    (bsc#1089343).

  - x86/vdso: Use static_cpu_has() (bnc#1012382).

  - xen/grant-table: log the lack of grants (bnc#1085042).

  - xen-netfront: Fix mismatched rtnl_unlock (bnc#1101658).

  - xen-netfront: Update features after registering netdev
    (bnc#1101658).

  - xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
    (bnc#1012382)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082653"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082979"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085042"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085536"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086457"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087081"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089343"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090123"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090435"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092001"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094244"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095643"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1096978"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097771"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099811"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099844"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099845"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099846"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099849"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099858"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099863"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099864"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100132"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100930"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101331"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101658"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101789"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101841"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102188"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102197"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102203"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102205"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102207"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102211"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102214"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102215"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102340"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102394"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102683"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102851"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103097"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103119"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103269"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103580"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103717"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103745"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103884"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104174"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104319"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104365"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104494"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104495"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected the Linux Kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/17");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-base-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-base-debuginfo-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-debuginfo-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-debugsource-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-devel-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-devel-debuginfo-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-base-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-base-debuginfo-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-debuginfo-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-debugsource-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-devel-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-devel-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-docs-html-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-docs-pdf-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-macros-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-build-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-build-debugsource-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-qa-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-source-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-source-vanilla-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-syms-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-base-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-base-debuginfo-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-debuginfo-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-debugsource-4.4.143-65.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-devel-4.4.143-65.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-devel / kernel-macros / kernel-source / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3871-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(121469);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20");

  script_cve_id("CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-14625", "CVE-2018-16882", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-19407", "CVE-2018-9516");
  script_xref(name:"USN", value:"3871-1");

  script_name(english:"Ubuntu 18.04 LTS : linux vulnerabilities (USN-3871-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Wen Xu discovered that a use-after-free vulnerability existed in the
ext4 filesystem implementation in the Linux kernel. An attacker could
use this to construct a malicious ext4 image that, when mounted, could
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-10876, CVE-2018-10879)

Wen Xu discovered that a buffer overflow existed in the ext4
filesystem implementation in the Linux kernel. An attacker could use
this to construct a malicious ext4 image that, when mounted, could
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-10877)

Wen Xu discovered that an out-of-bounds write vulnerability existed in
the ext4 filesystem implementation in the Linux kernel. An attacker
could use this to construct a malicious ext4 image that, when mounted,
could cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2018-10878, CVE-2018-10882)

Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly ensure that xattr information remained in
inode bodies. An attacker could use this to construct a malicious ext4
image that, when mounted, could cause a denial of service (system
crash). (CVE-2018-10880)

Wen Xu discovered that the ext4 file system implementation in the
Linux kernel could possibly perform an out of bounds write when
updating the journal for an inline file. An attacker could use this to
construct a malicious ext4 image that, when mounted, could cause a
denial of service (system crash). (CVE-2018-10883)

It was discovered that a race condition existed in the vsock address
family implementation of the Linux kernel that could lead to a
use-after-free condition. A local attacker in a guest virtual machine
could use this to expose sensitive information (host machine kernel
memory). (CVE-2018-14625)

Cfir Cohen discovered that a use-after-free vulnerability existed in
the KVM implementation of the Linux kernel, when handling interrupts
in environments where nested virtualization is in use (nested KVM
virtualization is not enabled by default in Ubuntu kernels). A local
attacker in a guest VM could possibly use this to gain administrative
privileges in a host machine. (CVE-2018-16882)

Jann Horn discovered that the procfs file system implementation in the
Linux kernel did not properly restrict the ability to inspect the
kernel stack of an arbitrary task. A local attacker could use this to
expose sensitive information. (CVE-2018-17972)

Jann Horn discovered that the mremap() system call in the Linux kernel
did not properly flush the TLB when completing, potentially leaving
access to a physical page after it has been released to the page
allocator. A local attacker could use this to cause a denial of
service (system crash), expose sensitive information, or possibly
execute arbitrary code. (CVE-2018-18281)

Wei Wu discovered that the KVM implementation in the Linux kernel did
not properly ensure that ioapics were initialized. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2018-19407)

It was discovered that the debug interface for the Linux kernel's HID
subsystem did not properly perform bounds checking in some situations.
An attacker with access to debugfs could use this to cause a denial of
service or possibly gain additional privileges. (CVE-2018-9516).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/3871-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-9516");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/01/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/30");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-14625", "CVE-2018-16882", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-19407", "CVE-2018-9516");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3871-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-44-generic", pkgver:"4.15.0-44.47")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-44-generic-lpae", pkgver:"4.15.0-44.47")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-44-lowlatency", pkgver:"4.15.0-44.47")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-44-snapdragon", pkgver:"4.15.0-44.47")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-generic", pkgver:"4.15.0.44.46")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-generic-lpae", pkgver:"4.15.0.44.46")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-lowlatency", pkgver:"4.15.0.44.46")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-snapdragon", pkgver:"4.15.0.44.46")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.15-generic / linux-image-4.15-generic-lpae / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:3084-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(118034);
  script_version("1.6");
  script_cvs_date("Date: 2019/09/10 13:51:49");

  script_cve_id("CVE-2018-10853", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-10938", "CVE-2018-10940", "CVE-2018-12896", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-14617", "CVE-2018-14678", "CVE-2018-15572", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-16658", "CVE-2018-17182", "CVE-2018-6554", "CVE-2018-6555", "CVE-2018-7480", "CVE-2018-7757", "CVE-2018-9363");

  script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3084-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive
various security and bugfixes.

CVE-2018-10853: A flaw was found in the way the KVM hypervisor
emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not
check current privilege(CPL) level while emulating unprivileged
instructions. An unprivileged guest user/process could use this flaw
to potentially escalate privileges inside guest (bnc#1097104).

CVE-2018-10876: A flaw was found in Linux kernel in the ext4
filesystem code. A use-after-free is possible in
ext4_ext_remove_space() function when mounting and operating a crafted
ext4 image. (bnc#1099811)

CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an
out-of-bound access in the ext4_ext_drop_refs() function when
operating on a crafted ext4 filesystem image. (bnc#1099846)

CVE-2018-10878: A flaw was found in the Linux kernel's ext4
filesystem. A local user can cause an out-of-bounds write and a denial
of service or unspecified other impact is possible by mounting and
operating a crafted ext4 filesystem image. (bnc#1099813)

CVE-2018-10879: A flaw was found in the Linux kernel's ext4
filesystem. A local user can cause a use-after-free in
ext4_xattr_set_entry function and a denial of service or unspecified
other impact may occur by renaming a file in a crafted ext4 filesystem
image. (bnc#1099844)

CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds
write in the ext4 filesystem code when mounting and writing to a
crafted ext4 image in ext4_update_inline_data(). An attacker could use
this to cause a system crash and a denial of service. (bnc#1099845)

CVE-2018-10881: A flaw was found in the Linux kernel's ext4
filesystem. A local user can cause an out-of-bound access in
ext4_get_group_info function, a denial of service, and a system crash
by mounting and operating on a crafted ext4 filesystem image.
(bnc#1099864)

CVE-2018-10882: A flaw was found in the Linux kernel's ext4
filesystem. A local user can cause an out-of-bound write in in
fs/jbd2/transaction.c code, a denial of service, and a system crash by
unmounting a crafted ext4 filesystem image. (bnc#1099849)

CVE-2018-10883: A flaw was found in the Linux kernel's ext4
filesystem. A local user can cause an out-of-bounds write in
jbd2_journal_dirty_metadata(), a denial of service, and a system crash
by mounting and operating on a crafted ext4 filesystem image.
(bnc#1099863)

CVE-2018-10902: It was found that the raw midi kernel driver did not
protect against concurrent access which leads to a double realloc
(double free) in snd_rawmidi_input_params() and
snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl()
handler in rawmidi.c file. A malicious local attacker could possibly
use this for privilege escalation (bnc#1105322).

CVE-2018-10938: A crafted network packet sent remotely by an attacker
may force the kernel to enter an infinite loop in the
cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a
denial-of-service. A certain non-default configuration of LSM (Linux
Security Module) and NetLabel should be set up on a system before an
attacker could leverage this flaw (bnc#1106016).

CVE-2018-10940: The cdrom_ioctl_media_changed function in
drivers/cdrom/cdrom.c allowed local attackers to use a incorrect
bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out
kernel memory (bnc#1092903).

CVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in
the POSIX timer code is caused by the way the overrun accounting
works. Depending on interval and expiry time values, the overrun can
be larger than INT_MAX, but the accounting is int based. This
basically made the accounting values, which are visible to user space
via timer_getoverrun(2) and siginfo::si_overrun, random. For example,
a local user can cause a denial of service (signed integer overflow)
via crafted mmap, futex, timer_create, and timer_settime system calls
(bnc#1099922).

CVE-2018-13093: There is a NULL pointer dereference and panic in
lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a
corrupted xfs image. This occurs because of a lack of proper
validation that cached inodes are free during allocation
(bnc#1100001).

CVE-2018-13094: An OOPS may occur for a corrupted xfs image after
xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000).

CVE-2018-13095: A denial of service (memory corruption and BUG) can
occur for a corrupted xfs image upon encountering an inode that is in
extent format, but has more extents than fit in the inode fork
(bnc#1099999).

CVE-2018-14617: There is a NULL pointer dereference and panic in
hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is
purportedly a hard link) in an hfs+ filesystem that has malformed
catalog data, and is mounted read-only without a metadata directory
(bnc#1102870).

CVE-2018-14678: The xen_failsafe_callback entry point in
arch/x86/entry/entry_64.S did not properly maintain RBX, which allowed
local users to cause a denial of service (uninitialized memory usage
and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can
trigger a guest OS crash or possibly gain privileges (bnc#1102715).

CVE-2018-15572: The spectre_v2_select_mitigation function in
arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context
switch, which made it easier for attackers to conduct
userspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296).

CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect
calls, which made it easier for attackers to conduct Spectre-v2
attacks against paravirtual guests (bnc#1105348).

CVE-2018-16276: Local attackers could use user access read/writes with
incorrect bounds checking in the yurex USB driver to crash the kernel
or potentially escalate privileges (bnc#1106095).

CVE-2018-16658: An information leak in cdrom_ioctl_drive_status in
drivers/cdrom/cdrom.c could be used by local attackers to read kernel
memory because a cast from unsigned long to int interferes with bounds
checking. This is similar to CVE-2018-10940 (bnc#1107689).

CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c
mishandled sequence number overflows. An attacker can trigger a
use-after-free (and possibly gain privileges) via certain thread
creation, map, unmap, invalidation, and dereference operations
(bnc#1108399).

CVE-2018-6554: Memory leak in the irda_bind function in
net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c
allowed local users to cause a denial of service (memory consumption)
by repeatedly binding an AF_IRDA socket (bnc#1106509).

CVE-2018-6555: The irda_setsockopt function in net/irda/af_irda.c and
later in drivers/staging/irda/net/af_irda.c allowed local users to
cause a denial of service (ias_object use-after-free and system crash)
or possibly have unspecified other impact via an AF_IRDA socket
(bnc#1106511).

CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in
drivers/scsi/libsas/sas_expander.c allowed local users to cause a
denial of service (memory consumption) via many read accesses to files
in the /sys/class/sas_phy directory, as demonstrated by the
/sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536).

CVE-2018-9363: A buffer overflow in bluetooth HID report processing
could be used by malicious bluetooth devices to crash the kernel or
potentially execute code (bnc#1105292). The following security bugs
were fixed :

CVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c
allowed local users to cause a denial of service (double free) or
possibly have unspecified other impact by triggering a creation
failure (bnc#1082863).

The update package also includes non-security fixes. See advisory for
details.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1042286"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1062604"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1064232"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1065364"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1082519"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1082863"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1084536"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1085042"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1088810"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1089066"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1092903"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1094466"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1095344"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1096547"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1097104"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099597"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099811"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099844"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099845"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099846"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099849"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099863"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099864"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099922"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099993"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099999"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1100000"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1100001"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1100152"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1102517"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1102715"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1102870"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1103445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104319"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104495"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105292"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105296"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105322"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105348"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105396"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105536"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106016"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106095"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106369"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106509"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106511"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106512"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106594"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1107689"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1107735"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1107966"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1108239"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1108399"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1109333"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10853/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10876/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10877/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10878/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10879/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10880/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10881/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10882/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10883/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10902/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10938/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10940/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-12896/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-13093/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-13094/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-13095/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-14617/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-14678/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-15572/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-15594/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-16276/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-16658/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-17182/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-6554/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-6555/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-7480/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-7757/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-9363/"
  );
  # https://www.suse.com/support/update/announcement/2018/suse-su-20183084-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b663a3db"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE OpenStack Cloud 7:zypper in -t patch
SUSE-OpenStack-Cloud-7-2018-2188=1

SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch
SUSE-SLE-SAP-12-SP2-2018-2188=1

SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2018-2188=1

SUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch
SUSE-SLE-HA-12-SP2-2018-2188=1

SUSE Enterprise Storage 4:zypper in -t patch
SUSE-Storage-4-2018-2188=1

OpenStack Cloud Magnum Orchestration 7:zypper in -t patch
SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2188=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_95-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:lttng-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:lttng-modules-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/10/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"kgraft-patch-4_4_121-92_95-default-1-3.4.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"lttng-modules-2.7.1-9.6.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"lttng-modules-debugsource-2.7.1-9.6.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"s390x", reference:"kernel-default-man-4.4.121-92.95.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-4.4.121-92.95.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-base-4.4.121-92.95.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-base-debuginfo-4.4.121-92.95.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-debuginfo-4.4.121-92.95.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-debugsource-4.4.121-92.95.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-devel-4.4.121-92.95.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-syms-4.4.121-92.95.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}