Vulnerabilities > CVE-2018-10883 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
debian
linux
canonical
redhat
CWE-787
nessus

Summary

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

Vulnerable Configurations

Part Description Count
OS
Debian
1
OS
Linux
2806
OS
Canonical
3
OS
Redhat
4

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3871-4.NASL
    descriptionUSN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883) It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) It was discovered that the debug interface for the Linux kernel
    last seen2020-03-18
    modified2019-02-05
    plugin id121594
    published2019-02-05
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121594
    titleUbuntu 16.04 LTS : linux-hwe, linux-aws-hwe, linux-gcp vulnerabilities (USN-3871-4)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3871-4. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121594);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20");
    
      script_cve_id("CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-14625", "CVE-2018-16882", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-19407", "CVE-2018-9516");
      script_xref(name:"USN", value:"3871-4");
    
      script_name(english:"Ubuntu 16.04 LTS : linux-hwe, linux-aws-hwe, linux-gcp vulnerabilities (USN-3871-4)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
    LTS. This update provides the corresponding updates for the Linux
    Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
    16.04 LTS.
    
    Wen Xu discovered that a use-after-free vulnerability existed in the
    ext4 filesystem implementation in the Linux kernel. An attacker could
    use this to construct a malicious ext4 image that, when mounted, could
    cause a denial of service (system crash) or possibly execute arbitrary
    code. (CVE-2018-10876, CVE-2018-10879)
    
    Wen Xu discovered that a buffer overflow existed in the ext4
    filesystem implementation in the Linux kernel. An attacker could use
    this to construct a malicious ext4 image that, when mounted, could
    cause a denial of service (system crash) or possibly execute arbitrary
    code. (CVE-2018-10877)
    
    Wen Xu discovered that an out-of-bounds write vulnerability existed in
    the ext4 filesystem implementation in the Linux kernel. An attacker
    could use this to construct a malicious ext4 image that, when mounted,
    could cause a denial of service (system crash) or possibly execute
    arbitrary code. (CVE-2018-10878, CVE-2018-10882)
    
    Wen Xu discovered that the ext4 filesystem implementation in the Linux
    kernel did not properly ensure that xattr information remained in
    inode bodies. An attacker could use this to construct a malicious ext4
    image that, when mounted, could cause a denial of service (system
    crash). (CVE-2018-10880)
    
    Wen Xu discovered that the ext4 file system implementation in the
    Linux kernel could possibly perform an out of bounds write when
    updating the journal for an inline file. An attacker could use this to
    construct a malicious ext4 image that, when mounted, could cause a
    denial of service (system crash). (CVE-2018-10883)
    
    It was discovered that a race condition existed in the vsock address
    family implementation of the Linux kernel that could lead to a
    use-after-free condition. A local attacker in a guest virtual machine
    could use this to expose sensitive information (host machine kernel
    memory). (CVE-2018-14625)
    
    Cfir Cohen discovered that a use-after-free vulnerability existed in
    the KVM implementation of the Linux kernel, when handling interrupts
    in environments where nested virtualization is in use (nested KVM
    virtualization is not enabled by default in Ubuntu kernels). A local
    attacker in a guest VM could possibly use this to gain administrative
    privileges in a host machine. (CVE-2018-16882)
    
    Jann Horn discovered that the procfs file system implementation in the
    Linux kernel did not properly restrict the ability to inspect the
    kernel stack of an arbitrary task. A local attacker could use this to
    expose sensitive information. (CVE-2018-17972)
    
    Jann Horn discovered that the mremap() system call in the Linux kernel
    did not properly flush the TLB when completing, potentially leaving
    access to a physical page after it has been released to the page
    allocator. A local attacker could use this to cause a denial of
    service (system crash), expose sensitive information, or possibly
    execute arbitrary code. (CVE-2018-18281)
    
    Wei Wu discovered that the KVM implementation in the Linux kernel did
    not properly ensure that ioapics were initialized. A local attacker
    could use this to cause a denial of service (system crash).
    (CVE-2018-19407)
    
    It was discovered that the debug interface for the Linux kernel's HID
    subsystem did not properly perform bounds checking in some situations.
    An attacker with access to debugfs could use this to cause a denial of
    service or possibly gain additional privileges. (CVE-2018-9516).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3871-4/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-9516");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-14625", "CVE-2018-16882", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-19407", "CVE-2018-9516");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3871-4");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-1027-gcp", pkgver:"4.15.0-1027.28~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-1032-aws", pkgver:"4.15.0-1032.34~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-45-generic", pkgver:"4.15.0-45.48~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-45-generic-lpae", pkgver:"4.15.0-45.48~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-45-lowlatency", pkgver:"4.15.0-45.48~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-aws-hwe", pkgver:"4.15.0.1032.33")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-gcp", pkgver:"4.15.0.1027.41")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-hwe-16.04", pkgver:"4.15.0.45.66")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-lpae-hwe-16.04", pkgver:"4.15.0.45.66")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-gke", pkgver:"4.15.0.1027.41")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-lowlatency-hwe-16.04", pkgver:"4.15.0.45.66")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-oem", pkgver:"4.15.0.45.66")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-virtual-hwe-16.04", pkgver:"4.15.0.45.66")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.15-aws / linux-image-4.15-gcp / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3879-2.NASL
    descriptionUSN-3879-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-02-05
    plugin id121597
    published2019-02-05
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121597
    titleUbuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3879-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3879-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121597);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20");
    
      script_cve_id("CVE-2018-10883", "CVE-2018-16862", "CVE-2018-19407", "CVE-2018-19824", "CVE-2018-20169");
      script_xref(name:"USN", value:"3879-2");
    
      script_name(english:"Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3879-2)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-3879-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
    LTS. This update provides the corresponding updates for the Linux
    Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
    14.04 LTS.
    
    Wen Xu discovered that the ext4 file system implementation in the
    Linux kernel could possibly perform an out of bounds write when
    updating the journal for an inline file. An attacker could use this to
    construct a malicious ext4 image that, when mounted, could cause a
    denial of service (system crash). (CVE-2018-10883)
    
    Vasily Averin and Pavel Tikhomirov discovered that the cleancache
    subsystem of the Linux kernel did not properly initialize new files in
    some situations. A local attacker could use this to expose sensitive
    information. (CVE-2018-16862)
    
    Wei Wu discovered that the KVM implementation in the Linux kernel did
    not properly ensure that ioapics were initialized. A local attacker
    could use this to cause a denial of service (system crash).
    (CVE-2018-19407)
    
    Mathias Payer and Hui Peng discovered a use-after-free vulnerability
    in the Advanced Linux Sound Architecture (ALSA) subsystem. A
    physically proximate attacker could use this to cause a denial of
    service (system crash). (CVE-2018-19824)
    
    Hui Peng and Mathias Payer discovered that the USB subsystem in the
    Linux kernel did not properly handle size checks when handling an
    extra USB descriptor. A physically proximate attacker could use this
    to cause a denial of service (system crash). (CVE-2018-20169).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3879-2/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-20169");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-10883", "CVE-2018-16862", "CVE-2018-19407", "CVE-2018-19824", "CVE-2018-20169");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3879-2");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-1038-aws", pkgver:"4.4.0-1038.41")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-142-generic", pkgver:"4.4.0-142.168~14.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-142-generic-lpae", pkgver:"4.4.0-142.168~14.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-142-lowlatency", pkgver:"4.4.0-142.168~14.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-aws", pkgver:"4.4.0.1038.38")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-generic-lpae-lts-xenial", pkgver:"4.4.0.142.122")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-generic-lts-xenial", pkgver:"4.4.0.142.122")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-lowlatency-lts-xenial", pkgver:"4.4.0.142.122")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.4-aws / linux-image-4.4-generic / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2908-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 kernel was updated receive various security and bugfixes. The following security bugs were fixed : CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912) CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095) CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001) CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322) CVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844) CVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863) CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could have used this to cause a system crash and a denial of service (bsc#1099845) CVE-2018-10882: A local user could have caused an out-of-bound write, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849) CVE-2018-10881: A local user could have caused an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864) CVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846) CVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811) CVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service or unspecified other impact by mounting and operating a crafted ext4 filesystem image (bsc#1099813) CVE-2018-10853: The KVM hypervisor did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could have used this flaw to potentially escalate privileges inside guest (bsc#1097104). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117824
    published2018-09-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117824
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:2908-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:2908-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(117824);
      script_version("1.5");
      script_cvs_date("Date: 2019/09/10 13:51:49");
    
      script_cve_id("CVE-2018-10853", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-10940", "CVE-2018-12896", "CVE-2018-13093", "CVE-2018-14617", "CVE-2018-14634", "CVE-2018-16276", "CVE-2018-16658", "CVE-2018-6554", "CVE-2018-6555");
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2908-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP1 kernel was updated receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2018-14634: Prevent integer overflow in create_elf_tables that
    allowed a local attacker to exploit this vulnerability via a SUID-root
    binary and obtain full root privileges (bsc#1108912)
    
    CVE-2018-14617: Prevent NULL pointer dereference and panic in
    hfsplus_lookup() when opening a file (that is purportedly a hard link)
    in an hfs+ filesystem that has malformed catalog data, and is mounted
    read-only without a metadata directory (bsc#1102870)
    
    CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in
    yurex_read allowed local attackers to use user access read/writes to
    crash the kernel or potentially escalate privileges (bsc#1106095)
    
    CVE-2018-12896: Prevent integer overflow in the POSIX timer code that
    was caused by the way the overrun accounting works. Depending on
    interval and expiry time values, the overrun can be larger than
    INT_MAX, but the accounting is int based. This basically made the
    accounting values, which are visible to user space via
    timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a
    local user to cause a denial of service (signed integer overflow) via
    crafted mmap, futex, timer_create, and timer_settime system calls
    (bnc#1099922)
    
    CVE-2018-13093: Prevent NULL pointer dereference and panic in
    lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a
    corrupted xfs image. This occured because of a lack of proper
    validation that cached inodes are free during allocation (bnc#1100001)
    
    CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local
    attackers to use a incorrect bounds check in the CDROM driver
    CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)
    
    CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status
    that could have been used by local attackers to read kernel memory
    (bnc#1107689)
    
    CVE-2018-6555: The irda_setsockopt function allowed local users to
    cause a denial of service (ias_object use-after-free and system crash)
    or possibly have unspecified other impact via an AF_IRDA socket
    (bnc#1106511)
    
    CVE-2018-6554: Prevent memory leak in the irda_bind function that
    allowed local users to cause a denial of service (memory consumption)
    by repeatedly binding an AF_IRDA socket (bnc#1106509)
    
    CVE-2018-10902: Protect against concurrent access to prevent double
    realloc (double free) in snd_rawmidi_input_params() and
    snd_rawmidi_output_status(). A malicious local attacker could have
    used this for privilege escalation (bnc#1105322)
    
    CVE-2018-10879: A local user could have caused a use-after-free in
    ext4_xattr_set_entry function and a denial of service or unspecified
    other impact by renaming a file in a crafted ext4 filesystem image
    (bsc#1099844)
    
    CVE-2018-10883: A local user could have caused an out-of-bounds write
    in jbd2_journal_dirty_metadata(), a denial of service, and a system
    crash by mounting and operating on a crafted ext4 filesystem image
    (bsc#1099863)
    
    CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4
    filesystem code when mounting and writing to a crafted ext4 image in
    ext4_update_inline_data(). An attacker could have used this to cause a
    system crash and a denial of service (bsc#1099845)
    
    CVE-2018-10882: A local user could have caused an out-of-bound write,
    a denial of service, and a system crash by unmounting a crafted ext4
    filesystem image (bsc#1099849)
    
    CVE-2018-10881: A local user could have caused an out-of-bound access
    in ext4_get_group_info function, a denial of service, and a system
    crash by mounting and operating on a crafted ext4 filesystem image
    (bsc#1099864)
    
    CVE-2018-10877: Prevent out-of-bound access in the
    ext4_ext_drop_refs() function when operating on a crafted ext4
    filesystem image (bsc#1099846)
    
    CVE-2018-10876: A use-after-free was possible in
    ext4_ext_remove_space() function when mounting and operating a crafted
    ext4 image (bsc#1099811)
    
    CVE-2018-10878: A local user could have caused an out-of-bounds write
    and a denial of service or unspecified other impact by mounting and
    operating a crafted ext4 filesystem image (bsc#1099813)
    
    CVE-2018-10853: The KVM hypervisor did not check current
    privilege(CPL) level while emulating unprivileged instructions. An
    unprivileged guest user/process could have used this flaw to
    potentially escalate privileges inside guest (bsc#1097104).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062604"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064233"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1065999"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1090534"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1090955"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1091171"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1092903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1096547"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1097104"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1097108"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099844"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099845"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099846"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099849"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099863"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099864"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099922"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1100001"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1102870"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1103445"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104319"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104495"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104818"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104906"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105100"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105322"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105323"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105396"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106095"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106369"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106509"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106511"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107689"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10853/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10876/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10877/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10878/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10879/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10880/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10881/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10882/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10883/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10902/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10940/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12896/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-13093/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-14617/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-14634/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16276/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16658/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-6554/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-6555/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20182908-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e50fcd04"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2018-2063=1
    
    SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch
    SUSE-SLE-Module-Public-Cloud-12-2018-2063=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/09/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-devel-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"s390x", reference:"kernel-default-man-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-debuginfo-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debuginfo-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debugsource-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-devel-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-syms-3.12.74-60.64.104.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1533.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-05-14
    plugin id124986
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124986
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1533)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124986);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2013-4515",
        "CVE-2013-6378",
        "CVE-2014-0196",
        "CVE-2014-3673",
        "CVE-2014-3690",
        "CVE-2014-9715",
        "CVE-2014-9731",
        "CVE-2015-2672",
        "CVE-2015-6937",
        "CVE-2015-7613",
        "CVE-2015-8844",
        "CVE-2016-0821",
        "CVE-2016-2066",
        "CVE-2016-6156",
        "CVE-2017-1000251",
        "CVE-2017-18200",
        "CVE-2017-2671",
        "CVE-2018-10883",
        "CVE-2018-15594",
        "CVE-2018-5344"
      );
      script_bugtraq_id(
        63518,
        63886,
        67199,
        67282,
        70691,
        70883,
        73953,
        75001
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1533)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - An integer overflow flaw was found in the way the Linux
        kernel's netfilter connection tracking implementation
        loaded extensions. An attacker on a local network could
        potentially send a sequence of specially crafted
        packets that would initiate the loading of a large
        number of extensions, causing the targeted system in
        that network to crash.(CVE-2014-9715i1/4%0
    
      - A flaw was found in the Linux kernel which could cause
        a kernel panic when restoring machine specific
        registers on the PowerPC platform. Incorrect
        transactional memory state registers could
        inadvertently change the call path on return from
        userspace and cause the kernel to enter an unknown
        state and crash.(CVE-2015-8844i1/4%0
    
      - A timing flaw was found in the Chrome EC driver in the
        Linux kernel. An attacker could abuse timing to skip
        validation checks to copy additional data from
        userspace possibly increasing privilege or crashing the
        system.(CVE-2016-6156i1/4%0
    
      - A race condition flaw was found in the way the Linux
        kernel's IPC subsystem initialized certain fields in an
        IPC object structure that were later used for
        permission checking before inserting the object into a
        globally visible list. A local, unprivileged user could
        potentially use this flaw to elevate their privileges
        on the system.(CVE-2015-7613i1/4%0
    
      - A path length checking flaw was found in Linux kernels
        built with UDF file system (CONFIG_UDF_FS) support. An
        attacker able to mount a corrupted/malicious UDF file
        system image could use this flaw to leak kernel memory
        to user-space.(CVE-2014-9731i1/4%0
    
      - A race condition leading to a NULL pointer dereference
        was found in the Linux kernel's Link Layer Control
        implementation. A local attacker with access to ping
        sockets could use this flaw to crash the
        system.(CVE-2017-2671i1/4%0
    
      - The f2fs implementation in the Linux kernel, before
        4.14, mishandles reference counts associated with
        f2fs_wait_discard_bios calls. This allows local users
        to cause a denial of service (BUG), as demonstrated by
        fstrim.(CVE-2017-18200i1/4%0
    
      - The LIST_POISON feature in include/linux/poison.h in
        the Linux kernel before 4.3, as used in Android 6.0.1
        before 2016-03-01, does not properly consider the
        relationship to the mmap_min_addr value, which makes it
        easier for attackers to bypass a poison-pointer
        protection mechanism by triggering the use of an
        uninitialized list entry, aka Android internal bug
        26186802, a different vulnerability than
        CVE-2015-3636.(CVE-2016-0821i1/4%0
    
      - The xsave/xrstor implementation in
        arch/x86/include/asm/xsave.h in the Linux kernel before
        3.19.2 creates certain .altinstr_replacement pointers
        and consequently does not provide any protection
        against instruction faulting, which allows local users
        to cause a denial of service (panic) by triggering a
        fault, as demonstrated by an unaligned memory operand
        or a non-canonical address memory
        operand.(CVE-2015-2672i1/4%0
    
      - The n_tty_write function in drivers/tty/n_tty.c in the
        Linux kernel through 3.14.3 does not properly manage
        tty driver access in the 'LECHO i1/4+ !OPOST' case, which
        allows local users to cause a denial of service (memory
        corruption and system crash) or gain privileges by
        triggering a race condition involving read and write
        operations with long strings.(CVE-2014-0196i1/4%0
    
      - In the Linux kernel through 4.14.13,
        drivers/block/loop.c mishandles lo_release
        serialization, which allows attackers to cause a denial
        of service (__lock_acquire use-after-free) or possibly
        have unspecified other impact.(CVE-2018-5344i1/4%0
    
      - The lbs_debugfs_write function in
        drivers/net/wireless/libertas/debugfs.c in the Linux
        kernel through 3.12.1 allows local users to cause a
        denial of service (OOPS) by leveraging root privileges
        for a zero-length write operation.(CVE-2013-6378i1/4%0
    
      - A NULL-pointer dereference vulnerability was discovered
        in the Linux kernel. The kernel's Reliable Datagram
        Sockets (RDS) protocol implementation did not verify
        that an underlying transport existed before creating a
        connection to a remote server. A local system user
        could exploit this flaw to crash the system by creating
        sockets at specific times to trigger a NULL pointer
        dereference.(CVE-2015-6937i1/4%0
    
      - A stack buffer overflow flaw was found in the way the
        Bluetooth subsystem of the Linux kernel processed
        pending L2CAP configuration responses from a client. On
        systems with the stack protection feature enabled in
        the kernel (CONFIG_CC_STACKPROTECTOR=y, which is
        enabled on all architectures other than s390x and
        ppc64le), an unauthenticated attacker able to initiate
        a connection to a system via Bluetooth could use this
        flaw to crash the system. Due to the nature of the
        stack protection feature, code execution cannot be
        fully ruled out, although we believe it is unlikely. On
        systems without the stack protection feature (ppc64le
        the Bluetooth modules are not built on s390x), an
        unauthenticated attacker able to initiate a connection
        to a system via Bluetooth could use this flaw to
        remotely execute arbitrary code on the system with ring
        0 (kernel) privileges.(CVE-2017-1000251i1/4%0
    
      - Integer signedness error in the MSM QDSP6 audio driver
        for the Linux kernel 3.x, as used in Qualcomm
        Innovation Center (QuIC) Android contributions for MSM
        devices and other products, allows attackers to gain
        privileges or cause a denial of service (memory
        corruption) via a crafted application that makes an
        ioctl call.(CVE-2016-2066i1/4%0
    
      - The bcm_char_ioctl function in
        drivers/staging/bcm/Bcmchar.c in the Linux kernel
        before 3.12 does not initialize a certain data
        structure, which allows local users to obtain sensitive
        information from kernel memory via an
        IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl
        call.(CVE-2013-4515i1/4%0
    
      - A flaw was found in the way the Linux kernel's Stream
        Control Transmission Protocol (SCTP) implementation
        handled malformed Address Configuration Change Chunks
        (ASCONF). A remote attacker could use either of these
        flaws to crash the system.(CVE-2014-3673i1/4%0
    
      - It was found that paravirt_patch_call/jump() functions
        in the arch/x86/kernel/paravirt.c in the Linux kernel
        mishandles certain indirect calls, which makes it
        easier for attackers to conduct Spectre-v2 attacks
        against paravirtualized guests.(CVE-2018-15594i1/4%0
    
      - It was found that the Linux kernel's KVM implementation
        did not ensure that the host CR4 control register value
        remained unchanged across VM entries on the same
        virtual CPU. A local, unprivileged user could use this
        flaw to cause a denial of service on the
        system.(CVE-2014-3690i1/4%0
    
      - A flaw was found in the Linux kernel's ext4 filesystem.
        A local user can cause an out-of-bound write in
        jbd2_journal_dirty_metadata(), a denial of service, and
        a system crash by mounting and operating on a crafted
        ext4 filesystem image.(CVE-2018-10883i1/4%0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1533
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b6ad58ff");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-4.19.28-1.2.117",
            "kernel-devel-4.19.28-1.2.117",
            "kernel-headers-4.19.28-1.2.117",
            "kernel-tools-4.19.28-1.2.117",
            "kernel-tools-libs-4.19.28-1.2.117",
            "kernel-tools-libs-devel-4.19.28-1.2.117",
            "perf-4.19.28-1.2.117",
            "python-perf-4.19.28-1.2.117"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20181030_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) - kernel: out-of-bounds access in the show_timer function in kernel/time /posix-timers.c (CVE-2017-18344) - kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781) - kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) - kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405) - kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830) - kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) - kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661) - kernel: Salsa20 encryption algorithm does not correctly handle zero- length inputs allowing local attackers to cause denial of service (CVE-2017-17805) - kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208) - kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120) - kernel: a NULL pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130) - kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344) - kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803) - kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848) - kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878) - kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026) - kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913) - kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232) - kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092) - kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094) - kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118) - kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740) - kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757) - kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322) - kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879) - kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881) - kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883) - kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)
    last seen2020-03-18
    modified2018-11-27
    plugin id119187
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119187
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20181030)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119187);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/01");
    
      script_cve_id("CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL7.x x86_64 (20181030)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Security Fix(es) :
    
      - A flaw named FragmentSmack was found in the way the
        Linux kernel handled reassembly of fragmented IPv4 and
        IPv6 packets. A remote attacker could use this flaw to
        trigger time and calculation expensive fragment
        reassembly algorithm by sending specially crafted
        packets which could lead to a CPU saturation and hence a
        denial of service on the system. (CVE-2018-5391)
    
      - kernel: out-of-bounds access in the show_timer function
        in kernel/time /posix-timers.c (CVE-2017-18344)
    
      - kernel: Integer overflow in udl_fb_mmap() can allow
        attackers to execute code in kernel space
        (CVE-2018-8781)
    
      - kernel: MIDI driver race condition leads to a
        double-free (CVE-2018-10902)
    
      - kernel: Missing check in inode_init_owner() does not
        clear SGID bit on non-directories for non-members
        (CVE-2018-13405)
    
      - kernel: AIO write triggers integer overflow in some
        protocols (CVE-2015-8830)
    
      - kernel: Use-after-free in snd_pcm_info function in ALSA
        subsystem potentially leads to privilege escalation
        (CVE-2017-0861)
    
      - kernel: Handling of might_cancel queueing is not
        properly pretected against race (CVE-2017-10661)
    
      - kernel: Salsa20 encryption algorithm does not correctly
        handle zero- length inputs allowing local attackers to
        cause denial of service (CVE-2017-17805)
    
      - kernel: Inifinite loop vulnerability in
        madvise_willneed() function allows local denial of
        service (CVE-2017-18208)
    
      - kernel: fuse-backed file mmap-ed onto process cmdline
        arguments causes denial of service (CVE-2018-1120)
    
      - kernel: a NULL pointer dereference in dccp_write_xmit()
        leads to a system crash (CVE-2018-1130)
    
      - kernel: drivers/block/loop.c mishandles lo_release
        serialization allowing denial of service (CVE-2018-5344)
    
      - kernel: Missing length check of payload in
        _sctp_make_chunk() function allows denial of service
        (CVE-2018-5803)
    
      - kernel: buffer overflow in
        drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may
        lead to memory corruption (CVE-2018-5848)
    
      - kernel: out-of-bound write in ext4_init_block_bitmap
        function with a crafted ext4 image (CVE-2018-10878)
    
      - kernel: Improper validation in bnx2x network card driver
        can allow for denial of service attacks via crafted
        packet (CVE-2018-1000026)
    
      - kernel: Information leak when handling NM entries
        containing NUL (CVE-2016-4913)
    
      - kernel: Mishandling mutex within libsas allowing local
        Denial of Service (CVE-2017-18232)
    
      - kernel: NULL pointer dereference in
        ext4_process_freed_data() when mounting crafted ext4
        image (CVE-2018-1092)
    
      - kernel: NULL pointer dereference in
        ext4_xattr_inode_hash() causes crash with crafted ext4
        image (CVE-2018-1094)
    
      - kernel: vhost: Information disclosure in
        vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)
    
      - kernel: Denial of service in resv_map_release function
        in mm/hugetlb.c (CVE-2018-7740)
    
      - kernel: Memory leak in the sas_smp_get_phy_events
        function in drivers/scsi/libsas/sas_expander.c
        (CVE-2018-7757)
    
      - kernel: Invalid pointer dereference in
        xfs_ilock_attr_map_shared() when mounting crafted xfs
        image allowing denial of service (CVE-2018-10322)
    
      - kernel: use-after-free detected in ext4_xattr_set_entry
        with a crafted file (CVE-2018-10879)
    
      - kernel: out-of-bound access in ext4_get_group_info()
        when mounting and operating a crafted ext4 image
        (CVE-2018-10881)
    
      - kernel: stack-out-of-bounds write in
        jbd2_journal_dirty_metadata function (CVE-2018-10883)
    
      - kernel: incorrect memory bounds check in
        drivers/cdrom/cdrom.c (CVE-2018-10940)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1811&L=scientific-linux-errata&F=&S=&P=8524
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?faf0e575"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-10661");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bpftool");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bpftool-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", reference:"kernel-abi-whitelists-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", reference:"kernel-doc-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-3.10.0-957.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-957.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2858-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 azure kernel was updated to 4.4.155 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001) CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that could have occurred for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999) CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000) CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (bnc#1096748) CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (bnc#1096748) CVE-2018-10938: A crafted network packet sent remotely by an attacker forced the kernel to enter an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service (bnc#1106016) CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517) CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322). CVE-2018-9363: Prevent buffer overflow in hidp_process_report (bsc#1105292) CVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863) CVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844) CVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service or unspecified other impact by mounting and operating a crafted ext4 filesystem image (bsc#1099813) CVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811) CVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846) CVE-2018-10881: A local user could have caused an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864) CVE-2018-10882: A local user could have caused an out-of-bound write, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849) CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could have used this to cause a system crash and a denial of service (bsc#1099845) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117800
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117800
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:2858-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:2858-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(117800);
      script_version("1.5");
      script_cvs_date("Date: 2019/09/10 13:51:49");
    
      script_cve_id("CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-10938", "CVE-2018-10940", "CVE-2018-1128", "CVE-2018-1129", "CVE-2018-12896", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-15572", "CVE-2018-16658", "CVE-2018-6554", "CVE-2018-6555", "CVE-2018-9363");
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2858-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP3 azure kernel was updated to 4.4.155
    to receive various security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2018-13093: Prevent NULL pointer dereference and panic in
    lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a
    corrupted xfs image. This occured because of a lack of proper
    validation that cached inodes are free during allocation (bnc#1100001)
    
    CVE-2018-13095: Prevent denial of service (memory corruption and BUG)
    that could have occurred for a corrupted xfs image upon encountering
    an inode that is in extent format, but has more extents than fit in
    the inode fork (bnc#1099999)
    
    CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs
    image after xfs_da_shrink_inode() is called with a NULL bp
    (bnc#1100000)
    
    CVE-2018-12896: Prevent integer overflow in the POSIX timer code that
    was caused by the way the overrun accounting works. Depending on
    interval and expiry time values, the overrun can be larger than
    INT_MAX, but the accounting is int based. This basically made the
    accounting values, which are visible to user space via
    timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a
    local user to cause a denial of service (signed integer overflow) via
    crafted mmap, futex, timer_create, and timer_settime system calls
    (bnc#1099922)
    
    CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status
    that could have been used by local attackers to read kernel memory
    (bnc#1107689)
    
    CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local
    attackers to use a incorrect bounds check in the CDROM driver
    CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)
    
    CVE-2018-6555: The irda_setsockopt function allowed local users to
    cause a denial of service (ias_object use-after-free and system crash)
    or possibly have unspecified other impact via an AF_IRDA socket
    (bnc#1106511)
    
    CVE-2018-6554: Prevent memory leak in the irda_bind function that
    allowed local users to cause a denial of service (memory consumption)
    by repeatedly binding an AF_IRDA socket (bnc#1106509)
    
    CVE-2018-1129: A flaw was found in the way signature calculation was
    handled by cephx authentication protocol. An attacker having access to
    ceph cluster network who is able to alter the message payload was able
    to bypass signature checks done by cephx protocol (bnc#1096748)
    
    CVE-2018-1128: It was found that cephx authentication protocol did not
    verify ceph clients correctly and was vulnerable to replay attack. Any
    attacker having access to ceph cluster network who is able to sniff
    packets on network can use this vulnerability to authenticate with
    ceph service and perform actions allowed by ceph service (bnc#1096748)
    
    CVE-2018-10938: A crafted network packet sent remotely by an attacker
    forced the kernel to enter an infinite loop in the cipso_v4_optptr()
    function leading to a denial-of-service (bnc#1106016)
    
    CVE-2018-15572: The spectre_v2_select_mitigation function did not
    always fill RSB upon a context switch, which made it easier for
    attackers to conduct userspace-userspace spectreRSB attacks
    (bnc#1102517)
    
    CVE-2018-10902: Protect against concurrent access to prevent double
    realloc (double free) in snd_rawmidi_input_params() and
    snd_rawmidi_output_status(). A malicious local attacker could have
    used this for privilege escalation (bnc#1105322).
    
    CVE-2018-9363: Prevent buffer overflow in hidp_process_report
    (bsc#1105292)
    
    CVE-2018-10883: A local user could have caused an out-of-bounds write
    in jbd2_journal_dirty_metadata(), a denial of service, and a system
    crash by mounting and operating on a crafted ext4 filesystem image
    (bsc#1099863)
    
    CVE-2018-10879: A local user could have caused a use-after-free in
    ext4_xattr_set_entry function and a denial of service or unspecified
    other impact by renaming a file in a crafted ext4 filesystem image
    (bsc#1099844)
    
    CVE-2018-10878: A local user could have caused an out-of-bounds write
    and a denial of service or unspecified other impact by mounting and
    operating a crafted ext4 filesystem image (bsc#1099813)
    
    CVE-2018-10876: A use-after-free was possible in
    ext4_ext_remove_space() function when mounting and operating a crafted
    ext4 image (bsc#1099811)
    
    CVE-2018-10877: Prevent out-of-bound access in the
    ext4_ext_drop_refs() function when operating on a crafted ext4
    filesystem image (bsc#1099846)
    
    CVE-2018-10881: A local user could have caused an out-of-bound access
    in ext4_get_group_info function, a denial of service, and a system
    crash by mounting and operating on a crafted ext4 filesystem image
    (bsc#1099864)
    
    CVE-2018-10882: A local user could have caused an out-of-bound write,
    a denial of service, and a system crash by unmounting a crafted ext4
    filesystem image (bsc#1099849)
    
    CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4
    filesystem code when mounting and writing to a crafted ext4 image in
    ext4_update_inline_data(). An attacker could have used this to cause a
    system crash and a denial of service (bsc#1099845)
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1015342"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1015343"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1017967"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019699"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1020412"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1021121"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022604"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024361"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024365"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024376"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1027968"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1030552"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1033962"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042286"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050431"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053685"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055014"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056596"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062604"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063646"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064232"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1065364"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066223"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1068032"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1068075"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1069138"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1078921"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1080157"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083663"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085536"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085539"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086457"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1087092"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1089066"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1090888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1091171"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1091860"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1092903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1096254"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1096748"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1097105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098253"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098822"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099597"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099810"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099832"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099844"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099845"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099846"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099849"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099863"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099864"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099922"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099999"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1100000"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1100001"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1100132"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1101822"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1101841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1102346"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1102486"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1102517"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1102715"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1102797"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1103269"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1103445"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104319"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104485"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104494"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104495"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104683"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104897"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105271"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105292"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105322"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105392"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105396"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105524"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105536"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105769"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106016"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106185"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106229"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106271"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106275"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106276"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106278"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106281"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106283"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106369"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106509"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106511"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106594"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106697"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106929"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106934"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107060"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107078"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107319"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107320"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107689"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107735"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107966"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=963575"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966170"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966172"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969470"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969476"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969477"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=970506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10876/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10877/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10878/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10879/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10880/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10881/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10882/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10883/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10902/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10938/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10940/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1128/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1129/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12896/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-13093/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-13094/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-13095/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-15572/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16658/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-6554/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-6555/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-9363/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20182858-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?737e2176"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2018-2004=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2018-2004=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms-azure");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/09/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-4.4.155-4.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-base-4.4.155-4.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-base-debuginfo-4.4.155-4.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-debuginfo-4.4.155-4.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-debugsource-4.4.155-4.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-devel-4.4.155-4.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-syms-azure-4.4.155-4.16.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1223.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A new software page cache side channel attack scenario was discovered in operating systems that implement the very common
    last seen2020-03-19
    modified2019-04-09
    plugin id123909
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123909
    titleEulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1223)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123909);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2018-10878",
        "CVE-2018-10879",
        "CVE-2018-10881",
        "CVE-2018-10883",
        "CVE-2018-13093",
        "CVE-2018-13094",
        "CVE-2018-17972",
        "CVE-2018-18690",
        "CVE-2019-5489"
      );
    
      script_name(english:"EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1223)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - A new software page cache side channel attack scenario
        was discovered in operating systems that implement the
        very common 'page cache' caching mechanism. A malicious
        user/process could use 'in memory' page-cache knowledge
        to infer access timings to shared memory and gain
        knowledge which can be used to reduce effectiveness of
        cryptographic strength by monitoring algorithmic
        behavior, infer access patterns of memory to determine
        code paths taken, and exfiltrate data to a blinded
        attacker through page-granularity access times as a
        side-channel.i1/4^CVE-2019-5489i1/4%0
    
      - An issue was discovered in the proc_pid_stack function
        in fs/proc/base.c in the Linux kernel. An attacker with
        a local account can trick the stack unwinder code to
        leak stack contents to userspace. The fix allows only
        root to inspect the kernel stack of an arbitrary
        task.i1/4^CVE-2018-17972i1/4%0
    
      - A flaw was found in the Linux kernel's ext4 filesystem.
        A local user can cause an out-of-bound write in
        jbd2_journal_dirty_metadata(), a denial of service, and
        a system crash by mounting and operating on a crafted
        ext4 filesystem image.i1/4^CVE-2018-10883i1/4%0
    
      - A flaw was found in the Linux kernel's ext4 filesystem.
        A local user can cause an out-of-bounds write and a
        denial of service or unspecified other impact is
        possible by mounting and operating a crafted ext4
        filesystem image.i1/4^CVE-2018-10878i1/4%0
    
      - A flaw was found in the Linux kernel's ext4 filesystem.
        A local user can cause a use-after-free in
        ext4_xattr_set_entry function and a denial of service
        or unspecified other impact may occur by renaming a
        file in a crafted ext4 filesystem
        image.i1/4^CVE-2018-10879i1/4%0
    
      - A flaw was found in the Linux kernel's ext4 filesystem.
        A local user can cause an out-of-bound access in
        ext4_get_group_info function, a denial of service, and
        a system crash by mounting and operating on a crafted
        ext4 filesystem image.i1/4^CVE-2018-10881i1/4%0
    
      - An issue was discovered in the XFS filesystem in
        fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A
        NULL pointer dereference may occur for a corrupted xfs
        image after xfs_da_shrink_inode() is called with a NULL
        bp. This can lead to a system crash and a denial of
        service.i1/4^CVE-2018-13094i1/4%0
    
      - An issue was discovered in the XFS filesystem in
        fs/xfs/xfs_icache.c in the Linux kernel. There is a
        NULL pointer dereference leading to a system panic in
        lookup_slow() on a NULL inode-i1/4zi_ops pointer when
        doing pathwalks on a corrupted xfs image. This occurs
        because of a lack of proper validation that cached
        inodes are free during an
        allocation.i1/4^CVE-2018-13093i1/4%0
    
      - In the Linux kernel before 4.17, a local attacker able
        to set attributes on an xfs filesystem could make this
        filesystem non-operational until the next mount by
        triggering an unchecked error condition during an xfs
        attribute change, because xfs_attr_shortform_addname in
        fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE
        operations with conversion of an attr from short to
        long form.i1/4^CVE-2018-18690i1/4%0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1223
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?946c8a37");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.4");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "2.5.4") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.4");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-862.14.1.1_51",
            "kernel-devel-3.10.0-862.14.1.1_51",
            "kernel-headers-3.10.0-862.14.1.1_51",
            "kernel-tools-3.10.0-862.14.1.1_51",
            "kernel-tools-libs-3.10.0-862.14.1.1_51",
            "kernel-tools-libs-devel-3.10.0-862.14.1.1_51"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3083.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344) * kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781) * kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) * kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405) * kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661) * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805) * kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208) * kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120) * kernel: a NULL pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130) * kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344) * kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803) * kernel: buffer overflow in drivers/net/wireless/ath/wil6210/ wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848) * kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878) * kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026) * kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913) * kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232) * kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092) * kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094) * kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118) * kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740) * kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/ libsas/sas_expander.c (CVE-2018-7757) * kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322) * kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879) * kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881) * kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883) * kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940) Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.
    last seen2020-06-01
    modified2020-06-02
    plugin id118525
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118525
    titleRHEL 7 : kernel (RHSA-2018:3083)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:3083. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118525);
      script_version("1.12");
      script_cvs_date("Date: 2019/10/24 15:35:45");
    
      script_cve_id("CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2017-18360", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-18690", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781");
      script_xref(name:"RHSA", value:"2018:3083");
    
      script_name(english:"RHEL 7 : kernel (RHSA-2018:3083)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * A flaw named FragmentSmack was found in the way the Linux kernel
    handled reassembly of fragmented IPv4 and IPv6 packets. A remote
    attacker could use this flaw to trigger time and calculation expensive
    fragment reassembly algorithm by sending specially crafted packets
    which could lead to a CPU saturation and hence a denial of service on
    the system. (CVE-2018-5391)
    
    * kernel: out-of-bounds access in the show_timer function in
    kernel/time/ posix-timers.c (CVE-2017-18344)
    
    * kernel: Integer overflow in udl_fb_mmap() can allow attackers to
    execute code in kernel space (CVE-2018-8781)
    
    * kernel: MIDI driver race condition leads to a double-free
    (CVE-2018-10902)
    
    * kernel: Missing check in inode_init_owner() does not clear SGID bit
    on non-directories for non-members (CVE-2018-13405)
    
    * kernel: AIO write triggers integer overflow in some protocols
    (CVE-2015-8830)
    
    * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem
    potentially leads to privilege escalation (CVE-2017-0861)
    
    * kernel: Handling of might_cancel queueing is not properly pretected
    against race (CVE-2017-10661)
    
    * kernel: Salsa20 encryption algorithm does not correctly handle
    zero-length inputs allowing local attackers to cause denial of service
    (CVE-2017-17805)
    
    * kernel: Inifinite loop vulnerability in madvise_willneed() function
    allows local denial of service (CVE-2017-18208)
    
    * kernel: fuse-backed file mmap-ed onto process cmdline arguments
    causes denial of service (CVE-2018-1120)
    
    * kernel: a NULL pointer dereference in dccp_write_xmit() leads to a
    system crash (CVE-2018-1130)
    
    * kernel: drivers/block/loop.c mishandles lo_release serialization
    allowing denial of service (CVE-2018-5344)
    
    * kernel: Missing length check of payload in _sctp_make_chunk()
    function allows denial of service (CVE-2018-5803)
    
    * kernel: buffer overflow in drivers/net/wireless/ath/wil6210/
    wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)
    
    * kernel: out-of-bound write in ext4_init_block_bitmap function with a
    crafted ext4 image (CVE-2018-10878)
    
    * kernel: Improper validation in bnx2x network card driver can allow
    for denial of service attacks via crafted packet (CVE-2018-1000026)
    
    * kernel: Information leak when handling NM entries containing NUL
    (CVE-2016-4913)
    
    * kernel: Mishandling mutex within libsas allowing local Denial of
    Service (CVE-2017-18232)
    
    * kernel: NULL pointer dereference in ext4_process_freed_data() when
    mounting crafted ext4 image (CVE-2018-1092)
    
    * kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes
    crash with crafted ext4 image (CVE-2018-1094)
    
    * kernel: vhost: Information disclosure in
    vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)
    
    * kernel: Denial of service in resv_map_release function in
    mm/hugetlb.c (CVE-2018-7740)
    
    * kernel: Memory leak in the sas_smp_get_phy_events function in
    drivers/scsi/ libsas/sas_expander.c (CVE-2018-7757)
    
    * kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared()
    when mounting crafted xfs image allowing denial of service
    (CVE-2018-10322)
    
    * kernel: use-after-free detected in ext4_xattr_set_entry with a
    crafted file (CVE-2018-10879)
    
    * kernel: out-of-bound access in ext4_get_group_info() when mounting
    and operating a crafted ext4 image (CVE-2018-10881)
    
    * kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata
    function (CVE-2018-10883)
    
    * kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c
    (CVE-2018-10940)
    
    Red Hat would like to thank Juha-Matti Tilli (Aalto University -
    Department of Communications and Networking and Nokia Bell Labs) for
    reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting
    CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120;
    Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and
    Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/articles/3553061"
      );
      # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3395ff0b"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:3083"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-8830"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-4913"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-0861"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-10661"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-17805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-18208"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-18232"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-18344"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-18360"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-1092"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-1094"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-1118"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-1120"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-1130"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-5344"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-5391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-5803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-5848"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-7740"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-7757"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-8781"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10322"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10878"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10879"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10881"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10940"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-13405"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-18690"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-1000026"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bpftool");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2015-8830", "CVE-2016-4913", "CVE-2017-0861", "CVE-2017-10661", "CVE-2017-17805", "CVE-2017-18208", "CVE-2017-18232", "CVE-2017-18344", "CVE-2017-18360", "CVE-2018-1000026", "CVE-2018-10322", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10881", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-13405", "CVE-2018-18690", "CVE-2018-5344", "CVE-2018-5391", "CVE-2018-5803", "CVE-2018-5848", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-8781");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2018:3083");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:3083";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"bpftool-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"kernel-abi-whitelists-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-debuginfo-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-devel-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-devel-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"kernel-doc-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-headers-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-debuginfo-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-devel-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"perf-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-debuginfo-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-perf-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-debuginfo-3.10.0-957.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-957.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc");
      }
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1423.NASL
    descriptionLinux 4.9 has been packaged for Debian 8 as linux-4.9. This provides a supported upgrade path for systems that currently use kernel packages from the
    last seen2020-06-01
    modified2020-06-02
    plugin id111165
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111165
    titleDebian DLA-1423-1 : linux-4.9 new package (Spectre)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1423-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111165);
      script_version("1.7");
      script_cvs_date("Date: 2019/07/15 14:20:30");
    
      script_cve_id("CVE-2017-18255", "CVE-2017-5753", "CVE-2018-1000204", "CVE-2018-10021", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-10853", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-10940", "CVE-2018-1118", "CVE-2018-1120", "CVE-2018-1130", "CVE-2018-11506", "CVE-2018-12233", "CVE-2018-3639", "CVE-2018-5814");
    
      script_name(english:"Debian DLA-1423-1 : linux-4.9 new package (Spectre)");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Linux 4.9 has been packaged for Debian 8 as linux-4.9. This provides a
    supported upgrade path for systems that currently use kernel packages
    from the 'jessie-backports' suite.
    
    There is no need to upgrade systems using Linux 3.16, as that kernel
    version will also continue to be supported in the LTS period.
    
    This backport does not include the following binary packages :
    
    hyperv-daemons libcpupower1 libcpupower-dev libusbip-dev
    linux-compiler-gcc-4.9-x86 linux-cpupower linux-libc-dev usbip
    
    Older versions of most of those are built from other source packages
    in Debian 8.
    
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or information
    leaks.
    
    CVE-2017-5753
    
    Further instances of code that was vulnerable to Spectre variant 1
    (bounds-check bypass) have been mitigated.
    
    CVE-2017-18255
    
    It was discovered that the performance events subsystem did not
    properly validate the value of the kernel.perf_cpu_time_max_percent
    sysctl. Setting a large value could have an unspecified security
    impact. However, only a privileged user can set this sysctl.
    
    CVE-2018-1118
    
    The syzbot software found that the vhost driver did not initialise
    message buffers which would later be read by user processes. A user
    with access to the /dev/vhost-net device could use this to read
    sensitive information from the kernel or other users' processes.
    
    CVE-2018-1120
    
    Qualys reported that a user able to mount FUSE filesystems can create
    a process such that when another process attempting to read its
    command line will be blocked for an arbitrarily long time. This could
    be used for denial of service, or to aid in exploiting a race
    condition in the other program.
    
    CVE-2018-1130
    
    The syzbot software found that the DCCP implementation of sendmsg()
    does not check the socket state, potentially leading to a NULL pointer
    dereference. A local user could use this to cause a denial of service
    (crash). 
    
    CVE-2018-3639
    
    Multiple researchers have discovered that Speculative Store Bypass
    (SSB), a feature implemented in many processors, could be used to read
    sensitive information from another context. In particular, code in a
    software sandbox may be able to read sensitive information from
    outside the sandbox. This issue is also known as Spectre variant 4.
    
    This update allows the issue to be mitigated on some x86
    processors by disabling SSB. This requires an update to the
    processor's microcode, which is non-free. It may be included
    in an update to the system BIOS or UEFI firmware, or in a
    future update to the intel-microcode or amd64-microcode
    packages.
    
    Disabling SSB can reduce performance significantly, so by
    default it is only done in tasks that use the seccomp
    feature. Applications that require this mitigation should
    request it explicitly through the prctl() system call. Users
    can control where the mitigation is enabled with the
    spec_store_bypass_disable kernel parameter.
    
    CVE-2018-5814
    
    Jakub Jirasek reported race conditions in the USB/IP host driver. A
    malicious client could use this to cause a denial of service (crash or
    memory corruption), and possibly to execute code, on a USB/IP server.
    
    CVE-2018-10021
    
    A physically present attacker who unplugs a SAS cable can cause a
    denial of service (memory leak and WARN).
    
    CVE-2018-10087, CVE-2018-10124
    
    zhongjiang found that the wait4() and kill() system call
    implementations did not check for the invalid pid value of INT_MIN. If
    a user passed this value, the behaviour of the code was formally
    undefined and might have had a security impact.
    
    CVE-2018-10853
    
    Andy Lutomirski and Mika Penttil&auml; reported that KVM for x86
    processors did not perform a necessary privilege check when emulating
    certain instructions. This could be used by an unprivileged user in a
    guest VM to escalate their privileges within the guest.
    
    CVE-2018-10876, CVE-2018-10877, CVE-2018-10878, CVE-2018-10879,
    CVE-2018-10880, CVE-2018-10881, CVE-2018-10882, CVE-2018-10883
    
    Wen Xu at SSLab, Gatech, reported that crafted ext4 filesystem images
    could trigger a crash or memory corruption. A local user able to mount
    arbitrary filesystems, or an attacker providing filesystems to be
    mounted, could use this for denial of service or possibly for
    privilege escalation.
    
    CVE-2018-10940
    
    Dan Carpenter reported that the optical disc driver (cdrom) does not
    correctly validate the parameter to the CDROM_MEDIA_CHANGED ioctl. A
    user with access to a cdrom device could use this to cause a denial of
    service (crash).
    
    CVE-2018-11506
    
    Piotr Gabriel Kosinski and Daniel Shapira reported that the SCSI
    optical disc driver (sr) did not allocate a sufficiently large buffer
    for sense data. A user with access to a SCSI optical disc device that
    can produce more than 64 bytes of sense data could use this to cause a
    denial of service (crash or memory corruption), and possibly for
    privilege escalation.
    
    CVE-2018-12233
    
    Shankara Pailoor reported that a crafted JFS filesystem image could
    trigger a denial of service (memory corruption). This could possibly
    also be used for privilege escalation.
    
    CVE-2018-1000204
    
    The syzbot software found that the SCSI generic driver (sg) would in
    some circumstances allow reading data from uninitialised buffers,
    which could include sensitive information from the kernel or other
    tasks. However, only privileged users with the CAP_SYS_ADMIN or
    CAP_SYS_RAWIO capability were allowed to do this, so this has little
    or no security impact.
    
    For Debian 8 'Jessie', these problems have been fixed in version
    4.9.110-1~deb8u1. This update additionally fixes Debian bugs #860900,
    #872907, #892057, #896775, #897590, and #898137; and includes many
    more bug fixes from stable updates 4.9.89-4.9.110 inclusive.
    
    We recommend that you upgrade your linux-4.9 packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/linux-4.9"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:ND/RC:ND");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:X/RC:X");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-doc-4.9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-manual-4.9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-perf-4.9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-source-4.9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/07/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/20");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.9-arm", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-doc-4.9", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-686", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-686-pae", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-amd64", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-armel", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-armhf", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-i386", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-amd64", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-armmp", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-armmp-lpae", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-common", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-common-rt", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-marvell", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-rt-686-pae", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-rt-amd64", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686-pae", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686-pae-dbg", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-amd64", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-amd64-dbg", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-armmp", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-armmp-lpae", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-marvell", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-686-pae", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-amd64", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-kbuild-4.9", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-manual-4.9", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-perf-4.9", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-source-4.9", reference:"4.9.110-1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-support-4.9.0-0.bpo.7", reference:"4.9.110-1~deb8u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-618.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-10853: A flaw was found in KVM in which certain instructions such as sgdt/sidt call segmented_write_std doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id123269
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123269
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-618) (Foreshadow)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-618.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123269);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/30");
    
      script_cve_id("CVE-2018-10853", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-3620", "CVE-2018-3646", "CVE-2018-5391");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2019-618) (Foreshadow)");
      script_summary(english:"Check for the openSUSE-2019-618 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE Leap 15.0 kernel was updated to receive various security
    and bugfixes.
    
    The following security bugs were fixed :
    
      - CVE-2018-10853: A flaw was found in KVM in which certain
        instructions such as sgdt/sidt call segmented_write_std
        doesn't propagate access correctly. As such, during
        userspace induced exception, the guest can incorrectly
        assume that the exception happened in the kernel and
        panic (bnc#1097104).
    
      - CVE-2018-10876: A flaw was found in the ext4 filesystem
        code. A use-after-free is possible in
        ext4_ext_remove_space() function when mounting and
        operating a crafted ext4 image. (bnc#1099811)
    
      - CVE-2018-10877: Linux kernel ext4 filesystem is
        vulnerable to an out-of-bound access in the
        ext4_ext_drop_refs() function when operating on a
        crafted ext4 filesystem image. (bnc#1099846)
    
      - CVE-2018-10878: A flaw was found in the ext4 filesystem.
        A local user can cause an out-of-bounds write and a
        denial of service or unspecified other impact is
        possible by mounting and operating a crafted ext4
        filesystem image. (bnc#1099813)
    
      - CVE-2018-10879: A flaw was found in the ext4 filesystem.
        A local user can cause a use-after-free in
        ext4_xattr_set_entry function and a denial of service or
        unspecified other impact may occur by renaming a file in
        a crafted ext4 filesystem image. (bnc#1099844)
    
      - CVE-2018-10880: Linux kernel is vulnerable to a
        stack-out-of-bounds write in the ext4 filesystem code
        when mounting and writing to a crafted ext4 image in
        ext4_update_inline_data(). An attacker could use this to
        cause a system crash and a denial of service.
        (bnc#1099845)
    
      - CVE-2018-10881: A flaw was found in the ext4 filesystem.
        A local user can cause an out-of-bound access in
        ext4_get_group_info function, a denial of service, and a
        system crash by mounting and operating on a crafted ext4
        filesystem image. (bnc#1099864)
    
      - CVE-2018-10882: A flaw was found in the ext4 filesystem.
        A local user can cause an out-of-bound write in in
        fs/jbd2/transaction.c code, a denial of service, and a
        system crash by unmounting a crafted ext4 filesystem
        image. (bnc#1099849)
    
      - CVE-2018-10883: A flaw was found in the ext4 filesystem.
        A local user can cause an out-of-bounds write in
        jbd2_journal_dirty_metadata(), a denial of service, and
        a system crash by mounting and operating on a crafted
        ext4 filesystem image. (bnc#1099863)
    
      - CVE-2018-3620: Systems with microprocessors utilizing
        speculative execution and address translations may allow
        unauthorized disclosure of information residing in the
        L1 data cache to an attacker with local user access via
        a terminal page fault and a side-channel analysis
        (bnc#1087081).
    
      - CVE-2018-3646: Systems with microprocessors utilizing
        speculative execution and address translations may allow
        unauthorized disclosure of information residing in the
        L1 data cache to an attacker with local user access with
        guest OS privilege via a terminal page fault and a
        side-channel analysis (bnc#1089343 bnc#1104365).
    
      - CVE-2018-5391 aka 'FragmentSmack': A flaw in the IP
        packet reassembly could be used by remote attackers to
        consume lots of CPU time (bnc#1103097).
    
    The following non-security bugs were fixed :
    
      - afs: Fix directory permissions check (bsc#1101828).
    
      - bdi: Move cgroup bdi_writeback to a dedicated low
        concurrency workqueue (bsc#1101867).
    
      - be2net: gather debug info and reset adapter (only for
        Lancer) on a tx-timeout (bsc#1086288).
    
      - be2net: Update the driver version to 12.0.0.0
        (bsc#1086288 ).
    
      - befs_lookup(): use d_splice_alias() (bsc#1101844).
    
      - block: Fix transfer when chunk sectors exceeds max
        (bsc#1101874).
    
      - bpf, ppc64: fix unexpected r0=0 exit path inside
        bpf_xadd (bsc#1083647).
    
      - branch-check: fix long->int truncation when profiling
        branches (bsc#1101116,).
    
      - cdrom: do not call check_disk_change() inside
        cdrom_open() (bsc#1101872).
    
      - compiler.h: enable builtin overflow checkers and add
        fallback code (bsc#1101116,).
    
      - cpu/hotplug: Make bringup/teardown of smp threads
        symmetric (bsc#1089343).
    
      - cpu/hotplug: Provide knobs to control SMT (bsc#1089343).
    
      - cpu/hotplug: Split do_cpu_down() (bsc#1089343).
    
      - delayacct: fix crash in delayacct_blkio_end() after
        delayacct init failure (bsc#1104066).
    
      - dm: add writecache target (bsc#1101116,).
    
      - dm writecache: support optional offset for start of
        device (bsc#1101116,).
    
      - dm writecache: use 2-factor allocator arguments
        (bsc#1101116,).
    
      - EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[]
        (bsc#1103886).
    
      - EDAC: Drop duplicated array of strings for memory type
        names (bsc#1103886).
    
      - ext2: fix a block leak (bsc#1101875).
    
      - ext4: add more mount time checks of the superblock
        (bsc#1101900).
    
      - ext4: bubble errors from ext4_find_inline_data_nolock()
        up to ext4_iget() (bsc#1101896).
    
      - ext4: check for allocation block validity with block
        group locked (bsc#1104495).
    
      - ext4: check superblock mapped prior to committing
        (bsc#1101902).
    
      - ext4: do not update s_last_mounted of a frozen fs
        (bsc#1101841).
    
      - ext4: factor out helper ext4_sample_last_mounted()
        (bsc#1101841).
    
      - ext4: fix check to prevent initializing reserved inodes
        (bsc#1104319).
    
      - ext4: fix false negatives *and* false positives in
        ext4_check_descriptors() (bsc#1103445).
    
      - ext4: fix fencepost error in check for inode count
        overflow during resize (bsc#1101853).
    
      - ext4: fix inline data updates with checksums enabled
        (bsc#1104494).
    
      - ext4: include the illegal physical block in the bad map
        ext4_error msg (bsc#1101903).
    
      - ext4: report delalloc reserve as non-free in statfs for
        project quota (bsc#1101843).
    
      - ext4: update mtime in ext4_punch_hole even if no blocks
        are released (bsc#1101895).
    
      - f2fs: call unlock_new_inode() before d_instantiate()
        (bsc#1101837).
    
      - fix io_destroy()/aio_complete() race (bsc#1101852).
    
      - Force log to disk before reading the AGF during a fstrim
        (bsc#1101893).
    
      - fscache: Fix hanging wait on page discarded by writeback
        (bsc#1101885).
    
      - fs: clear writeback errors in inode_init_always
        (bsc#1101882).
    
      - fs: do not scan the inode cache before SB_BORN is set
        (bsc#1101883).
    
      - hns3: fix unused function warning (bsc#1104353).
    
      - hns3pf: do not check handle during mqprio offload
        (bsc#1104353 ).
    
      - hns3pf: fix hns3_del_tunnel_port() (bsc#1104353).
    
      - hns3pf: Fix some harmless copy and paste bugs
        (bsc#1104353 ).
    
      - hv_netvsc: Fix napi reschedule while receive completion
        is busy ().
    
      - hv/netvsc: Fix NULL dereference at single queue mode
        fallback (bsc#1104708).
    
      - hwmon: (asus_atk0110) Replace deprecated device register
        call (bsc#1103363).
    
      - IB/hns: Annotate iomem pointers correctly (bsc#1104427
        ).
    
      - IB/hns: Avoid compile test under non 64bit environments
        (bsc#1104427).
    
      - IB/hns: Declare local functions 'static' (bsc#1104427 ).
    
      - IB/hns: fix boolreturn.cocci warnings (bsc#1104427).
    
      - IB/hns: Fix for checkpatch.pl comment style warnings
        (bsc#1104427).
    
      - IB/hns: fix memory leak on ah on error return path
        (bsc#1104427 ).
    
      - IB/hns: fix returnvar.cocci warnings (bsc#1104427).
    
      - IB/hns: fix semicolon.cocci warnings (bsc#1104427).
    
      - IB/hns: Fix the bug of polling cq failed for loopback
        Qps (bsc#1104427). Refresh
        patches.suse/0001-IB-hns-checking-for-IS_ERR-instead-of-
        NULL.patch.
    
      - IB/hns: Fix the bug with modifying the MAC address
        without removing the driver (bsc#1104427).
    
      - IB/hns: Fix the bug with rdma operation (bsc#1104427 ).
    
      - IB/hns: Fix the bug with wild pointer when destroy rc qp
        (bsc#1104427).
    
      - IB/hns: include linux/interrupt.h (bsc#1104427).
    
      - IB/hns: Support compile test for hns RoCE driver
        (bsc#1104427 ).
    
      - IB/hns: Use zeroing memory allocator instead of
        allocator/memset (bsc#1104427).
    
      - isofs: fix potential memory leak in mount option parsing
        (bsc#1101887).
    
      - jump_label: Fix concurrent static_key_enable/disable()
        (bsc#1089343).
    
      - jump_label: Provide hotplug context variants
        (bsc#1089343).
    
      - jump_label: Reorder hotplug lock and jump_label_lock
        (bsc#1089343).
    
      - kabi/severities: Allow kABI changes for kvm/x86 (except
        for kvm_x86_ops)
    
      - kabi/severities: ignore qla2xxx as all symbols are
        internal
    
      - kabi/severities: ignore x86_kvm_ops; lttng-modules would
        have to be adjusted in case they depend on this
        particular change
    
      - kabi/severities: Relax kvm_vcpu_* kABI breakage
    
      - media: rc: oops in ir_timer_keyup after device unplug
        (bsc#1090888).
    
      - mm: fix __gup_device_huge vs unmap (bsc#1101839).
    
      - net: hns3: Add a check for client instance init state
        (bsc#1104353).
    
      - net: hns3: add a mask initialization for mac_vlan table
        (bsc#1104353).
    
      - net: hns3: Add *Asserting Reset* mailbox message &
        handling in VF (bsc#1104353).
    
      - net: hns3: add Asym Pause support to phy default
        features (bsc#1104353).
    
      - net: hns3: Add dcb netlink interface for the support of
        DCB feature (bsc#1104353).
    
      - net: hns3: Add DCB support when interacting with network
        stack (bsc#1104353).
    
      - net: hns3: Add ethtool interface for vlan filter
        (bsc#1104353 ).
    
      - net: hns3: add ethtool_ops.get_channels support for VF
        (bsc#1104353).
    
      - net: hns3: add ethtool_ops.get_coalesce support to PF
        (bsc#1104353).
    
      - net: hns3: add ethtool_ops.set_coalesce support to PF
        (bsc#1104353).
    
      - net: hns3: add ethtool -p support for fiber port
        (bsc#1104353 ).
    
      - net: hns3: add ethtool related offload command
        (bsc#1104353 ).
    
      - net: hns3: Add Ethtool support to HNS3 driver
        (bsc#1104353 ).
    
      - net: hns3: add existence checking before adding unicast
        mac address (bsc#1104353).
    
      - net: hns3: add existence check when remove old uc mac
        address (bsc#1104353).
    
      - net: hns3: add feature check when feature changed
        (bsc#1104353 ).
    
      - net: hns3: add get_link support to VF (bsc#1104353).
    
      - net: hns3: add get/set_coalesce support to VF
        (bsc#1104353 ).
    
      - net: hns3: add handling vlan tag offload in bd
        (bsc#1104353 ).
    
      - net: hns3: Add hclge_dcb module for the support of DCB
        feature (bsc#1104353).
    
      - net: hns3: Add HNS3 Acceleration Engine & Compatibility
        Layer Support (bsc#1104353).
    
      - net: hns3: Add HNS3 driver to kernel build framework &
        MAINTAINERS (bsc#1104353).
    
      - net: hns3: Add hns3_get_handle macro in hns3 driver
        (bsc#1104353 ).
    
      - net: hns3: Add HNS3 IMP(Integrated Mgmt Proc) Cmd
        Interface Support (bsc#1104353).
    
      - net: hns3: Add HNS3 VF driver to kernel build framework
        (bsc#1104353).
    
      - net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer)
        Support (bsc#1104353).
    
      - net: hns3: Add HNS3 VF IMP(Integrated Management Proc)
        cmd interface (bsc#1104353).
    
      - net: hns3: add int_gl_idx setup for TX and RX queues
        (bsc#1104353).
    
      - net: hns3: add int_gl_idx setup for VF (bsc#1104353 ).
    
      - net: hns3: Add mac loopback selftest support in hns3
        driver (bsc#1104353).
    
      - net: hns3: Add mailbox interrupt handling to PF driver
        (bsc#1104353).
    
      - net: hns3: Add mailbox support to PF driver (bsc#1104353
        ).
    
      - net: hns3: Add mailbox support to VF driver (bsc#1104353
        ).
    
      - net: hns3: add manager table initialization for hardware
        (bsc#1104353).
    
      - net: hns3: Add MDIO support to HNS3 Ethernet driver for
        hip08 SoC (bsc#1104353).
    
      - net: hns3: Add missing break in misc_irq_handle
        (bsc#1104353 ).
    
      - net: hns3: Add more packet size statisctics (bsc#1104353
        ).
    
      - net: hns3: add MTU initialization for hardware
        (bsc#1104353 ).
    
      - net: hns3: add net status led support for fiber port
        (bsc#1104353).
    
      - net: hns3: add nic_client check when initialize roce
        base information (bsc#1104353).
    
      - net: hns3: add querying speed and duplex support to VF
        (bsc#1104353).
    
      - net: hns3: Add repeat address checking for setting mac
        address (bsc#1104353).
    
      - net: hns3: Add reset interface implementation in client
        (bsc#1104353).
    
      - net: hns3: Add reset process in hclge_main (bsc#1104353
        ).
    
      - net: hns3: Add reset service task for handling reset
        requests (bsc#1104353).
    
      - net: hns3: add result checking for VF when modify
        unicast mac address (bsc#1104353).
    
      - net: hns3: Add some interface for the support of DCB
        feature (bsc#1104353).
    
      - net: hns3: Adds support for led locate command for
        copper port (bsc#1104353).
    
      - net: hns3: Add STRP_TAGP field support for hardware
        revision 0x21 (bsc#1104353).
    
      - net: hns3: Add support for dynamically buffer
        reallocation (bsc#1104353).
    
      - net: hns3: add support for ETHTOOL_GRXFH (bsc#1104353 ).
    
      - net: hns3: add support for get_regs (bsc#1104353).
    
      - net: hns3: Add support for IFF_ALLMULTI flag
        (bsc#1104353 ).
    
      - net: hns3: Add support for misc interrupt (bsc#1104353
        ).
    
      - net: hns3: add support for nway_reset (bsc#1104353).
    
      - net: hns3: Add support for PFC setting in TM module
        (bsc#1104353 ).
    
      - net: hns3: Add support for port shaper setting in TM
        module (bsc#1104353).
    
      - net: hns3: add support for querying advertised pause
        frame by ethtool ethx (bsc#1104353).
    
      - net: hns3: add support for querying pfc puase packets
        statistic (bsc#1104353).
    
      - net: hns3: add support for set_link_ksettings
        (bsc#1104353 ).
    
      - net: hns3: add support for set_pauseparam (bsc#1104353
        ).
    
      - net: hns3: add support for set_ringparam (bsc#1104353 ).
    
      - net: hns3: add support for set_rxnfc (bsc#1104353).
    
      - net: hns3: Add support for tx_accept_tag2 and
        tx_accept_untag2 config (bsc#1104353).
    
      - net: hns3: add support for VF driver inner interface
        hclgevf_ops.get_tqps_and_rss_info (bsc#1104353).
    
      - net: hns3: Add support of hardware rx-vlan-offload to
        HNS3 VF driver (bsc#1104353).
    
      - net: hns3: Add support of HNS3 Ethernet Driver for hip08
        SoC (bsc#1104353).
    
      - net: hns3: Add support of .sriov_configure in HNS3
        driver (bsc#1104353).
    
      - net: hns3: Add support of the HNAE3 framework
        (bsc#1104353 ).
    
      - net: hns3: Add support of TX Scheduler & Shaper to HNS3
        driver (bsc#1104353).
    
      - net: hns3: Add support to change MTU in HNS3 hardware
        (bsc#1104353).
    
      - net: hns3: Add support to enable TX/RX promisc mode for
        H/W rev(0x21) (bsc#1104353).
    
      - net: hns3: add support to modify tqps number
        (bsc#1104353 ).
    
      - net: hns3: add support to query tqps number (bsc#1104353
        ).
    
      - net: hns3: Add support to re-initialize the hclge device
        (bsc#1104353).
    
      - net: hns3: Add support to request VF Reset to PF
        (bsc#1104353 ).
    
      - net: hns3: Add support to reset the enet/ring mgmt layer
        (bsc#1104353).
    
      - net: hns3: add support to update flow control settings
        after autoneg (bsc#1104353).
    
      - net: hns3: Add tc-based TM support for sriov enabled
        port (bsc#1104353).
    
      - net: hns3: Add timeout process in hns3_enet (bsc#1104353
        ).
    
      - net: hns3: Add VF Reset device state and its handling
        (bsc#1104353).
    
      - net: hns3: Add VF Reset Service Task to support event
        handling (bsc#1104353).
    
      - net: hns3: add vlan offload config command (bsc#1104353
        ).
    
      - net: hns3: change GL update rate (bsc#1104353).
    
      - net: hns3: Change PF to add ring-vect binding & resetQ
        to mailbox (bsc#1104353).
    
      - net: hns3: Change return type of hnae3_register_ae_algo
        (bsc#1104353).
    
      - net: hns3: Change return type of hnae3_register_ae_dev
        (bsc#1104353).
    
      - net: hns3: Change return value in hnae3_register_client
        (bsc#1104353).
    
      - net: hns3: Changes required in PF mailbox to support VF
        reset (bsc#1104353).
    
      - net: hns3: Changes to make enet watchdog timeout func
        common for PF/VF (bsc#1104353).
    
      - net: hns3: Changes to support ARQ(Asynchronous Receive
        Queue) (bsc#1104353).
    
      - net: hns3: change the returned tqp number by ethtool -x
        (bsc#1104353).
    
      - net: hns3: change the time interval of int_gl
        calculating (bsc#1104353).
    
      - net: hns3: change the unit of GL value macro
        (bsc#1104353 ).
    
      - net: hns3: change TM sched mode to TC-based mode when
        SRIOV enabled (bsc#1104353).
    
      - net: hns3: check for NULL function pointer in
        hns3_nic_set_features (bsc#1104353).
    
      - net: hns3: Cleanup for endian issue in hns3 driver
        (bsc#1104353 ).
    
      - net: hns3: Cleanup for non-static function in hns3
        driver (bsc#1104353).
    
      - net: hns3: Cleanup for ROCE capability flag in ae_dev
        (bsc#1104353).
    
      - net: hns3: Cleanup for shifting true in hns3 driver
        (bsc#1104353 ).
    
      - net: hns3: Cleanup for struct that used to send cmd to
        firmware (bsc#1104353).
    
      - net: hns3: Cleanup indentation for Kconfig in the the
        hisilicon folder (bsc#1104353).
    
      - net: hns3: cleanup mac auto-negotiation state query
        (bsc#1104353 ).
    
      - net: hns3: cleanup mac auto-negotiation state query in
        hclge_update_speed_duplex (bsc#1104353).
    
      - net: hns3: cleanup of return values in
        hclge_init_client_instance() (bsc#1104353).
    
      - net: hns3: Clear TX/RX rings when stopping port &
        un-initializing client (bsc#1104353).
    
      - net: hns3: Consistently using GENMASK in hns3 driver
        (bsc#1104353).
    
      - net: hns3: converting spaces into tabs to avoid
        checkpatch.pl warning (bsc#1104353).
    
      - net: hns3: Disable VFs change rxvlan offload status
        (bsc#1104353 ).
    
      - net: hns3: Disable vf vlan filter when vf vlan table is
        full (bsc#1104353).
    
      - net: hns3: ensure media_type is uninitialized
        (bsc#1104353 ).
    
      - net: hns3: export pci table of hclge and hclgevf to
        userspace (bsc#1104353).
    
      - net: hns3: fix a bug about hns3_clean_tx_ring
        (bsc#1104353 ).
    
      - net: hns3: fix a bug for phy supported feature
        initialization (bsc#1104353).
    
      - net: hns3: fix a bug in hclge_uninit_client_instance
        (bsc#1104353).
    
      - net: hns3: fix a bug in hns3_driv_to_eth_caps
        (bsc#1104353 ).
    
      - net: hns3: fix a bug when alloc new buffer (bsc#1104353
        ).
    
      - net: hns3: fix a bug when getting phy address from
        NCL_config file (bsc#1104353).
    
      - net: hns3: fix a dead loop in hclge_cmd_csq_clean
        (bsc#1104353 ).
    
      - net: hns3: fix a handful of spelling mistakes
        (bsc#1104353 ).
    
      - net: hns3: Fix a loop index error of tqp statistics
        query (bsc#1104353).
    
      - net: hns3: Fix a misuse to devm_free_irq (bsc#1104353 ).
    
      - net: hns3: Fix an error handling path in
        'hclge_rss_init_hw()' (bsc#1104353).
    
      - net: hns3: Fix an error macro definition of
        HNS3_TQP_STAT (bsc#1104353).
    
      - net: hns3: Fix an error of total drop packet statistics
        (bsc#1104353).
    
      - net: hns3: Fix a response data read error of tqp
        statistics query (bsc#1104353).
    
      - net: hns3: fix endian issue when PF get mbx message flag
        (bsc#1104353).
    
      - net: hns3: fix error type definition of return value
        (bsc#1104353).
    
      - net: hns3: Fixes API to fetch ethernet header length
        with kernel default (bsc#1104353).
    
      - net: hns3: Fixes error reported by Kbuild and internal
        review (bsc#1104353).
    
      - net: hns3: Fixes initalization of RoCE handle and makes
        it conditional (bsc#1104353).
    
      - net: hns3: Fixes initialization of phy address from
        firmware (bsc#1104353).
    
      - net: hns3: Fixes kernel panic issue during rmmod hns3
        driver (bsc#1104353).
    
      - net: hns3: Fixes ring-to-vector map-and-unmap command
        (bsc#1104353).
    
      - net: hns3: Fixes the back pressure setting when sriov is
        enabled (bsc#1104353).
    
      - net: hns3: Fixes the command used to unmap ring from
        vector (bsc#1104353).
    
      - net: hns3: Fixes the default VLAN-id of PF (bsc#1104353
        ).
    
      - net: hns3: Fixes the error legs in hclge_init_ae_dev
        function (bsc#1104353).
    
      - net: hns3: Fixes the ether address copy with appropriate
        API (bsc#1104353).
    
      - net: hns3: Fixes the initialization of MAC address in
        hardware (bsc#1104353).
    
      - net: hns3: Fixes the init of the VALID BD info in the
        descriptor (bsc#1104353).
    
      - net: hns3: Fixes the missing PCI iounmap for various
        legs (bsc#1104353).
    
      - net: hns3: Fixes the missing u64_stats_fetch_begin_irq
        in 64-bit stats fetch (bsc#1104353).
    
      - net: hns3: Fixes the out of bounds access in
        hclge_map_tqp (bsc#1104353).
    
      - net: hns3: Fixes the premature exit of loop when
        matching clients (bsc#1104353).
    
      - net: hns3: fixes the ring index in hns3_fini_ring
        (bsc#1104353 ).
    
      - net: hns3: Fixes the state to indicate client-type
        initialization (bsc#1104353).
    
      - net: hns3: Fixes the static checker error warning in
        hns3_get_link_ksettings() (bsc#1104353).
    
      - net: hns3: Fixes the static check warning due to missing
        unsupp L3 proto check (bsc#1104353).
    
      - net: hns3: Fixes the wrong IS_ERR check on the returned
        phydev value (bsc#1104353).
    
      - net: hns3: fix for buffer overflow smatch warning
        (bsc#1104353 ).
    
      - net: hns3: fix for changing MTU (bsc#1104353).
    
      - net: hns3: fix for cleaning ring problem (bsc#1104353 ).
    
      - net: hns3: Fix for CMDQ and Misc. interrupt init order
        problem (bsc#1104353).
    
      - net: hns3: fix for coal configuation lost when setting
        the channel (bsc#1104353).
    
      - net: hns3: fix for coalesce configuration lost during
        reset (bsc#1104353).
    
      - net: hns3: Fix for deadlock problem occurring when
        unregistering ae_algo (bsc#1104353).
    
      - net: hns3: Fix for DEFAULT_DV when dev does not support
        DCB (bsc#1104353).
    
      - net: hns3: Fix for fiber link up problem (bsc#1104353 ).
    
      - net: hns3: fix for getting advertised_caps in
        hns3_get_link_ksettings (bsc#1104353).
    
      - net: hns3: fix for getting autoneg in
        hns3_get_link_ksettings (bsc#1104353).
    
      - net: hns3: fix for getting auto-negotiation state in
        hclge_get_autoneg (bsc#1104353).
    
      - net: hns3: fix for getting wrong link mode problem
        (bsc#1104353 ).
    
      - net: hns3: Fix for hclge_reset running repeatly problem
        (bsc#1104353).
    
      - net: hns3: Fix for hns3 module is loaded multiple times
        problem (bsc#1104353).
    
      - net: hns3: fix for ipv6 address loss problem after
        setting channels (bsc#1104353).
    
      - net: hns3: fix for loopback failure when vlan filter is
        enable (bsc#1104353).
    
      - net: hns3: fix for netdev not running problem after
        calling net_stop and net_open (bsc#1104353).
    
      - net: hns3: Fix for netdev not running problem after
        calling net_stop and net_open (bsc#1104353).
    
      - net: hns3: fix for not initializing VF rss_hash_key
        problem (bsc#1104353).
    
      - net: hns3: fix for not returning problem in
        get_link_ksettings when phy exists (bsc#1104353).
    
      - net: hns3: fix for not setting pause parameters
        (bsc#1104353 ).
    
      - net: hns3: Fix for not setting rx private buffer size to
        zero (bsc#1104353).
    
      - net: hns3: Fix for packet loss due wrong filter config
        in VLAN tbls (bsc#1104353).
    
      - net: hns3: fix for pause configuration lost during reset
        (bsc#1104353).
    
      - net: hns3: Fix for PF mailbox receving unknown message
        (bsc#1104353).
    
      - net: hns3: fix for phy_addr error in
        hclge_mac_mdio_config (bsc#1104353).
    
      - net: hns3: Fix for phy not link up problem after
        resetting (bsc#1104353).
    
      - net: hns3: Fix for pri to tc mapping in TM (bsc#1104353
        ).
    
      - net: hns3: fix for returning wrong value problem in
        hns3_get_rss_indir_size (bsc#1104353).
    
      - net: hns3: fix for returning wrong value problem in
        hns3_get_rss_key_size (bsc#1104353).
    
      - net: hns3: fix for RSS configuration loss problem during
        reset (bsc#1104353).
    
      - net: hns3: Fix for rx priv buf allocation when DCB is
        not supported (bsc#1104353).
    
      - net: hns3: Fix for rx_priv_buf_alloc not setting rx
        shared buffer (bsc#1104353).
    
      - net: hns3: Fix for service_task not running problem
        after resetting (bsc#1104353).
    
      - net: hns3: Fix for setting mac address when resetting
        (bsc#1104353).
    
      - net: hns3: fix for setting MTU (bsc#1104353).
    
      - net: hns3: Fix for setting rss_size incorrectly
        (bsc#1104353 ).
    
      - net: hns3: Fix for the NULL pointer problem occurring
        when initializing ae_dev failed (bsc#1104353).
    
      - net: hns3: fix for the wrong shift problem in
        hns3_set_txbd_baseinfo (bsc#1104353).
    
      - net: hns3: fix for updating fc_mode_last_time
        (bsc#1104353 ).
    
      - net: hns3: fix for use-after-free when setting ring
        parameter (bsc#1104353).
    
      - net: hns3: Fix for VF mailbox cannot receiving PF
        response (bsc#1104353).
    
      - net: hns3: Fix for VF mailbox receiving unknown message
        (bsc#1104353).
    
      - net: hns3: fix for vlan table lost problem when
        resetting (bsc#1104353).
    
      - net: hns3: Fix for vxlan tx checksum bug (bsc#1104353 ).
    
      - net: hns3: Fix initialization when cmd is not supported
        (bsc#1104353).
    
      - net: hns3: fix length overflow when
        CONFIG_ARM64_64K_PAGES (bsc#1104353).
    
      - net: hns3: fix NULL pointer dereference before null
        check (bsc#1104353).
    
      - net: hns3: fix return value error of
        hclge_get_mac_vlan_cmd_status() (bsc#1104353).
    
      - net: hns3: fix rx path skb->truesize reporting bug
        (bsc#1104353 ).
    
      - net: hns3: Fix setting mac address error (bsc#1104353 ).
    
      - net: hns3: Fix spelling errors (bsc#1104353).
    
      - net: hns3: fix spelling mistake: 'capabilty' ->
        'capability' (bsc#1104353).
    
      - net: hns3: fix the bug of hns3_set_txbd_baseinfo
        (bsc#1104353 ).
    
      - net: hns3: fix the bug when map buffer fail (bsc#1104353
        ).
    
      - net: hns3: fix the bug when reuse command description in
        hclge_add_mac_vlan_tbl (bsc#1104353).
    
      - net: hns3: Fix the missing client list node
        initialization (bsc#1104353).
    
      - net: hns3: fix the ops check in hns3_get_rxnfc
        (bsc#1104353 ).
    
      - net: hns3: fix the queue id for tqp enable&&reset
        (bsc#1104353 ).
    
      - net: hns3: fix the ring count for ETHTOOL_GRXRINGS
        (bsc#1104353 ).
    
      - net: hns3: fix the TX/RX ring.queue_index in
        hns3_ring_get_cfg (bsc#1104353).
    
      - net: hns3: fix the VF queue reset flow error
        (bsc#1104353 ).
    
      - net: hns3: fix to correctly fetch l4 protocol outer
        header (bsc#1104353).
    
      - net: hns3: Fix to support autoneg only for port attached
        with phy (bsc#1104353).
    
      - net: hns3: Fix typo error for feild in hclge_tm
        (bsc#1104353 ).
    
      - net: hns3: free the ring_data structrue when change tqps
        (bsc#1104353).
    
      - net: hns3: get rss_size_max from configuration but not
        hardcode (bsc#1104353).
    
      - net: hns3: get vf count by pci_sriov_get_totalvfs
        (bsc#1104353 ).
    
      - net: hns3: hclge_inform_reset_assert_to_vf() can be
        static (bsc#1104353).
    
      - net: hns3: hns3:fix a bug about statistic counter in
        reset process (bsc#1104353).
    
      - net: hns3: hns3_get_channels() can be static
        (bsc#1104353 ).
    
      - net: hns3: Increase the default depth of bucket for TM
        shaper (bsc#1104353).
    
      - net: hns3: increase the max time for IMP handle command
        (bsc#1104353).
    
      - net: hns3: make local functions static (bsc#1104353 ).
    
      - net: hns3: Mask the packet statistics query when NIC is
        down (bsc#1104353).
    
      - net: hns3: Modify the update period of packet statistics
        (bsc#1104353).
    
      - net: hns3: never send command queue message to IMP when
        reset (bsc#1104353).
    
      - net: hns3: Optimize PF CMDQ interrupt switching process
        (bsc#1104353).
    
      - net: hns3: Optimize the PF's process of updating
        multicast MAC (bsc#1104353).
    
      - net: hns3: Optimize the VF's process of updating
        multicast MAC (bsc#1104353).
    
      - net: hns3: reallocate tx/rx buffer after changing mtu
        (bsc#1104353).
    
      - net: hns3: refactor GL update function (bsc#1104353 ).
    
      - net: hns3: refactor interrupt coalescing init function
        (bsc#1104353).
    
      - net: hns3: Refactor mac_init function (bsc#1104353).
    
      - net: hns3: Refactor of the reset interrupt handling
        logic (bsc#1104353).
    
      - net: hns3: Refactors the requested reset & pending reset
        handling code (bsc#1104353).
    
      - net: hns3: refactor the coalesce related struct
        (bsc#1104353 ).
    
      - net: hns3: refactor the get/put_vector function
        (bsc#1104353 ).
    
      - net: hns3: refactor the hclge_get/set_rss function
        (bsc#1104353 ).
    
      - net: hns3: refactor the hclge_get/set_rss_tuple function
        (bsc#1104353).
    
      - net: hns3: Refactor the initialization of command queue
        (bsc#1104353).
    
      - net: hns3: refactor the loopback related function
        (bsc#1104353 ).
    
      - net: hns3: Refactor the mapping of tqp to vport
        (bsc#1104353 ).
    
      - net: hns3: Refactor the skb receiving and transmitting
        function (bsc#1104353).
    
      - net: hns3: remove a couple of redundant assignments
        (bsc#1104353 ).
    
      - net: hns3: remove add/del_tunnel_udp in hns3_enet module
        (bsc#1104353).
    
      - net: hns3: Remove a useless member of struct hns3_stats
        (bsc#1104353).
    
      - net: hns3: Remove error log when getting pfc stats fails
        (bsc#1104353).
    
      - net: hns3: Remove packet statistics in the range of
        8192~12287 (bsc#1104353).
    
      - net: hns3: remove redundant memset when alloc buffer
        (bsc#1104353).
    
      - net: hns3: remove redundant semicolon (bsc#1104353).
    
      - net: hns3: Remove repeat statistic of rx_errors
        (bsc#1104353 ).
    
      - net: hns3: Removes unnecessary check when clearing TX/RX
        rings (bsc#1104353).
    
      - net: hns3: remove TSO config command from VF driver
        (bsc#1104353 ).
    
      - net: hns3: remove unnecessary pci_set_drvdata() and
        devm_kfree() (bsc#1104353).
    
      - net: hns3: remove unused GL setup function (bsc#1104353
        ).
    
      - net: hns3: remove unused hclgevf_cfg_func_mta_filter
        (bsc#1104353).
    
      - net: hns3: Remove unused led control code (bsc#1104353
        ).
    
      - net: hns3: report the function type the same line with
        hns3_nic_get_stats64 (bsc#1104353).
    
      - net: hns3: set the cmdq out_vld bit to 0 after used
        (bsc#1104353 ).
    
      - net: hns3: set the max ring num when alloc netdev
        (bsc#1104353 ).
    
      - net: hns3: Setting for fc_mode and dcb enable flag in TM
        module (bsc#1104353).
    
      - net: hns3: Support for dynamically assigning tx buffer
        to TC (bsc#1104353).
    
      - net: hns3: Unified HNS3 (VF|PF) Ethernet Driver for
        hip08 SoC (bsc#1104353).
    
      - net: hns3: unify the pause params setup function
        (bsc#1104353 ).
    
      - net: hns3: Unify the strings display of packet
        statistics (bsc#1104353).
    
      - net: hns3: Updates MSI/MSI-X alloc/free APIs(depricated)
        to new APIs (bsc#1104353).
    
      - net: hns3: Updates RX packet info fetch in case of multi
        BD (bsc#1104353).
    
      - net: hns3: Use enums instead of magic number in
        hclge_is_special_opcode (bsc#1104353).
    
      - net: hns3: VF should get the real rss_size instead of
        rss_size_max (bsc#1104353).
    
      - net: lan78xx: Fix race in tx pending skb size
        calculation (bsc#1100132).
    
      - net: lan78xx: fix rx handling before first packet is
        send (bsc#1100132).
    
      - net: qmi_wwan: add BroadMobi BM806U 2020:2033
        (bsc#1087092).
    
      - net: qmi_wwan: Add Netgear Aircard 779S (bsc#1090888).
    
      - net-usb: add qmi_wwan if on lte modem wistron neweb
        d18q1 (bsc#1087092).
    
      - net: usb: asix: replace mii_nway_restart in resume path
        (bsc#1100132).
    
      - orangefs: report attributes_mask and attributes for
        statx (bsc#1101832).
    
      - orangefs: set i_size on new symlink (bsc#1101845).
    
      - overflow.h: Add allocation size calculation helpers
        (bsc#1101116,).
    
      - powerpc/64: Add GENERIC_CPU support for little endian
        ().
    
      - powerpc/fadump: handle crash memory ranges array index
        overflow (bsc#1103269).
    
      - powerpc/fadump: merge adjacent memory ranges to reduce
        PT_LOAD segements (bsc#1103269).
    
      - powerpc/pkeys: Deny read/write/execute by default
        (bsc#1097577).
    
      - powerpc/pkeys: Fix calculation of total pkeys
        (bsc#1097577).
    
      - powerpc/pkeys: Give all threads control of their key
        permissions (bsc#1097577).
    
      - powerpc/pkeys: key allocation/deallocation must not
        change pkey registers (bsc#1097577).
    
      - powerpc/pkeys: make protection key 0 less special
        (bsc#1097577).
    
      - powerpc/pkeys: Preallocate execute-only key
        (bsc#1097577).
    
      - powerpc/pkeys: Save the pkey registers before fork
        (bsc#1097577).
    
      - qed*: Add link change count value to ethtool statistics
        display (bsc#1086314).
    
      - qed: Add qed APIs for PHY module query (bsc#1086314 ).
    
      - qed: Add srq core support for RoCE and iWARP
        (bsc#1086314 ).
    
      - qede: Add driver callbacks for eeprom module query
        (bsc#1086314 ).
    
      - qedf: Add get_generic_tlv_data handler (bsc#1086317).
    
      - qedf: Add support for populating ethernet TLVs
        (bsc#1086317).
    
      - qed: fix spelling mistake 'successffuly' ->
        'successfully' (bsc#1086314).
    
      - qedi: Add get_generic_tlv_data handler (bsc#1086315).
    
      - qedi: Add support for populating ethernet TLVs
        (bsc#1086315).
    
      - qed: Make some functions static (bsc#1086314).
    
      - qed: remove redundant functions qed_get_cm_pq_idx_rl
        (bsc#1086314).
    
      - qed: remove redundant functions
        qed_set_gft_event_id_cm_hdr (bsc#1086314).
    
      - qed: remove redundant pointer 'name' (bsc#1086314).
    
      - qed: use dma_zalloc_coherent instead of allocator/memset
        (bsc#1086314).
    
      - qed*: Utilize FW 8.37.2.0 (bsc#1086314).
    
      - rdma/hns: Add 64KB page size support for hip08
        (bsc#1104427 ).
    
      - rdma/hns: Add command queue support for hip08 RoCE
        driver (bsc#1104427).
    
      - rdma/hns: Add CQ operations support for hip08 RoCE
        driver (bsc#1104427).
    
      - rdma/hns: Add detailed comments for mb() call
        (bsc#1104427 ).
    
      - rdma/hns: Add eq support of hip08 (bsc#1104427).
    
      - rdma/hns: Add gsi qp support for modifying qp in hip08
        (bsc#1104427).
    
      - rdma/hns: Add mailbox's implementation for hip08 RoCE
        driver (bsc#1104427).
    
      - rdma/hns: Add modify CQ support for hip08 (bsc#1104427
        ).
    
      - rdma/hns: Add names to function arguments in function
        pointers (bsc#1104427).
    
      - rdma/hns: Add profile support for hip08 driver
        (bsc#1104427 ).
    
      - rdma/hns: Add QP operations support for hip08 SoC
        (bsc#1104427 ).
    
      - rdma/hns: Add releasing resource operation in error
        branch (bsc#1104427).
    
      - rdma/hns: Add rereg mr support for hip08 (bsc#1104427 ).
    
      - rdma/hns: Add reset process for RoCE in hip08
        (bsc#1104427 ).
    
      - rdma/hns: Add return operation when configured global
        param fail (bsc#1104427).
    
      - rdma/hns: Add rq inline data support for hip08 RoCE
        (bsc#1104427 ).
    
      - rdma/hns: Add rq inline flags judgement (bsc#1104427 ).
    
      - rdma/hns: Add sq_invld_flg field in QP context
        (bsc#1104427 ).
    
      - rdma/hns: Add support for processing send wr and receive
        wr (bsc#1104427).
    
      - rdma/hns: Add the interfaces to support multi hop
        addressing for the contexts in hip08 (bsc#1104427).
    
      - rdma/hns: Adjust the order of cleanup hem table
        (bsc#1104427 ).
    
      - rdma/hns: Assign dest_qp when deregistering mr
        (bsc#1104427 ).
    
      - rdma/hns: Assign the correct value for tx_cqn
        (bsc#1104427 ).
    
      - rdma/hns: Assign zero for pkey_index of wc in hip08
        (bsc#1104427 ).
    
      - rdma/hns: Avoid NULL pointer exception (bsc#1104427 ).
    
      - rdma/hns: Bugfix for cq record db for kernel
        (bsc#1104427 ).
    
      - rdma/hns: Bugfix for init hem table (bsc#1104427).
    
      - rdma/hns: Bugfix for rq record db for kernel
        (bsc#1104427 ).
    
      - rdma/hns: Check return value of kzalloc (bsc#1104427 ).
    
      - rdma/hns: Configure BT BA and BT attribute for the
        contexts in hip08 (bsc#1104427).
    
      - rdma/hns: Configure fence attribute in hip08 RoCE
        (bsc#1104427 ).
    
      - rdma/hns: Configure mac&gid and user access region for
        hip08 RoCE driver (bsc#1104427).
    
      - rdma/hns: Configure sgid type for hip08 RoCE
        (bsc#1104427 ).
    
      - rdma/hns: Configure the MTPT in hip08 (bsc#1104427).
    
      - rdma/hns: Configure TRRL field in hip08 RoCE device
        (bsc#1104427 ).
    
      - rdma/hns: Create gsi qp in hip08 (bsc#1104427).
    
      - rdma/hns: Delete the unnecessary initializing enum to
        zero (bsc#1104427).
    
      - rdma/hns: Do not unregister a callback we didn't
        register (bsc#1104427).
    
      - rdma/hns: Drop local zgid in favor of core defined
        variable (bsc#1104427).
    
      - rdma/hns: Enable inner_pa_vld filed of mpt (bsc#1104427
        ).
    
      - rdma/hns: Enable the cqe field of sqwqe of RC
        (bsc#1104427 ).
    
      - rdma/hns: ensure for-loop actually iterates and free's
        buffers (bsc#1104427).
    
      - rdma/hns: Fill sq wqe context of ud type in hip08
        (bsc#1104427 ).
    
      - rdma/hns: Filter for zero length of sge in hip08 kernel
        mode (bsc#1104427).
    
      - rdma/hns: Fix a bug with modifying mac address
        (bsc#1104427 ).
    
      - rdma/hns: Fix a couple misspellings (bsc#1104427).
    
      - rdma/hns: Fix calltrace for sleeping in atomic
        (bsc#1104427 ).
    
      - rdma/hns: Fix cqn type and init resp (bsc#1104427).
    
      - rdma/hns: Fix cq record doorbell enable in kernel
        (bsc#1104427 ).
    
      - rdma/hns: Fix endian problems around imm_data and rkey
        (bsc#1104427).
    
      - rdma/hns: Fix inconsistent warning (bsc#1104427).
    
      - rdma/hns: Fix init resp when alloc ucontext (bsc#1104427
        ).
    
      - rdma/hns: Fix misplaced call to
        hns_roce_cleanup_hem_table (bsc#1104427).
    
      - rdma/hns: Fix QP state judgement before receiving work
        requests (bsc#1104427).
    
      - rdma/hns: Fix QP state judgement before sending work
        requests (bsc#1104427).
    
      - rdma/hns: fix spelling mistake: 'Reseved' -> 'Reserved'
        (bsc#1104427).
    
      - rdma/hns: Fix the bug with NULL pointer (bsc#1104427 ).
    
      - rdma/hns: Fix the bug with rq sge (bsc#1104427).
    
      - rdma/hns: Fix the endian problem for hns (bsc#1104427 ).
    
      - rdma/hns: Fix the illegal memory operation when cross
        page (bsc#1104427).
    
      - rdma/hns: Fix the issue of IOVA not page continuous in
        hip08 (bsc#1104427).
    
      - rdma/hns: Fix the qp context state diagram (bsc#1104427
        ).
    
      - rdma/hns: Generate gid type of RoCEv2 (bsc#1104427).
    
      - rdma/hns: Get rid of page operation after
        dma_alloc_coherent (bsc#1104427).
    
      - rdma/hns: Get rid of virt_to_page and vmap calls after
        dma_alloc_coherent (bsc#1104427).
    
      - rdma/hns: Implement the disassociate_ucontext API
        (bsc#1104427 ).
    
      - rdma/hns: Increase checking CMQ status timeout value
        (bsc#1104427).
    
      - rdma/hns: Initialize the PCI device for hip08 RoCE
        (bsc#1104427 ).
    
      - rdma/hns: Intercept illegal RDMA operation when use
        inline data (bsc#1104427).
    
      - rdma/hns: Load the RoCE dirver automatically
        (bsc#1104427 ).
    
      - rdma/hns: make various function static, fixes warnings
        (bsc#1104427).
    
      - rdma/hns: Modify assignment device variable to support
        both PCI device and platform device (bsc#1104427).
    
      - rdma/hns: Modify the usage of cmd_sn in hip08
        (bsc#1104427 ).
    
      - rdma/hns: Modify the value with rd&dest_rd of qp_attr
        (bsc#1104427).
    
      - rdma/hns: Modify uar allocation algorithm to avoid
        bitmap exhaust (bsc#1104427).
    
      - rdma/hns: Move priv in order to add multiple hns_roce
        support (bsc#1104427).
    
      - rdma/hns: Move the location for initializing tmp_len
        (bsc#1104427).
    
      - rdma/hns: Not support qp transition from reset to reset
        for hip06 (bsc#1104427).
    
      - rdma/hns: Only assign dest_qp if IB_QP_DEST_QPN bit is
        set (bsc#1104427).
    
      - rdma/hns: Only assign dqpn if IB_QP_PATH_DEST_QPN bit is
        set (bsc#1104427).
    
      - rdma/hns: Only assign mtu if IB_QP_PATH_MTU bit is set
        (bsc#1104427).
    
      - rdma/hns: Refactor code for readability (bsc#1104427 ).
    
      - rdma/hns: Refactor eq code for hip06 (bsc#1104427).
    
      - rdma/hns: remove redundant assignment to variable j
        (bsc#1104427 ).
    
      - rdma/hns: Remove some unnecessary attr_mask judgement
        (bsc#1104427).
    
      - rdma/hns: Remove unnecessary operator (bsc#1104427).
    
      - rdma/hns: Remove unnecessary platform_get_resource()
        error check (bsc#1104427).
    
      - rdma/hns: Rename the idx field of db (bsc#1104427).
    
      - rdma/hns: Replace condition statement using hardware
        version information (bsc#1104427).
    
      - rdma/hns: Replace __raw_write*(cpu_to_le*()) with LE
        write*() (bsc#1104427).
    
      - rdma/hns: return 0 rather than return a garbage status
        value (bsc#1104427).
    
      - rdma/hns_roce: Do not check return value of
        zap_vma_ptes() (bsc#1104427).
    
      - rdma/hns: Set access flags of hip08 RoCE (bsc#1104427 ).
    
      - rdma/hns: Set desc_dma_addr for zero when free cmq desc
        (bsc#1104427).
    
      - rdma/hns: Set NULL for __internal_mr (bsc#1104427).
    
      - rdma/hns: Set rdma_ah_attr type for querying qp
        (bsc#1104427 ).
    
      - rdma/hns: Set se attribute of sqwqe in hip08
        (bsc#1104427 ).
    
      - rdma/hns: Set sq_cur_sge_blk_addr field in QPC in hip08
        (bsc#1104427).
    
      - rdma/hns: Set the guid for hip08 RoCE device
        (bsc#1104427 ).
    
      - rdma/hns: Set the owner field of SQWQE in hip08 RoCE
        (bsc#1104427).
    
      - rdma/hns: Split CQE from MTT in hip08 (bsc#1104427).
    
      - rdma/hns: Split hw v1 driver from hns roce driver
        (bsc#1104427 ).
    
      - rdma/hns: Submit bad wr (bsc#1104427).
    
      - rdma/hns: Support cq record doorbell for kernel space
        (bsc#1104427).
    
      - rdma/hns: Support cq record doorbell for the user space
        (bsc#1104427).
    
      - rdma/hns: Support multi hop addressing for PBL in hip08
        (bsc#1104427).
    
      - rdma/hns: Support rq record doorbell for kernel space
        (bsc#1104427).
    
      - rdma/hns: Support rq record doorbell for the user space
        (bsc#1104427).
    
      - rdma/hns: Support WQE/CQE/PBL page size configurable
        feature in hip08 (bsc#1104427).
    
      - rdma/hns: Unify the calculation for hem index in hip08
        (bsc#1104427).
    
      - rdma/hns: Update assignment method for owner field of
        send wqe (bsc#1104427).
    
      - rdma/hns: Update calculation of irrl_ba field for hip08
        (bsc#1104427).
    
      - rdma/hns: Update convert function of endian format
        (bsc#1104427 ).
    
      - rdma/hns: Update the interfaces for MTT/CQE multi hop
        addressing in hip08 (bsc#1104427).
    
      - rdma/hns: Update the IRRL table chunk size in hip08
        (bsc#1104427 ).
    
      - rdma/hns: Update the PD&CQE&MTT specification in hip08
        (bsc#1104427).
    
      - rdma/hns: Update the usage of ack timeout in hip08
        (bsc#1104427 ).
    
      - rdma/hns: Update the usage of sr_max and rr_max field
        (bsc#1104427).
    
      - rdma/hns: Update the verbs of polling for completion
        (bsc#1104427).
    
      - rdma/hns: Use free_pages function instead of free_page
        (bsc#1104427).
    
      - rdma/hns: Use structs to describe the uABI instead of
        opencoding (bsc#1104427).
    
      - rdma/qedr: Fix NULL pointer dereference when running
        over iWARP without RDMA-CM (bsc#1086314).
    
      - rdma/qedr: fix spelling mistake: 'adrresses' ->
        'addresses' (bsc#1086314).
    
      - rdma/qedr: fix spelling mistake: 'failes' -> 'fails'
        (bsc#1086314).
    
      - reiserfs: fix buffer overflow with long warning messages
        (bsc#1101847).
    
      -
        reiserfs-fix-buffer-overflow-with-long-warning-messa.pat
        ch: Silence bogus compiler warning about unused result
        of strscpy().
    
      - s390/dasd: configurable IFCC handling (bsc#1097808).
    
      - sched/smt: Update sched_smt_present at runtime
        (bsc#1089343).
    
      - scsi: mpt3sas: Add an I/O barrier (bsc#1086906,).
    
      - scsi: mpt3sas: Added support for SAS Device Discovery
        Error Event (bsc#1086906,).
    
      - scsi: mpt3sas: Add PCI device ID for Andromeda
        (bsc#1086906,).
    
      - scsi: mpt3sas: Allow processing of events during driver
        unload (bsc#1086906,).
    
      - scsi: mpt3sas: As per MPI-spec, use combined reply queue
        for SAS3.5 controllers when HBA supports more than 16
        MSI-x vectors (bsc#1086906,).
    
      - scsi: mpt3sas: Bug fix for big endian systems
        (bsc#1086906,).
    
      - scsi: mpt3sas: Cache enclosure pages during enclosure
        add (bsc#1086906,).
    
      - scsi: mpt3sas: clarify mmio pointer types
        (bsc#1086906,).
    
      - scsi: mpt3sas: Configure reply post queue depth, DMA and
        sgl tablesize (bsc#1086906,).
    
      - scsi: mpt3sas: Do not abort I/Os issued to NVMe drives
        while processing Async Broadcast primitive event
        (bsc#1086906,).
    
      - scsi: mpt3sas: Do not access the structure after
        decrementing it's instance reference count
        (bsc#1086906,).
    
      - scsi: mpt3sas: Do not mark fw_event workqueue as
        WQ_MEM_RECLAIM (bsc#1086906,).
    
      - scsi: mpt3sas: Enhanced handling of Sense Buffer
        (bsc#1086906,).
    
      - scsi: mpt3sas: Fix, False timeout prints for ioctl and
        other internal commands during controller reset
        (bsc#1086906,).
    
      - scsi: mpt3sas: fix possible memory leak (bsc#1086906,).
    
      - scsi: mpt3sas: fix spelling mistake: 'disbale' ->
        'disable' (bsc#1086906,).
    
      - scsi: mpt3sas: For NVME device, issue a protocol level
        reset (bsc#1086906,).
    
      - scsi: mpt3sas: Incorrect command status was set/marked
        as not used (bsc#1086906,).
    
      - scsi: mpt3sas: Increase event log buffer to support 24
        port HBA's (bsc#1086906,).
    
      - scsi: mpt3sas: Introduce API to get BAR0 mapped buffer
        address (bsc#1086906,).
    
      - scsi: mpt3sas: Introduce Base function for cloning
        (bsc#1086906,).
    
      - scsi: mpt3sas: Introduce function to clone mpi reply
        (bsc#1086906,).
    
      - scsi: mpt3sas: Introduce function to clone mpi request
        (bsc#1086906,).
    
      - scsi: mpt3sas: Lockless access for chain buffers
        (bsc#1086906,).
    
      - scsi: mpt3sas: Optimize I/O memory consumption in driver
        (bsc#1086906,).
    
      - scsi: mpt3sas: Pre-allocate RDPQ Array at driver boot
        time (bsc#1086906,).
    
      - scsi: mpt3sas: Replace PCI pool old API (bsc#1081917). -
        Refresh
        patches.drivers/scsi-mpt3sas-SGL-to-PRP-Translation-for-
        I-Os-to-NVMe.patch.
    
      - scsi: mpt3sas: Report Firmware Package Version from HBA
        Driver (bsc#1086906,).
    
      - scsi: mpt3sas: Update driver version '25.100.00.00'
        (bsc#1086906,).
    
      - scsi: mpt3sas: Update driver version '26.100.00.00'
        (bsc#1086906,).
    
      - scsi: mpt3sas: Update MPI Headers (bsc#1086906,).
    
      - scsi: qedf: Add additional checks when restarting an
        rport due to ABTS timeout (bsc#1086317).
    
      - scsi: qedf: Add check for offload before flushing I/Os
        for target (bsc#1086317).
    
      - scsi: qedf: Add dcbx_not_wait module parameter so we
        won't wait for DCBX convergence to start discovery
        (bsc#1086317).
    
      - scsi: qedf: Add missing skb frees in error path
        (bsc#1086317).
    
      - scsi: qedf: Add more defensive checks for concurrent
        error conditions (bsc#1086317).
    
      - scsi: qedf: Add task id to kref_get_unless_zero() debug
        messages when flushing requests (bsc#1086317).
    
      - scsi: qedf: Check if link is already up when receiving a
        link up event from qed (bsc#1086317).
    
      - scsi: qedf: fix LTO-enabled build (bsc#1086317).
    
      - scsi: qedf: Fix VLAN display when printing sent FIP
        frames (bsc#1086317).
    
      - scsi: qedf: Honor default_prio module parameter even if
        DCBX does not converge (bsc#1086317).
    
      - scsi: qedf: Honor priority from DCBX FCoE App tag
        (bsc#1086317).
    
      - scsi: qedf: If qed fails to enable MSI-X fail PCI probe
        (bsc#1086317).
    
      - scsi: qedf: Improve firmware debug dump handling
        (bsc#1086317).
    
      - scsi: qedf: Increase the number of default FIP VLAN
        request retries to 60 (bsc#1086317).
    
      - scsi: qedf: Release RRQ reference correctly when RRQ
        command times out (bsc#1086317).
    
      - scsi: qedf: remove redundant initialization of 'fcport'
        (bsc#1086317).
    
      - scsi: qedf: Remove setting DCBX pending during soft
        context reset (bsc#1086317).
    
      - scsi: qedf: Return request as DID_NO_CONNECT if MSI-X is
        not enabled (bsc#1086317).
    
      - scsi: qedf: Sanity check FCoE/FIP priority value to make
        sure it's between 0 and 7 (bsc#1086317).
    
      - scsi: qedf: Send the driver state to MFW (bsc#1086317).
    
      - scsi: qedf: Set the UNLOADING flag when removing a vport
        (bsc#1086317).
    
      - scsi: qedf: Synchronize rport restarts when multiple ELS
        commands time out (bsc#1086317).
    
      - scsi: qedf: Update copyright for 2018 (bsc#1086317).
    
      - scsi: qedf: Update version number to 8.33.16.20
        (bsc#1086317).
    
      - scsi: qedf: use correct strncpy() size (bsc#1086317).
    
      - scsi: qedi: fix building with LTO (bsc#1086315).
    
      - scsi: qedi: fix build regression (bsc#1086315).
    
      - scsi: qedi: Fix kernel crash during port toggle
        (bsc#1086315).
    
      - scsi: qedi: Send driver state to MFW (bsc#1086315).
    
      - scsi: qla2xxx: correctly shift host byte (bsc#1086327,).
    
      - scsi: qla2xxx: Correct setting of
        SAM_STAT_CHECK_CONDITION (bsc#1086327,).
    
      - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command
        (bsc#1086327,).
    
      - scsi: qla2xxx: Fix Inquiry command being dropped in
        Target mode (bsc#1086327,).
    
      - scsi: qla2xxx: Fix race condition between iocb timeout
        and initialisation (bsc#1086327,).
    
      - scsi: qla2xxx: Fix Rport and session state getting out
        of sync (bsc#1086327,).
    
      - scsi: qla2xxx: Fix sending ADISC command for login
        (bsc#1086327,).
    
      - scsi: qla2xxx: Fix setting lower transfer speed if GPSC
        fails (bsc#1086327,).
    
      - scsi: qla2xxx: Fix TMF and Multi-Queue config
        (bsc#1086327,).
    
      - scsi: qla2xxx: Move GPSC and GFPNID out of session
        management (bsc#1086327,).
    
      - scsi: qla2xxx: Prevent relogin loop by removing stale
        code (bsc#1086327,).
    
      - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs
        (bsc#1086327,).
    
      - scsi: qla2xxx: remove irq save in qla2x00_poll()
        (bsc#1086327,).
    
      - scsi: qla2xxx: Remove stale debug value for login_retry
        flag (bsc#1086327,).
    
      - scsi: qla2xxx: Update driver version to 10.00.00.07-k
        (bsc#1086327,).
    
      - scsi: qla2xxx: Use predefined get_datalen_for_atio()
        inline function (bsc#1086327,).
    
      - scsi: qla4xxx: Move an array from a .h into a .c file
        (bsc#1086331).
    
      - scsi: qla4xxx: Remove unused symbols (bsc#1086331).
    
      - scsi: qla4xxx: skip error recovery in case of register
        disconnect (bsc#1086331).
    
      - scsi: qla4xxx: Use dma_pool_zalloc() (bsc#1086331).
    
      - scsi: qla4xxx: Use zeroing allocator rather than
        allocator/memset (bsc#1086331).
    
      - selftests/powerpc: Fix core-pkey for default execute
        permission change (bsc#1097577).
    
      - selftests/powerpc: Fix ptrace-pkey for default execute
        permission change (bsc#1097577).
    
      - supported.conf: add drivers/md/dm-writecache
    
      - supported.conf: added hns3 modules
    
      - supported.conf: added hns-roce-hw-v1 and hns-roce-hw-v2
    
      - supported.conf: Enable HiSi v3 SAS adapter ()
    
      - tcp_rbd depends on BLK_DEV_RBD ().
    
      - typec: tcpm: fusb302: Resolve out of order messaging
        events (bsc#1087092).
    
      - udf: Detect incorrect directory size (bsc#1101891).
    
      - udf: Provide saner default for invalid uid / gid
        (bsc#1101890).
    
      - vfs: add the sb_start_intwrite_trylock() helper
        (bsc#1101841).
    
      - x86/apic: Ignore secondary threads if nosmt=force
        (bsc#1089343).
    
      - x86/CPU/AMD: Do not check CPUID max ext level before
        parsing SMP info (bsc#1089343).
    
      - x86/cpu/AMD: Evaluate smp_num_siblings early
        (bsc#1089343).
    
      - x86/CPU/AMD: Move TOPOEXT reenablement before reading
        smp_num_siblings (bsc#1089343).
    
      - x86/cpu/AMD: Remove the pointless detect_ht() call
        (bsc#1089343).
    
      - x86/cpu/common: Provide detect_ht_early() (bsc#1089343).
    
      - x86/cpu/intel: Evaluate smp_num_siblings early
        (bsc#1089343).
    
      - x86/cpu: Remove the pointless CPU printout
        (bsc#1089343).
    
      - x86/cpu/topology: Provide
        detect_extended_topology_early() (bsc#1089343).
    
      - x86/KVM/VMX: Add module argument for L1TF mitigation.
    
      - x86/smp: Provide topology_is_primary_thread()
        (bsc#1089343).
    
      - x86/topology: Provide topology_smt_supported()
        (bsc#1089343).
    
      - x86/xen: init %gs very early to avoid page faults with
        stack protector (bnc#1104777).
    
      - xen-netback: fix input validation in
        xenvif_set_hash_mapping() (bnc#1103277).
    
      - xen/netfront: do not cache skb_shinfo() (bnc#1065600).
    
      - xfs: catch inode allocation state mismatch corruption
        (bsc#1104211).
    
      - xfs: prevent creating negative-sized file via
        INSERT_RANGE (bsc#1101833)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1081917"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086288"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086315"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086327"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086331"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086906"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087081"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087092"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089343"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097104"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097577"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097808"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099844"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099845"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099846"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099849"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099863"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099864"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100132"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101116"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101828"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101832"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101833"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101839"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101844"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101845"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101847"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101852"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101853"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101867"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101872"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101874"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101875"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101885"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101887"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101890"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101891"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101895"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101900"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102340"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103097"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103269"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103277"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103363"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103445"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103886"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104066"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104211"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104319"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104353"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104365"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104427"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104494"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104495"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104708"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104777"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10877");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-base-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-base-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-debugsource-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-devel-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-devel-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-base-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-base-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-debugsource-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-devel-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-devel-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-devel-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-docs-html-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-base-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-debugsource-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-devel-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-macros-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-build-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-build-debugsource-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-qa-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-source-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-source-vanilla-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-syms-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-base-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-debugsource-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-devel-4.12.14-lp150.12.16.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.16.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1919.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323) - A flaw was found in the Linux kernel
    last seen2020-05-08
    modified2019-09-16
    plugin id128842
    published2019-09-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128842
    titleEulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1919)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128842);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2018-10323",
        "CVE-2018-10879",
        "CVE-2018-10883",
        "CVE-2018-13406",
        "CVE-2018-15594",
        "CVE-2018-16871",
        "CVE-2018-20856",
        "CVE-2019-12378",
        "CVE-2019-12381",
        "CVE-2019-12382",
        "CVE-2019-12614",
        "CVE-2019-13631",
        "CVE-2019-13648",
        "CVE-2019-14283",
        "CVE-2019-14284"
      );
    
      script_name(english:"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1919)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - The xfs_bmap_extents_to_btree function in
        fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through
        4.16.3 allows local users to cause a denial of service
        (xfs_bmapi_write NULL pointer dereference) via a
        crafted xfs image.(CVE-2018-10323)
    
      - A flaw was found in the Linux kernel's ext4 filesystem.
        A local user can cause a use-after-free in
        ext4_xattr_set_entry function and a denial of service
        or unspecified other impact may occur by renaming a
        file in a crafted ext4 filesystem
        image.(CVE-2018-10879)
    
      - A flaw was found in the Linux kernel's ext4 filesystem.
        A local user can cause an out-of-bound write in
        jbd2_journal_dirty_metadata(), a denial of service, and
        a system crash by mounting and operating on a crafted
        ext4 filesystem image. (CVE-2018-10883)
    
      - The Linux kernel was found vulnerable to an integer
        overflow in the
        drivers/video/fbdev/uvesafb.c:uvesafb_setcmap()
        function. The vulnerability could result in local
        attackers being able to crash the kernel or potentially
        elevate privileges.(CVE-2018-13406)
    
      - It was found that paravirt_patch_call/jump() functions
        in the arch/x86/kernel/paravirt.c in the Linux kernel
        mishandles certain indirect calls, which makes it
        easier for attackers to conduct Spectre-v2 attacks
        against paravirtualized guests. (CVE-2018-15594)
    
      - A flaw was found in the Linux kernel's NFS
        implementation. An attacker, who is able to mount an
        exported NFS filesystem, is able to trigger a null
        pointer dereference by using an invalid NFS sequence.
        This can panic the machine and deny access to the NFS
        server. Any outstanding disk writes to the NFS server
        will be lost. (CVE-2018-16871)
    
      - A vulnerability was found in the Linux kernelaEURtms
        floppy disk driver implementation. A local attacker
        with access to the floppy device could call
        set_geometry in drivers/block/floppy.c, which does not
        validate the sect and head fields, causing an integer
        overflow and out-of-bounds read. This flaw may crash
        the system or allow an attacker to gather information
        causing subsequent successful attacks. (CVE-2019-14283)
    
      - A vulnerability was found in the Linux kernelaEURtms
        floppy disk driver implementation. A local attacker
        with access to the floppy disk device file (/dev/fd0
        through to /dev/fdN) can create a situation that causes
        the kernel to divide by zero. This requires two
        consecutive ioctl calls to be issued. The first ioctl
        call sets the sector and rate values, and the second
        ioctl is the call to format the floppy disk to the
        appropriate values. This flaw can cause the system to
        divide by zero and panic the host. No media (floppy) is
        required to be inserted for this attack to work
        properly.(CVE-2019-14284)
    
      - In the Linux kernel through 5.2.1 on the powerpc
        platform, when hardware transactional memory is
        disabled, a local user can cause a denial of service
        (TM Bad Thing exception and system crash) via a
        sigreturn() system call that sends a crafted signal
        frame. This affects arch/powerpc/kernel/signal_32.c and
        arch/powerpc/kernel/signal_64.c.(CVE-2019-13648)
    
      - In parse_hid_report_descriptor in
        drivers/input/tablet/gtco.c in the Linux kernel through
        5.2.1, a malicious USB device can send an HID report
        that triggers an out-of-bounds write during generation
        of debugging messages. (CVE-2019-13631)
    
      - An issue was discovered in drm_load_edid_firmware in
        drivers/gpu/drm/drm_edid_load.c in the Linux kernel
        through 5.1.5. There is an unchecked kstrdup of fwstr,
        which might allow an attacker to cause a denial of
        service (NULL pointer dereference and system crash).
        NOTE: The vendor disputes this issues as not being a
        vulnerability because kstrdup() returning NULL is
        handled sufficiently and there is no chance for a NULL
        pointer dereference. (CVE-2019-12382)
    
      - An issue was discovered in dlpar_parse_cc_property in
        arch/powerpc/platforms/pseries/dlpar.c in the Linux
        kernel through 5.1.6. There is an unchecked kstrdup of
        prop-i1/4zname, which might allow an attacker to cause a
        denial of service (NULL pointer dereference and system
        crash). (CVE-2019-12614)
    
      - An issue was discovered in the Linux kernel before
        4.18.7. In block/blk-core.c, there is an
        __blk_drain_queue() use-after-free because a certain
        error case is mishandled.(CVE-2018-20856)
    
      - An issue was discovered in ip_ra_control in
        net/ipv4/ip_sockglue.c in the Linux kernel through
        5.1.5. There is an unchecked kmalloc of new_ra, which
        might allow an attacker to cause a denial of service
        (NULL pointer dereference and system crash). NOTE: this
        is disputed because new_ra is never used if it is
        NULL.(CVE-2019-12381)
    
      - An issue was discovered in ip6_ra_control in
        net/ipv6/ipv6_sockglue.c in the Linux kernel through
        5.1.5. There is an unchecked kmalloc of new_ra, which
        might allow an attacker to cause a denial of service
        (NULL pointer dereference and system crash). NOTE: This
        has been disputed as not an issue.(CVE-2019-12378)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1919
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1fdbaa67");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-13406");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-862.14.1.2.h239.eulerosv2r7",
            "kernel-devel-3.10.0-862.14.1.2.h239.eulerosv2r7",
            "kernel-headers-3.10.0-862.14.1.2.h239.eulerosv2r7",
            "kernel-tools-3.10.0-862.14.1.2.h239.eulerosv2r7",
            "kernel-tools-libs-3.10.0-862.14.1.2.h239.eulerosv2r7",
            "perf-3.10.0-862.14.1.2.h239.eulerosv2r7",
            "python-perf-3.10.0-862.14.1.2.h239.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-885.NASL
    descriptionThe openSUSE Leap 42.3 kernel was updated to 4.4.143 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn
    last seen2020-06-05
    modified2018-08-20
    plugin id111997
    published2018-08-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111997
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2018-885) (Foreshadow)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-885.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111997);
      script_version("1.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-18344", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-14734", "CVE-2018-3620", "CVE-2018-3646", "CVE-2018-5390", "CVE-2018-5391");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2018-885) (Foreshadow)");
      script_summary(english:"Check for the openSUSE-2018-885 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE Leap 42.3 kernel was updated to 4.4.143 to receive
    various security and bugfixes.
    
    The following security bugs were fixed :
    
      - CVE-2017-18344: The timer_create syscall implementation
        in kernel/time/posix-timers.c didn't properly validate
        the sigevent->sigev_notify field, which leads to
        out-of-bounds access in the show_timer function (called
        when /proc/$PID/timers is read). This allowed userspace
        applications to read arbitrary kernel memory (on a
        kernel built with CONFIG_POSIX_TIMERS and
        CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 bnc#1103580).
    
      - CVE-2018-10876: A flaw was found in Linux kernel in the
        ext4 filesystem code. A use-after-free is possible in
        ext4_ext_remove_space() function when mounting and
        operating a crafted ext4 image. (bnc#1099811)
    
      - CVE-2018-10877: Linux kernel ext4 filesystem is
        vulnerable to an out-of-bound access in the
        ext4_ext_drop_refs() function when operating on a
        crafted ext4 filesystem image. (bnc#1099846)
    
      - CVE-2018-10878: A flaw was found in the ext4 filesystem.
        A local user can cause an out-of-bounds write and a
        denial of service or unspecified other impact is
        possible by mounting and operating a crafted ext4
        filesystem image. (bnc#1099813)
    
      - CVE-2018-10879: A flaw was found in the ext4 filesystem.
        A local user can cause a use-after-free in
        ext4_xattr_set_entry function and a denial of service or
        unspecified other impact may occur by renaming a file in
        a crafted ext4 filesystem image. (bnc#1099844)
    
      - CVE-2018-10880: Linux kernel is vulnerable to a
        stack-out-of-bounds write in the ext4 filesystem code
        when mounting and writing to a crafted ext4 image in
        ext4_update_inline_data(). An attacker could use this to
        cause a system crash and a denial of service.
        (bnc#1099845)
    
      - CVE-2018-10881: A flaw was found in the ext4 filesystem.
        A local user can cause an out-of-bound access in
        ext4_get_group_info function, a denial of service, and a
        system crash by mounting and operating on a crafted ext4
        filesystem image. (bnc#1099864)
    
      - CVE-2018-10882: A flaw was found in the ext4 filesystem.
        A local user can cause an out-of-bound write in in
        fs/jbd2/transaction.c code, a denial of service, and a
        system crash by unmounting a crafted ext4 filesystem
        image. (bnc#1099849)
    
      - CVE-2018-10883: A flaw was found in the ext4 filesystem.
        A local user can cause an out-of-bounds write in
        jbd2_journal_dirty_metadata(), a denial of service, and
        a system crash by mounting and operating on a crafted
        ext4 filesystem image. (bnc#1099863)
    
      - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed
        ucma_leave_multicast to access a certain data structure
        after a cleanup step in ucma_process_join, which allowed
        attackers to cause a denial of service (use-after-free)
        (bnc#1103119).
    
      - CVE-2018-3620: Systems with microprocessors utilizing
        speculative execution and address translations may allow
        unauthorized disclosure of information residing in the
        L1 data cache to an attacker with local user access via
        a terminal page fault and a side-channel analysis
        (bnc#1087081 1089343 ).
    
      - CVE-2018-3646: Systems with microprocessors utilizing
        speculative execution and address translations may allow
        unauthorized disclosure of information residing in the
        L1 data cache to an attacker with local user access with
        guest OS privilege via a terminal page fault and a
        side-channel analysis (bnc#1089343 1104365).
    
      - CVE-2018-5390 aka 'SegmentSmack': The Linux kernel could
        be forced to make very expensive calls to
        tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for
        every incoming packet which can lead to a denial of
        service (bnc#1102340).
    
      - CVE-2018-5391 aka 'FragmentSmack': A flaw in the IP
        packet reassembly could be used by remote attackers to
        consume lots of CPU time (bnc#1103097).
    
    The following non-security bugs were fixed :
    
      - Add support for 5,25,50, and 100G to 802.3ad bonding
        driver (bsc#1096978)
    
      - ahci: Disable LPM on Lenovo 50 series laptops with a too
        old BIOS (bnc#1012382).
    
      - arm64: do not open code page table entry creation
        (bsc#1102197).
    
      - arm64: kpti: Use early_param for kpti= command-line
        option (bsc#1102188).
    
      - arm64: Make sure permission updates happen for pmd/pud
        (bsc#1102197).
    
      - atm: zatm: Fix potential Spectre v1 (bnc#1012382).
    
      - bcm63xx_enet: correct clock usage (bnc#1012382).
    
      - bcm63xx_enet: do not write to random DMA channel on
        BCM6345 (bnc#1012382).
    
      - blkcg: simplify statistic accumulation code
        (bsc#1082979).
    
      - block: copy ioprio in __bio_clone_fast() (bsc#1082653).
    
      - block/swim: Fix array bounds check (bsc#1082979).
    
      - bpf: fix loading of BPF_MAXINSNS sized programs
        (bsc#1012382).
    
      - bpf, x64: fix memleak when not converging after image
        (bsc#1012382).
    
      - btrfs: Do not remove block group still has pinned down
        bytes (bsc#1086457).
    
      - cachefiles: Fix missing clear of the
        CACHEFILES_OBJECT_ACTIVE flag (bsc#1099858).
    
      - cachefiles: Fix refcounting bug in backing-file read
        monitoring (bsc#1099858).
    
      - cachefiles: Wait rather than BUG'ing on 'Unexpected
        object collision' (bsc#1099858).
    
      - cifs: fix bad/NULL ptr dereferencing in
        SMB2_sess_setup() (bsc#1090123).
    
      - compiler, clang: always inline when
        CONFIG_OPTIMIZE_INLINING is disabled (bnc#1012382).
    
      - compiler, clang: properly override 'inline' for clang
        (bnc#1012382).
    
      - compiler, clang: suppress warning for unused static
        inline functions (bnc#1012382).
    
      - compiler-gcc.h: Add __attribute__((gnu_inline)) to all
        inline declarations (bnc#1012382).
    
      - cpu/hotplug: Add sysfs state interface (bsc#1089343).
    
      - cpu/hotplug: Provide knobs to control SMT (bsc#1089343).
    
      - cpu/hotplug: Split do_cpu_down() (bsc#1089343).
    
      - crypto: crypto4xx - fix crypto4xx_build_pdr,
        crypto4xx_build_sdr leak (bnc#1012382).
    
      - crypto: crypto4xx - remove bad list_del (bnc#1012382).
    
      - dm thin metadata: remove needless work from
        __commit_transaction (bsc#1082979).
    
      - drm/msm: Fix possible null dereference on failure of
        get_pages() (bsc#1102394).
    
      - drm: re-enable error handling (bsc#1103884).
    
      - esp6: fix memleak on error path in esp6_input
        (git-fixes).
    
      - ext4: check for allocation block validity with block
        group locked (bsc#1104495).
    
      - ext4: do not update s_last_mounted of a frozen fs
        (bsc#1101841).
    
      - ext4: factor out helper ext4_sample_last_mounted()
        (bsc#1101841).
    
      - ext4: fix check to prevent initializing reserved inodes
        (bsc#1104319).
    
      - ext4: fix false negatives *and* false positives in
        ext4_check_descriptors() (bsc#1103445).
    
      - ext4: fix inline data updates with checksums enabled
        (bsc#1104494).
    
      - fscache: Allow cancelled operations to be enqueued
        (bsc#1099858).
    
      - fscache: Fix reference overput in
        fscache_attach_object() error handling (bsc#1099858).
    
      - genirq: Make force irq threading setup more robust
        (bsc#1082979).
    
      - hid: usbhid: add quirk for innomedia INNEX GENESIS/ATARI
        adapter (bnc#1012382).
    
      - ib/isert: fix T10-pi check mask setting (bsc#1082979).
    
      - ibmasm: do not write out of bounds in read handler
        (bnc#1012382).
    
      - ibmvnic: Fix error recovery on login failure
        (bsc#1101789).
    
      - ibmvnic: Remove code to request error information
        (bsc#1104174).
    
      - ibmvnic: Revise RX/TX queue error messages
        (bsc#1101331).
    
      - ibmvnic: Update firmware error reporting with cause
        string (bsc#1104174).
    
      - iw_cxgb4: correctly enforce the max reg_mr depth
        (bnc#1012382).
    
      - kabi protect includes in include/linux/inet.h
        (bsc#1095643).
    
      - kabi protect net/core/utils.c includes (bsc#1095643).
    
      - kABI: protect struct loop_device (kabi).
    
      - kABI: reintroduce __static_cpu_has_safe (kabi).
    
      - Kbuild: fix # escaping in .cmd files for future Make
        (bnc#1012382).
    
      - keys: DNS: fix parsing multiple options (bnc#1012382).
    
      - kvm: arm/arm64: Drop resource size check for GICV window
        (bsc#1102215).
    
      - kvm: arm/arm64: Set dist->spis to NULL after kfree
        (bsc#1102214).
    
      - libata: do not try to pass through NCQ commands to
        non-NCQ devices (bsc#1082979).
    
      - loop: add recursion validation to LOOP_CHANGE_FD
        (bnc#1012382).
    
      - loop: remember whether sysfs_create_group() was done
        (bnc#1012382).
    
      - mmc: dw_mmc: fix card threshold control configuration
        (bsc#1102203).
    
      - mm: check VMA flags to avoid invalid PROT_NONE NUMA
        balancing (bsc#1097771).
    
      - net: cxgb3_main: fix potential Spectre v1 (bnc#1012382).
    
      - net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
        (bnc#1012382).
    
      - net: dccp: switch rx_tstamp_last_feedback to monotonic
        clock (bnc#1012382).
    
      - netfilter: ebtables: reject non-bridge targets
        (bnc#1012382).
    
      - netfilter: nf_queue: augment nfqa_cfg_policy
        (bnc#1012382).
    
      - netfilter: x_tables: initialise match/target check
        parameter struct (bnc#1012382).
    
      - net/mlx5: Fix command interface race in polling mode
        (bnc#1012382).
    
      - net/mlx5: Fix incorrect raw command length parsing
        (bnc#1012382).
    
      - net: mvneta: fix the Rx desc DMA address in the Rx path
        (bsc#1102207).
    
      - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned
        NULL (bnc#1012382).
    
      - net: off by one in inet6_pton() (bsc#1095643).
    
      - net: phy: marvell: Use strlcpy() for
        ethtool::get_strings (bsc#1102205).
    
      - net_sched: blackhole: tell upper qdisc about dropped
        packets (bnc#1012382).
    
      - net: sungem: fix rx checksum support (bnc#1012382).
    
      - net/utils: generic inet_pton_with_scope helper
        (bsc#1095643).
    
      - null_blk: use sector_div instead of do_div
        (bsc#1082979).
    
      - nvme-rdma: Check remotely invalidated rkey matches our
        expected rkey (bsc#1092001).
    
      - nvme-rdma: default MR page size to 4k (bsc#1092001).
    
      - nvme-rdma: do not complete requests before a send work
        request has completed (bsc#1092001).
    
      - nvme-rdma: do not suppress send completions
        (bsc#1092001).
    
      - nvme-rdma: Fix command completion race at error recovery
        (bsc#1090435).
    
      - nvme-rdma: make nvme_rdma_[create|destroy]_queue_ib
        symmetrical (bsc#1092001).
    
      - nvme-rdma: use inet_pton_with_scope helper
        (bsc#1095643).
    
      - nvme-rdma: Use mr pool (bsc#1092001).
    
      - nvme-rdma: wait for local invalidation before completing
        a request (bsc#1092001).
    
      - ocfs2: subsystem.su_mutex is required while accessing
        the item->ci_parent (bnc#1012382).
    
      - pci: ibmphp: Fix use-before-set in get_max_bus_speed()
        (bsc#1100132).
    
      - perf tools: Move syscall number fallbacks from
        perf-sys.h to tools/arch/x86/include/asm/ (bnc#1012382).
    
      - pm / hibernate: Fix oops at snapshot_write()
        (bnc#1012382).
    
      - powerpc/64: Initialise thread_info for emergency stacks
        (bsc#1094244, bsc#1100930, bsc#1102683).
    
      - powerpc/fadump: handle crash memory ranges array index
        overflow (bsc#1103269).
    
      - powerpc/fadump: merge adjacent memory ranges to reduce
        PT_LOAD segements (bsc#1103269).
    
      - qed: Limit msix vectors in kdump kernel to the minimum
        required count (bnc#1012382).
    
      - r8152: napi hangup fix after disconnect (bnc#1012382).
    
      - rdma/ocrdma: Fix an error code in ocrdma_alloc_pd()
        (bsc#1082979).
    
      - rdma/ocrdma: Fix error codes in ocrdma_create_srq()
        (bsc#1082979).
    
      - rdma/ucm: Mark UCM interface as BROKEN (bnc#1012382).
    
      - rds: avoid unenecessary cong_update in loop transport
        (bnc#1012382).
    
      - Revert
        'block-cancel-workqueue-entries-on-blk_mq_freeze_queue'
        (bsc#1103717)
    
      - Revert 'sit: reload iphdr in ipip6_rcv' (bnc#1012382).
    
      - Revert 'x86/cpufeature: Move some of the scattered
        feature bits to x86_capability' (kabi).
    
      - Revert 'x86/cpu: Probe CPUID leaf 6 even when
        cpuid_level == 6' (kabi).
    
      - rtlwifi: rtl8821ae: fix firmware is not ready to run
        (bnc#1012382).
    
      - s390/qeth: fix error handling in adapter command
        callbacks (bnc#1103745, LTC#169699).
    
      - sched/smt: Update sched_smt_present at runtime
        (bsc#1089343).
    
      - scsi: qlogicpti: Fix an error handling path in
        'qpti_sbus_probe()' (bsc#1082979).
    
      - scsi: sg: fix minor memory leak in error path
        (bsc#1082979).
    
      - scsi: target: fix crash with iscsi target and dvd
        (bsc#1082979).
    
      - smsc75xx: Add workaround for gigabit link up hardware
        errata (bsc#1100132).
    
      - smsc95xx: Configure pause time to 0xffff when tx flow
        control enabled (bsc#1085536).
    
      - supported.conf: Do not build KMP for openSUSE kernels
        The merge of kselftest-kmp was overseen, and bad for
        openSUSE-42.3
    
      - tcp: fix Fast Open key endianness (bnc#1012382).
    
      - tcp: prevent bogus FRTO undos with non-SACK flows
        (bnc#1012382).
    
      - tools build: fix # escaping in .cmd files for future
        Make (bnc#1012382).
    
      - uprobes/x86: Remove incorrect WARN_ON() in
        uprobe_init_insn() (bnc#1012382).
    
      - usb: core: handle hub C_PORT_OVER_CURRENT condition
        (bsc#1100132).
    
      - usb: quirks: add delay quirks for Corsair Strafe
        (bnc#1012382).
    
      - usb: serial: ch341: fix type promotion bug in
        ch341_control_in() (bnc#1012382).
    
      - usb: serial: cp210x: add another USB ID for Qivicon
        ZigBee stick (bnc#1012382).
    
      - usb: serial: keyspan_pda: fix modem-status error
        handling (bnc#1012382).
    
      - usb: serial: mos7840: fix status-register error handling
        (bnc#1012382).
    
      - usb: yurex: fix out-of-bounds uaccess in read handler
        (bnc#1012382).
    
      - vfio: platform: Fix reset module leak in error path
        (bsc#1102211).
    
      - vfs: add the sb_start_intwrite_trylock() helper
        (bsc#1101841).
    
      - vhost_net: validate sock before trying to put its fd
        (bnc#1012382).
    
      - vmw_balloon: fix inflation with batching (bnc#1012382).
    
      - x86/alternatives: Add an auxilary section (bnc#1012382).
    
      - x86/alternatives: Discard dynamic check after init
        (bnc#1012382).
    
      - x86/apic: Ignore secondary threads if nosmt=force
        (bsc#1089343).
    
      - x86/asm: Add _ASM_ARG* constants for argument registers
        to <asm/asm.h> (bnc#1012382).
    
      - x86/boot: Simplify kernel load address alignment check
        (bnc#1012382).
    
      - x86/CPU/AMD: Do not check CPUID max ext level before
        parsing SMP info (bsc#1089343).
    
      - x86/cpu/AMD: Evaluate smp_num_siblings early
        (bsc#1089343).
    
      - x86/CPU/AMD: Move TOPOEXT reenablement before reading
        smp_num_siblings (bsc#1089343). Update config files.
    
      - x86/cpu/AMD: Remove the pointless detect_ht() call
        (bsc#1089343).
    
      - x86/cpu/common: Provide detect_ht_early() (bsc#1089343).
    
      - x86/cpufeature: Add helper macro for mask check macros
        (bnc#1012382).
    
      - x86/cpufeature: Carve out X86_FEATURE_* (bnc#1012382).
    
      - x86/cpufeature: Get rid of the non-asm goto variant
        (bnc#1012382).
    
      - x86/cpufeature: Make sure DISABLED/REQUIRED macros are
        updated (bnc#1012382).
    
      - x86/cpufeature: Move some of the scattered feature bits
        to x86_capability (bnc#1012382).
    
      - x86/cpufeature: Replace the old static_cpu_has() with
        safe variant (bnc#1012382).
    
      - x86/cpufeature: Speed up cpu_feature_enabled()
        (bnc#1012382).
    
      - x86/cpufeature: Update cpufeaure macros (bnc#1012382).
    
      - x86/cpu/intel: Evaluate smp_num_siblings early
        (bsc#1089343).
    
      - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
        (bnc#1012382).
    
      - x86/cpu: Provide a config option to disable
        static_cpu_has (bnc#1012382).
    
      - x86/cpu: Remove the pointless CPU printout
        (bsc#1089343).
    
      - x86/cpu/topology: Provide
        detect_extended_topology_early() (bsc#1089343).
    
      - x86/fpu: Add an XSTATE_OP() macro (bnc#1012382).
    
      - x86/fpu: Get rid of xstate_fault() (bnc#1012382).
    
      - x86/headers: Do not include asm/processor.h in
        asm/atomic.h (bnc#1012382).
    
      - x86/mm/pkeys: Fix mismerge of protection keys CPUID bits
        (bnc#1012382).
    
      - x86/mm: Simplify p[g4um]d_page() macros (1087081).
    
      - x86/smpboot: Do not use smp_num_siblings in
        __max_logical_packages calculation (bsc#1089343).
    
      - x86/smp: Provide topology_is_primary_thread()
        (bsc#1089343).
    
      - x86/topology: Add topology_max_smt_threads()
        (bsc#1089343).
    
      - x86/topology: Provide topology_smt_supported()
        (bsc#1089343).
    
      - x86/vdso: Use static_cpu_has() (bnc#1012382).
    
      - xen/grant-table: log the lack of grants (bnc#1085042).
    
      - xen-netfront: Fix mismatched rtnl_unlock (bnc#1101658).
    
      - xen-netfront: Update features after registering netdev
        (bnc#1101658).
    
      - xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
        (bnc#1012382)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082653"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082979"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085536"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086457"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087081"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089343"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090123"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090435"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092001"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094244"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095643"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1096978"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097771"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099844"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099845"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099846"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099849"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099858"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099863"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099864"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100132"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100930"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101331"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101658"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102188"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102203"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102205"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102207"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102211"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102214"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102215"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102340"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102394"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102683"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102851"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103097"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103119"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103269"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103445"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103717"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103745"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103884"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104174"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104319"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104365"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104494"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104495"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/17");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-base-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-base-debuginfo-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-debuginfo-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-debugsource-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-devel-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-devel-debuginfo-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-base-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-base-debuginfo-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-debuginfo-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-debugsource-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-devel-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-devel-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-docs-html-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-docs-pdf-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-macros-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-build-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-build-debugsource-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-qa-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-source-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-source-vanilla-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-syms-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-base-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-base-debuginfo-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-debuginfo-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-debugsource-4.4.143-65.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-devel-4.4.143-65.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-devel / kernel-macros / kernel-source / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1303.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A new software page cache side channel attack scenario was discovered in operating systems that implement the very common
    last seen2020-05-06
    modified2019-05-01
    plugin id124430
    published2019-05-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124430
    titleEulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1303)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124430);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2016-10741",
        "CVE-2018-10879",
        "CVE-2018-10883",
        "CVE-2018-16862",
        "CVE-2018-17972",
        "CVE-2018-18559",
        "CVE-2018-19824",
        "CVE-2019-5489"
      );
    
      script_name(english:"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1303)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - A new software page cache side channel attack scenario
        was discovered in operating systems that implement the
        very common 'page cache' caching mechanism. A malicious
        user/process could use 'in memory' page-cache knowledge
        to infer access timings to shared memory and gain
        knowledge which can be used to reduce effectiveness of
        cryptographic strength by monitoring algorithmic
        behavior, infer access patterns of memory to determine
        code paths taken, and exfiltrate data to a blinded
        attacker through page-granularity access times as a
        side-channel.(CVE-2019-5489)
    
      - It was found that the Linux kernel can hit a BUG_ON()
        statement in the __xfs_get_blocks() in the
        fs/xfs/xfs_aops.c because of a race condition between
        direct and memory-mapped I/O associated with a hole in
        a file that is handled with BUG_ON() instead of an I/O
        failure. This allows a local unprivileged attacker to
        cause a system crash and a denial of
        service.(CVE-2016-10741)
    
      - An issue was discovered in the proc_pid_stack function
        in fs/proc/base.c in the Linux kernel. An attacker with
        a local account can trick the stack unwinder code to
        leak stack contents to userspace. The fix allows only
        root to inspect the kernel stack of an arbitrary
        task.(CVE-2018-17972)
    
      - A security flaw was found in the Linux kernel in a way
        that the cleancache subsystem clears an inode after the
        final file truncation (removal). The new file created
        with the same inode may contain leftover pages from
        cleancache and the old file data instead of the new
        one.(CVE-2018-16862)
    
      - A use-after-free flaw can occur in the Linux kernel due
        to a race condition between packet_do_bind() and
        packet_notifier() functions called for an AF_PACKET
        socket. An unprivileged, local user could use this flaw
        to induce kernel memory corruption on the system,
        leading to an unresponsive system or to a crash. Due to
        the nature of the flaw, privilege escalation cannot be
        fully ruled out.(CVE-2018-18559)
    
      - A flaw was found In the Linux kernel, through version
        4.19.6, where a local user could exploit a
        use-after-free in the ALSA driver by supplying a
        malicious USB Sound device (with zero interfaces) that
        is mishandled in usb_audio_probe in sound/usb/card.c.
        An attacker could corrupt memory and possibly escalate
        privileges if the attacker is able to have physical
        access to the system.(CVE-2018-19824)
    
      - A flaw was found in the Linux kernel's ext4 filesystem.
        A local user can cause a use-after-free in
        ext4_xattr_set_entry function and a denial of service
        or unspecified other impact may occur by renaming a
        file in a crafted ext4 filesystem
        image.(CVE-2018-10879)
    
      - A flaw was found in the Linux kernel's ext4 filesystem.
        A local user can cause an out-of-bound write in
        jbd2_journal_dirty_metadata(), a denial of service, and
        a system crash by mounting and operating on a crafted
        ext4 filesystem image.(CVE-2018-10883)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1303
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9c5c623f");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-514.44.5.10.h179",
            "kernel-debuginfo-3.10.0-514.44.5.10.h179",
            "kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h179",
            "kernel-devel-3.10.0-514.44.5.10.h179",
            "kernel-headers-3.10.0-514.44.5.10.h179",
            "kernel-tools-3.10.0-514.44.5.10.h179",
            "kernel-tools-libs-3.10.0-514.44.5.10.h179",
            "perf-3.10.0-514.44.5.10.h179",
            "python-perf-3.10.0-514.44.5.10.h179"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1131.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A division-by-zero in set_termios(), when debugging is enabled, was found in the Linux kernel. When the [io_ti] driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the change_port_settings() in the drivers/usb/serial/io_ti.c so that the divisor value becomes zero and causes a system crash resulting in a denial of service. (CVE-2017-18360) - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused.(CVE-2018-18281) - A flaw was discovered in the Linux kernel
    last seen2020-05-06
    modified2019-04-02
    plugin id123605
    published2019-04-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123605
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1131)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3871-1.NASL
    descriptionWen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883) It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) It was discovered that the debug interface for the Linux kernel
    last seen2020-03-18
    modified2019-01-30
    plugin id121469
    published2019-01-30
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121469
    titleUbuntu 18.04 LTS : linux vulnerabilities (USN-3871-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3084-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest (bnc#1097104). CVE-2018-10876: A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. (bnc#1099811) CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. (bnc#1099846) CVE-2018-10878: A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id118034
    published2018-10-10
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118034
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:3084-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-3083.NASL
    descriptionFrom Red Hat Security Advisory 2018:3083 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344) * kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781) * kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) * kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405) * kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661) * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805) * kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208) * kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120) * kernel: a NULL pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130) * kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344) * kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803) * kernel: buffer overflow in drivers/net/wireless/ath/wil6210/ wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848) * kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878) * kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026) * kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913) * kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232) * kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092) * kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094) * kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118) * kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740) * kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/ libsas/sas_expander.c (CVE-2018-7757) * kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322) * kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879) * kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881) * kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883) * kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940) Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.
    last seen2020-06-01
    modified2020-06-02
    plugin id118770
    published2018-11-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118770
    titleOracle Linux 7 : kernel (ELSA-2018-3083)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3879-1.NASL
    descriptionWen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-02-05
    plugin id121596
    published2019-02-05
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121596
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3879-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3096.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344) * kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781) * kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) * kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405) * kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661) * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805) * kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208) * kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120) * kernel: a NULL pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130) * kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344) * kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803) * kernel: buffer overflow in drivers/net/wireless/ath/wil6210/ wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848) * kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878) * kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026) * kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913) * kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232) * kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092) * kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094) * kernel: vhost: Information disclosure in vhost.c:vhost_new_msg() (CVE-2018-1118) * kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740) * kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/ libsas/sas_expander.c (CVE-2018-7757) * kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322) * kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879) * kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881) * kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883) * kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940) Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.
    last seen2020-06-01
    modified2020-06-02
    plugin id118528
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118528
    titleRHEL 7 : kernel-rt (RHSA-2018:3096)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2380-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5391 aka
    last seen2020-03-19
    modified2019-01-02
    plugin id120082
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120082
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2380-1) (Foreshadow)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL94735334.NASL
    descriptionA flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id132581
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132581
    titleF5 Networks BIG-IP : Linux kernel vulnerability (K94735334)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3871-2.NASL
    descriptionUSN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. Unfortunately, that update introduced regressions with docking station displays and mounting ext4 file systems with the meta_bg option enabled. This update fixes the problems. We apologize for the inconvenience. Original advisory details : Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883) It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) It was discovered that the debug interface for the Linux kernel
    last seen2020-03-18
    modified2019-02-05
    plugin id121592
    published2019-02-05
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121592
    titleUbuntu 18.04 LTS : linux regression (USN-3871-2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2776-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.155 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001). CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that could have occurred for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999). CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000). CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922). CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689). CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511). CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509). CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol (bnc#1096748). CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service (bnc#1096748). CVE-2018-10938: A crafted network packet sent remotely by an attacker forced the kernel to enter an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service (bnc#1106016). CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517). CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322 1105323). CVE-2018-9363: Prevent buffer overflow in hidp_process_report (bsc#1105292) CVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863). CVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844). CVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service or unspecified other impact by mounting and operating a crafted ext4 filesystem image (bsc#1099813). CVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811). CVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846). CVE-2018-10881: A local user could have caused an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864). CVE-2018-10882: A local user could have caused an out-of-bound write, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849). CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could have used this to cause a system crash and a denial of service (bsc#1099845). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117629
    published2018-09-21
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117629
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:2776-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2948.NASL
    descriptionAn update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id118513
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118513
    titleRHEL 7 : kernel-alt (RHSA-2018:2948) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-886.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-10853: A flaw was found in KVM in which certain instructions such as sgdt/sidt call segmented_write_std doesn
    last seen2020-06-05
    modified2018-08-17
    plugin id111812
    published2018-08-17
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111812
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2018-886) (Foreshadow)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3871-3.NASL
    descriptionWen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883) It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) It was discovered that the debug interface for the Linux kernel
    last seen2020-03-18
    modified2019-02-05
    plugin id121593
    published2019-02-05
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121593
    titleUbuntu 18.04 LTS : linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities (USN-3871-3)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-3083.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344) * kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781) * kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) * kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405) * kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661) * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805) * kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208) * kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120) * kernel: a NULL pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130) * kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344) * kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803) * kernel: buffer overflow in drivers/net/wireless/ath/wil6210/ wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848) * kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878) * kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026) * kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913) * kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232) * kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092) * kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094) * kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118) * kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740) * kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/ libsas/sas_expander.c (CVE-2018-7757) * kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322) * kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879) * kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881) * kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883) * kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940) Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.
    last seen2020-06-01
    modified2020-06-02
    plugin id118990
    published2018-11-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118990
    titleCentOS 7 : kernel (CESA-2018:3083)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3083-1.NASL
    descriptionThe SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912) CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095) CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001) CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) CVE-2018-10853: The KVM hypervisor did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could have used this flaw to potentially escalate privileges inside guest (bsc#1097104) CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322). CVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844) CVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863) CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could have used this to cause a system crash and a denial of service (bsc#1099845) CVE-2018-10882: A local user could have caused an out-of-bound write, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849) CVE-2018-10881: A local user could have caused an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864) CVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846) CVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811) CVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service or unspecified other impact by mounting and operating a crafted ext4 filesystem image (bsc#1099813) CVE-2018-17182: An issue was discovered in the Linux kernel The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118033
    published2018-10-10
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118033
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:3083-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1220.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.i1/4^CVE-2018-17972i1/4%0 - A flaw was found in the Linux kernel
    last seen2020-03-19
    modified2019-04-09
    plugin id123906
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123906
    titleEulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1220)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1507.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The Linux kernel has an undefined behavior when an argument of INT_MIN is passed to the kernel/signal.c:kill_something_info() function. A local attacker may be able to exploit this to cause a denial of service.(CVE-2018-10124) - The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel can cause a NULL pointer dereference in xfs_ilock_attr_map_shared function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted xfs filesystem image to cause a kernel panic and thus a denial of service.(CVE-2018-10322) - A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id124830
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124830
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1507)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3871-5.NASL
    descriptionWen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883) It was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625) Cfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281) Wei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-19407) It was discovered that the debug interface for the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id122052
    published2019-02-08
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122052
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : linux-azure vulnerabilities (USN-3871-5)

Redhat

advisories
  • rhsa
    idRHSA-2018:2948
  • rhsa
    idRHSA-2018:3083
  • rhsa
    idRHSA-2018:3096
rpms
  • kernel-0:4.14.0-115.el7a
  • kernel-abi-whitelists-0:4.14.0-115.el7a
  • kernel-bootwrapper-0:4.14.0-115.el7a
  • kernel-debug-0:4.14.0-115.el7a
  • kernel-debug-debuginfo-0:4.14.0-115.el7a
  • kernel-debug-devel-0:4.14.0-115.el7a
  • kernel-debuginfo-0:4.14.0-115.el7a
  • kernel-debuginfo-common-aarch64-0:4.14.0-115.el7a
  • kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a
  • kernel-debuginfo-common-s390x-0:4.14.0-115.el7a
  • kernel-devel-0:4.14.0-115.el7a
  • kernel-doc-0:4.14.0-115.el7a
  • kernel-headers-0:4.14.0-115.el7a
  • kernel-kdump-0:4.14.0-115.el7a
  • kernel-kdump-debuginfo-0:4.14.0-115.el7a
  • kernel-kdump-devel-0:4.14.0-115.el7a
  • kernel-tools-0:4.14.0-115.el7a
  • kernel-tools-debuginfo-0:4.14.0-115.el7a
  • kernel-tools-libs-0:4.14.0-115.el7a
  • kernel-tools-libs-devel-0:4.14.0-115.el7a
  • perf-0:4.14.0-115.el7a
  • perf-debuginfo-0:4.14.0-115.el7a
  • python-perf-0:4.14.0-115.el7a
  • python-perf-debuginfo-0:4.14.0-115.el7a
  • bpftool-0:3.10.0-957.el7
  • kernel-0:3.10.0-957.el7
  • kernel-abi-whitelists-0:3.10.0-957.el7
  • kernel-bootwrapper-0:3.10.0-957.el7
  • kernel-debug-0:3.10.0-957.el7
  • kernel-debug-debuginfo-0:3.10.0-957.el7
  • kernel-debug-devel-0:3.10.0-957.el7
  • kernel-debuginfo-0:3.10.0-957.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-957.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-957.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-957.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-957.el7
  • kernel-devel-0:3.10.0-957.el7
  • kernel-doc-0:3.10.0-957.el7
  • kernel-headers-0:3.10.0-957.el7
  • kernel-kdump-0:3.10.0-957.el7
  • kernel-kdump-debuginfo-0:3.10.0-957.el7
  • kernel-kdump-devel-0:3.10.0-957.el7
  • kernel-tools-0:3.10.0-957.el7
  • kernel-tools-debuginfo-0:3.10.0-957.el7
  • kernel-tools-libs-0:3.10.0-957.el7
  • kernel-tools-libs-devel-0:3.10.0-957.el7
  • perf-0:3.10.0-957.el7
  • perf-debuginfo-0:3.10.0-957.el7
  • python-perf-0:3.10.0-957.el7
  • python-perf-debuginfo-0:3.10.0-957.el7
  • kernel-rt-0:3.10.0-957.rt56.910.el7
  • kernel-rt-debug-0:3.10.0-957.rt56.910.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-957.rt56.910.el7
  • kernel-rt-debug-devel-0:3.10.0-957.rt56.910.el7
  • kernel-rt-debug-kvm-0:3.10.0-957.rt56.910.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-957.rt56.910.el7
  • kernel-rt-debuginfo-0:3.10.0-957.rt56.910.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-957.rt56.910.el7
  • kernel-rt-devel-0:3.10.0-957.rt56.910.el7
  • kernel-rt-doc-0:3.10.0-957.rt56.910.el7
  • kernel-rt-kvm-0:3.10.0-957.rt56.910.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-957.rt56.910.el7
  • kernel-rt-trace-0:3.10.0-957.rt56.910.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-957.rt56.910.el7
  • kernel-rt-trace-devel-0:3.10.0-957.rt56.910.el7
  • kernel-rt-trace-kvm-0:3.10.0-957.rt56.910.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-957.rt56.910.el7