Vulnerabilities > CVE-2018-12207 - Improper Input Validation vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

Vulnerable Configurations

Part Description Count
OS
Intel
755
OS
Debian
1
OS
Opensuse
1
OS
Fedoraproject
2
OS
Canonical
1
OS
Redhat
8
OS
Oracle
1
Hardware
Intel
755
Application
F5
934
Application
Redhat
2

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4186-1.NASL
    descriptionStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666) Maddie Stone discovered that the Binder IPC Driver implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-2215). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-11-13
    plugin id130966
    published2019-11-13
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130966
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm vulnerabilities (USN-4186-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4186-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130966);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
    
      script_cve_id("CVE-2018-12207", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135", "CVE-2019-15098", "CVE-2019-16746", "CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17666", "CVE-2019-2215");
      script_xref(name:"USN", value:"4186-1");
    
      script_name(english:"Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm vulnerabilities (USN-4186-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro
    Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi
    Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van
    Bulck discovered that Intel processors using Transactional
    Synchronization Extensions (TSX) could expose memory contents
    previously stored in microarchitectural buffers to a malicious process
    that is executing on the same CPU core. A local attacker could use
    this to expose sensitive information. (CVE-2019-11135)
    
    It was discovered that the Intel i915 graphics chipsets allowed
    userspace to modify page table entries via writes to MMIO from the
    Blitter Command Streamer and expose kernel memory information. A local
    attacker could use this to expose sensitive information or possibly
    elevate privileges. (CVE-2019-0155)
    
    Deepak Gupta discovered that on certain Intel processors, the Linux
    kernel did not properly perform invalidation on page table updates by
    virtual guest operating systems. A local attacker in a guest VM could
    use this to cause a denial of service (host system crash).
    (CVE-2018-12207)
    
    It was discovered that the Intel i915 graphics chipsets could cause a
    system hang when userspace performed a read from GT memory mapped
    input output (MMIO) when the product is in certain low power states. A
    local attacker could use this to cause a denial of service.
    (CVE-2019-0154)
    
    Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver
    for the Linux kernel did not properly validate endpoint descriptors
    returned by the device. A physically proximate attacker could use this
    to cause a denial of service (system crash). (CVE-2019-15098)
    
    It was discovered that a buffer overflow existed in the 802.11 Wi-Fi
    configuration interface for the Linux kernel when handling beacon
    settings. A local attacker could use this to cause a denial of service
    (system crash) or possibly execute arbitrary code. (CVE-2019-16746)
    
    Ori Nimron discovered that the AX25 network protocol implementation in
    the Linux kernel did not properly perform permissions checks. A local
    attacker could use this to create a raw socket. (CVE-2019-17052)
    
    Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network
    protocol implementation in the Linux kernel did not properly perform
    permissions checks. A local attacker could use this to create a raw
    socket. (CVE-2019-17053)
    
    Ori Nimron discovered that the Appletalk network protocol
    implementation in the Linux kernel did not properly perform
    permissions checks. A local attacker could use this to create a raw
    socket. (CVE-2019-17054)
    
    Ori Nimron discovered that the modular ISDN network protocol
    implementation in the Linux kernel did not properly perform
    permissions checks. A local attacker could use this to create a raw
    socket. (CVE-2019-17055)
    
    Ori Nimron discovered that the Near field Communication (NFC) network
    protocol implementation in the Linux kernel did not properly perform
    permissions checks. A local attacker could use this to create a raw
    socket. (CVE-2019-17056)
    
    Nico Waisman discovered that a buffer overflow existed in the Realtek
    Wi-Fi driver for the Linux kernel when handling Notice of Absence
    frames. A physically proximate attacker could use this to cause a
    denial of service (system crash) or possibly execute arbitrary code.
    (CVE-2019-17666)
    
    Maddie Stone discovered that the Binder IPC Driver implementation in
    the Linux kernel contained a use-after-free vulnerability. A local
    attacker could use this to cause a denial of service (system crash) or
    possibly execute arbitrary code. (CVE-2019-2215).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4186-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17666");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Android Binder Use-After-Free Exploit');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-12207", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135", "CVE-2019-15098", "CVE-2019-16746", "CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17666", "CVE-2019-2215");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4186-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1062-kvm", pkgver:"4.4.0-1062.69")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1098-aws", pkgver:"4.4.0-1098.109")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-168-generic", pkgver:"4.4.0-168.197")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-168-generic-lpae", pkgver:"4.4.0-168.197")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-168-lowlatency", pkgver:"4.4.0-168.197")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-aws", pkgver:"4.4.0.1098.102")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic", pkgver:"4.4.0.168.176")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-lpae", pkgver:"4.4.0.168.176")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-kvm", pkgver:"4.4.0.1062.62")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-lowlatency", pkgver:"4.4.0.168.176")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-virtual", pkgver:"4.4.0.168.176")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.4-aws / linux-image-4.4-generic / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-3832.NASL
    descriptionFrom Red Hat Security Advisory 2019:3832 : An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id131272
    published2019-11-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131272
    titleOracle Linux 8 : kernel (ELSA-2019-3832)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2019:3832 and 
    # Oracle Linux Security Advisory ELSA-2019-3832 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131272);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/17");
    
      script_cve_id("CVE-2018-12207", "CVE-2019-0154", "CVE-2019-11135");
      script_xref(name:"RHSA", value:"2019:3832");
      script_xref(name:"IAVA", value:"2020-A-0325");
    
      script_name(english:"Oracle Linux 8 : kernel (ELSA-2019-3832)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2019:3832 :
    
    An update for kernel is now available for Red Hat Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)
    
    * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)
    
    * hw: Intel GPU Denial Of Service while accessing MMIO in lower power
    state (CVE-2019-0154)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2019-November/009373.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11135");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bpftool");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-cross-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-modules-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-modules-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python3-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/25");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 8", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-12207", "CVE-2019-0154", "CVE-2019-11135");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2019-3832");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "4.18";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"bpftool-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_exists(release:"EL8", rpm:"kernel-4.18.0") && rpm_check(release:"EL8", cpu:"x86_64", reference:"kernel-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_exists(release:"EL8", rpm:"kernel-abi-whitelists-4.18.0") && rpm_check(release:"EL8", cpu:"x86_64", reference:"kernel-abi-whitelists-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_exists(release:"EL8", rpm:"kernel-core-4.18.0") && rpm_check(release:"EL8", cpu:"x86_64", reference:"kernel-core-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_exists(release:"EL8", rpm:"kernel-cross-headers-4.18.0") && rpm_check(release:"EL8", cpu:"x86_64", reference:"kernel-cross-headers-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_exists(release:"EL8", rpm:"kernel-debug-4.18.0") && rpm_check(release:"EL8", cpu:"x86_64", reference:"kernel-debug-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_exists(release:"EL8", rpm:"kernel-debug-core-4.18.0") && rpm_check(release:"EL8", cpu:"x86_64", reference:"kernel-debug-core-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_exists(release:"EL8", rpm:"kernel-debug-devel-4.18.0") && rpm_check(release:"EL8", cpu:"x86_64", reference:"kernel-debug-devel-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_exists(release:"EL8", rpm:"kernel-debug-modules-4.18.0") && rpm_check(release:"EL8", cpu:"x86_64", reference:"kernel-debug-modules-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_exists(release:"EL8", rpm:"kernel-debug-modules-extra-4.18.0") && rpm_check(release:"EL8", cpu:"x86_64", reference:"kernel-debug-modules-extra-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_exists(release:"EL8", rpm:"kernel-devel-4.18.0") && rpm_check(release:"EL8", cpu:"x86_64", reference:"kernel-devel-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_exists(release:"EL8", rpm:"kernel-doc-4.18.0") && rpm_check(release:"EL8", cpu:"x86_64", reference:"kernel-doc-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_exists(release:"EL8", rpm:"kernel-headers-4.18.0") && rpm_check(release:"EL8", cpu:"x86_64", reference:"kernel-headers-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_exists(release:"EL8", rpm:"kernel-modules-4.18.0") && rpm_check(release:"EL8", cpu:"x86_64", reference:"kernel-modules-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_exists(release:"EL8", rpm:"kernel-modules-extra-4.18.0") && rpm_check(release:"EL8", cpu:"x86_64", reference:"kernel-modules-extra-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_exists(release:"EL8", rpm:"kernel-tools-4.18.0") && rpm_check(release:"EL8", cpu:"x86_64", reference:"kernel-tools-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_exists(release:"EL8", rpm:"kernel-tools-libs-4.18.0") && rpm_check(release:"EL8", cpu:"x86_64", reference:"kernel-tools-libs-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_exists(release:"EL8", rpm:"kernel-tools-libs-devel-4.18.0") && rpm_check(release:"EL8", cpu:"x86_64", reference:"kernel-tools-libs-devel-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"perf-4.18.0-147.0.2.el8_1")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"python3-perf-4.18.0-147.0.2.el8_1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0026.NASL
    descriptionAn update for kpatch-patch is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page (s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id132685
    published2020-01-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132685
    titleRHEL 7 : kpatch-patch (RHSA-2020:0026)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:0026. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132685);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/09");
    
      script_cve_id("CVE-2018-12207", "CVE-2019-11135");
      script_xref(name:"RHSA", value:"2020:0026");
    
      script_name(english:"RHEL 7 : kpatch-patch (RHSA-2020:0026)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kpatch-patch is now available for Red Hat Enterprise
    Linux 7.6 Extended Update Support.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    This is a kernel live patch module which is automatically loaded by
    the RPM post-install script to modify the code of a running kernel.
    
    Security Fix(es) :
    
    * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)
    
    * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgements, and other related information, refer to
    the CVE page (s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/vulnerabilities/ifu-page-mce"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/solutions/tsx-asynchronousabort"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0026"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-12207"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-11135"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11135");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_35_2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_38_1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7\.6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.6", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2020:0026";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_NOTE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", sp:"6", cpu:"x86_64", reference:"kpatch-patch-3_10_0-957_35_1-1-5.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"6", cpu:"x86_64", reference:"kpatch-patch-3_10_0-957_35_1-debuginfo-1-5.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"6", cpu:"x86_64", reference:"kpatch-patch-3_10_0-957_35_2-1-4.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"6", cpu:"x86_64", reference:"kpatch-patch-3_10_0-957_35_2-debuginfo-1-4.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"6", cpu:"x86_64", reference:"kpatch-patch-3_10_0-957_38_1-1-3.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"6", cpu:"x86_64", reference:"kpatch-patch-3_10_0-957_38_1-debuginfo-1-3.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_NOTE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kpatch-patch-3_10_0-957_35_1 / etc");
      }
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-3836.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Intel 6.10 Bug] With mWait/C-states disabled, HT on, ibrs enabled, performance impact observed on user space benchmark (BZ#1560787) * kernel-2.6.32-573.60.2.el6 hangs/resets during boot in efi_enter_virtual_mode() on Xeon v2 E7-2870 (BZ#1645724) * Slab leak: skbuff_head_cache slab object still allocated after mcast processes are stopped and
    last seen2020-06-01
    modified2020-06-02
    plugin id130978
    published2019-11-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130978
    titleCentOS 6 : kernel (CESA-2019:3836)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:3836 and 
    # CentOS Errata and Security Advisory 2019:3836 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130978);
      script_version("1.4");
      script_cvs_date("Date: 2019/12/13");
    
      script_cve_id("CVE-2018-12207", "CVE-2019-0154", "CVE-2019-11135", "CVE-2019-3900");
      script_xref(name:"RHSA", value:"2019:3836");
    
      script_name(english:"CentOS 6 : kernel (CESA-2019:3836)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel is now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)
    
    * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)
    
    * Kernel: vhost_net: infinite loop while receiving packets leads to
    DoS (CVE-2019-3900)
    
    * hw: Intel GPU Denial Of Service while accessing MMIO in lower power
    state (CVE-2019-0154)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section.
    
    Bug Fix(es) :
    
    * [Intel 6.10 Bug] With mWait/C-states disabled, HT on, ibrs enabled,
    performance impact observed on user space benchmark (BZ#1560787)
    
    * kernel-2.6.32-573.60.2.el6 hangs/resets during boot in
    efi_enter_virtual_mode() on Xeon v2 E7-2870 (BZ#1645724)
    
    * Slab leak: skbuff_head_cache slab object still allocated after mcast
    processes are stopped and 'fragments dropped after timeout' errors are
    shown (BZ#1752536)"
      );
      # https://lists.centos.org/pipermail/centos-announce/2019-November/023512.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?327555f5"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11135");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"kernel-2.6.32-754.24.2.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-abi-whitelists-2.6.32-754.24.2.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-debug-2.6.32-754.24.2.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-debug-devel-2.6.32-754.24.2.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-devel-2.6.32-754.24.2.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-doc-2.6.32-754.24.2.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-firmware-2.6.32-754.24.2.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-headers-2.6.32-754.24.2.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"perf-2.6.32-754.24.2.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"python-perf-2.6.32-754.24.2.el6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3936.NASL
    descriptionAn update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)
    last seen2020-06-01
    modified2020-06-02
    plugin id131177
    published2019-11-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131177
    titleRHEL 8 : kpatch-patch (RHSA-2019:3936)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:3936. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131177);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/13");
    
      script_cve_id("CVE-2018-12207", "CVE-2019-11135");
      script_xref(name:"RHSA", value:"2019:3936");
    
      script_name(english:"RHEL 8 : kpatch-patch (RHSA-2019:3936)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kpatch-patch is now available for Red Hat Enterprise
    Linux 8.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    This is a kernel live patch module which is automatically loaded by
    the RPM post-install script to modify the code of a running kernel.
    
    Security Fix(es) :
    
    * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)
    
    * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/vulnerabilities/ifu-page-mce"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/solutions/tsx-asynchronousabort"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2019:3936"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-12207"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-11135"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected kpatch-patch-4_18_0-147,
    kpatch-patch-4_18_0-147-debuginfo and / or
    kpatch-patch-4_18_0-147-debugsource packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11135");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2019:3936";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_NOTE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kpatch-patch-4_18_0-147-1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kpatch-patch-4_18_0-147-debuginfo-1-3.el8_1")) flag++;
    
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kpatch-patch-4_18_0-147-debugsource-1-3.el8_1")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_NOTE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kpatch-patch-4_18_0-147 / kpatch-patch-4_18_0-147-debuginfo / etc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-CBB732F760.NASL
    descriptionadd missing XSA-299 patches x86: Machine Check Error on Page Size Change DoS [XSA-304, CVE-2018-12207] TSX Asynchronous Abort speculative side channel [XSA-305, CVE-2019-11135] ---- VCPUOP_initialise DoS [XSA-296, CVE-2019-18420] missing descriptor table limit checking in x86 PV emulation [XSA-298, CVE-2019-18425] Issues with restartable PV type change operations [XSA-299, CVE-2019-18421] (#1767726) add-to-physmap can be abused to DoS Arm hosts [XSA-301, CVE-2019-18423] passed through PCI devices may corrupt host memory after deassignment [XSA-302, CVE-2019-18424] (#1767731) ARM: Interrupts are unconditionally unmasked in exception handlers [XSA-303, CVE-2019-18422] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131460
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131460
    titleFedora 30 : xen (2019-cbb732f760)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-cbb732f760.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131460);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/10");
    
      script_cve_id("CVE-2018-12207", "CVE-2019-11135", "CVE-2019-18420", "CVE-2019-18421", "CVE-2019-18422", "CVE-2019-18423", "CVE-2019-18424", "CVE-2019-18425");
      script_xref(name:"FEDORA", value:"2019-cbb732f760");
      script_xref(name:"IAVB", value:"2019-B-0084-S");
    
      script_name(english:"Fedora 30 : xen (2019-cbb732f760)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "add missing XSA-299 patches x86: Machine Check Error on Page Size
    Change DoS [XSA-304, CVE-2018-12207] TSX Asynchronous Abort
    speculative side channel [XSA-305, CVE-2019-11135]
    
    ----
    
    VCPUOP_initialise DoS [XSA-296, CVE-2019-18420] missing descriptor
    table limit checking in x86 PV emulation [XSA-298, CVE-2019-18425]
    Issues with restartable PV type change operations [XSA-299,
    CVE-2019-18421] (#1767726) add-to-physmap can be abused to DoS Arm
    hosts [XSA-301, CVE-2019-18423] passed through PCI devices may corrupt
    host memory after deassignment [XSA-302, CVE-2019-18424] (#1767731)
    ARM: Interrupts are unconditionally unmasked in exception handlers
    [XSA-303, CVE-2019-18422]
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-cbb732f760"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xen package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/03");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC30", reference:"xen-4.11.2-3.fc30")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4183-1.NASL
    descriptionStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Jann Horn discovered a reference count underflow in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15791) Jann Horn discovered a type confusion vulnerability in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15792) Jann Horn discovered that the shiftfs implementation in the Linux kernel did not use the correct file system uid/gid when the user namespace of a lower file system is not in the init user namespace. A local attacker could use this to possibly bypass DAC permissions or have some other unspecified impact. (CVE-2019-15793) It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130963
    published2019-11-13
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130963
    titleUbuntu 19.10 : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, (USN-4183-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4183-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130963);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/12");
    
      script_cve_id("CVE-2018-12207", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135", "CVE-2019-15791", "CVE-2019-15792", "CVE-2019-15793", "CVE-2019-16746", "CVE-2019-17666");
      script_xref(name:"USN", value:"4183-1");
    
      script_name(english:"Ubuntu 19.10 : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, (USN-4183-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro
    Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi
    Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van
    Bulck discovered that Intel processors using Transactional
    Synchronization Extensions (TSX) could expose memory contents
    previously stored in microarchitectural buffers to a malicious process
    that is executing on the same CPU core. A local attacker could use
    this to expose sensitive information. (CVE-2019-11135)
    
    It was discovered that the Intel i915 graphics chipsets allowed
    userspace to modify page table entries via writes to MMIO from the
    Blitter Command Streamer and expose kernel memory information. A local
    attacker could use this to expose sensitive information or possibly
    elevate privileges. (CVE-2019-0155)
    
    Deepak Gupta discovered that on certain Intel processors, the Linux
    kernel did not properly perform invalidation on page table updates by
    virtual guest operating systems. A local attacker in a guest VM could
    use this to cause a denial of service (host system crash).
    (CVE-2018-12207)
    
    It was discovered that the Intel i915 graphics chipsets could cause a
    system hang when userspace performed a read from GT memory mapped
    input output (MMIO) when the product is in certain low power states. A
    local attacker could use this to cause a denial of service.
    (CVE-2019-0154)
    
    Jann Horn discovered a reference count underflow in the shiftfs
    implementation in the Linux kernel. A local attacker could use this to
    cause a denial of service (system crash) or possibly execute arbitrary
    code. (CVE-2019-15791)
    
    Jann Horn discovered a type confusion vulnerability in the shiftfs
    implementation in the Linux kernel. A local attacker could use this to
    cause a denial of service (system crash) or possibly execute arbitrary
    code. (CVE-2019-15792)
    
    Jann Horn discovered that the shiftfs implementation in the Linux
    kernel did not use the correct file system uid/gid when the user
    namespace of a lower file system is not in the init user namespace. A
    local attacker could use this to possibly bypass DAC permissions or
    have some other unspecified impact. (CVE-2019-15793)
    
    It was discovered that a buffer overflow existed in the 802.11 Wi-Fi
    configuration interface for the Linux kernel when handling beacon
    settings. A local attacker could use this to cause a denial of service
    (system crash) or possibly execute arbitrary code. (CVE-2019-16746)
    
    Nico Waisman discovered that a buffer overflow existed in the Realtek
    Wi-Fi driver for the Linux kernel when handling Notice of Absence
    frames. A physically proximate attacker could use this to cause a
    denial of service (system crash) or possibly execute arbitrary code.
    (CVE-2019-17666).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4183-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17666");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-oracle");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-snapdragon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 19.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-12207", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135", "CVE-2019-15791", "CVE-2019-15792", "CVE-2019-15793", "CVE-2019-16746", "CVE-2019-17666");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4183-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-1006-oracle", pkgver:"5.3.0-1006.7")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-1007-aws", pkgver:"5.3.0-1007.8")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-1007-azure", pkgver:"5.3.0-1007.8")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-1007-kvm", pkgver:"5.3.0-1007.8")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-1008-gcp", pkgver:"5.3.0-1008.9")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-1012-raspi2", pkgver:"5.3.0-1012.14")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-22-generic", pkgver:"5.3.0-22.24")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-22-generic-lpae", pkgver:"5.3.0-22.24")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-22-lowlatency", pkgver:"5.3.0-22.24")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-22-snapdragon", pkgver:"5.3.0-22.24")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-aws", pkgver:"5.3.0.1007.9")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-azure", pkgver:"5.3.0.1007.25")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-gcp", pkgver:"5.3.0.1008.9")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-generic", pkgver:"5.3.0.22.26")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-generic-lpae", pkgver:"5.3.0.22.26")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-gke", pkgver:"5.3.0.1008.9")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-kvm", pkgver:"5.3.0.1007.9")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-lowlatency", pkgver:"5.3.0.22.26")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-oracle", pkgver:"5.3.0.1006.7")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-raspi2", pkgver:"5.3.0.1012.9")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-snapdragon", pkgver:"5.3.0.22.26")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"linux-image-virtual", pkgver:"5.3.0.22.26")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-5.3-aws / linux-image-5.3-azure / linux-image-5.3-gcp / etc");
    }
    
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2019-089.NASL
    descriptionAccording to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - hw: Machine Check Error on Page Size Change (IFU) - hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write - Kernel: vhost_net: infinite loop while receiving packets leads to DoS - Kernel: vhost-net: guest to host kernel escape during migration - hw: Intel GPU Denial Of Service while accessing MMIO in lower power state - hw: TSX Transaction Asynchronous Abort (TAA) Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131227
    published2019-11-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131227
    titleVirtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2019-089)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131227);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/09");
    
      script_cve_id(
        "CVE-2018-12207",
        "CVE-2019-0154",
        "CVE-2019-0155",
        "CVE-2019-11135",
        "CVE-2019-14835",
        "CVE-2019-3900"
      );
    
      script_name(english:"Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2019-089)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Virtuozzo host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the parallels-server-bm-release /
    vzkernel / etc packages installed, the Virtuozzo installation on the
    remote host is affected by the following vulnerabilities :
    
      - hw: Machine Check Error on Page Size Change (IFU)
    
      - hw: Intel GPU blitter manipulation can allow for
        arbitrary kernel memory write
    
      - Kernel: vhost_net: infinite loop while receiving
        packets leads to DoS
    
      - Kernel: vhost-net: guest to host kernel escape during
        migration
    
      - hw: Intel GPU Denial Of Service while accessing MMIO in
        lower power state
    
      - hw: TSX Transaction Asynchronous Abort (TAA)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Virtuozzo security advisory.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues.");
      script_set_attribute(attribute:"see_also", value:"https://virtuozzosupport.force.com/s/article/VZA-2019-089");
      script_set_attribute(attribute:"solution", value:
    "Update the affected parallels-server-bm-release / vzkernel / etc packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/22");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:vzkernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:vzmodules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:virtuozzo:virtuozzo:6");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Virtuozzo Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Virtuozzo/release", "Host/Virtuozzo/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/Virtuozzo/release");
    if (isnull(release) || "Virtuozzo" >!< release) audit(AUDIT_OS_NOT, "Virtuozzo");
    os_ver = pregmatch(pattern: "Virtuozzo Linux release ([0-9]+\.[0-9])(\D|$)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Virtuozzo 6.x", "Virtuozzo " + os_ver);
    
    if (!get_kb_item("Host/Virtuozzo/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Virtuozzo", cpu);
    
    flag = 0;
    
    pkgs = ["parallels-server-bm-release-6.0.12-3753",
            "vzkernel-2.6.32-042stab141.3",
            "vzkernel-devel-2.6.32-042stab141.3",
            "vzkernel-firmware-2.6.32-042stab141.3",
            "vzmodules-2.6.32-042stab141.3",
            "vzmodules-devel-2.6.32-042stab141.3"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"Virtuozzo-6", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "parallels-server-bm-release / vzkernel / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2950-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel KVM hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130950
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130950
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2950-1) (SACK Panic)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2950-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130950);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/12");
    
      script_cve_id("CVE-2016-10906", "CVE-2017-18509", "CVE-2017-18551", "CVE-2017-18595", "CVE-2018-12207", "CVE-2018-20976", "CVE-2019-10207", "CVE-2019-10220", "CVE-2019-11135", "CVE-2019-11477", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15098", "CVE-2019-15118", "CVE-2019-15212", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15290", "CVE-2019-15291", "CVE-2019-15505", "CVE-2019-15807", "CVE-2019-15902", "CVE-2019-15926", "CVE-2019-15927", "CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16413", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-9456", "CVE-2019-9506");
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2950-1) (SACK Panic)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit
    a race condition in the Instruction Fetch Unit of the Intel CPU to
    cause a Machine Exception during Page Size Change, causing the CPU
    core to be non-functional.
    
    The Linux Kernel KVM hypervisor was adjusted to avoid page size
    changes in executable pages by splitting / merging huge pages into
    small pages as needed. More information can be found on
    https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135:
    Aborting an asynchronous TSX operation on Intel CPUs with
    Transactional Memory support could be used to facilitate sidechannel
    information leaks out of microarchitectural buffers, similar to the
    previously described 'Microarchitectural Data Sampling' attack.
    
    The Linux kernel was supplemented with the option to disable TSX
    operation altogether (requiring CPU Microcode updates on older
    systems) and better flushing of microarchitectural buffers (VERW).
    
    The set of options available is described in our TID at
    https://www.suse.com/support/kb/doc/?id=7024251 CVE-2019-16233:
    drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return
    value, leading to a NULL pointer dereference. (bsc#1150457).
    
    CVE-2019-10220: Added sanity checks on the pathnames passed to the
    user space. (bsc#1144903).
    
    CVE-2019-16232: Fix a potential NULL pointer dereference in the
    Marwell libertas driver (bsc#1150465).
    
    CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue
    return value, leading to a NULL pointer dereference. (bsc#1150452).
    
    CVE-2019-17055: The AF_ISDN network module in the Linux kernel did not
    enforce CAP_NET_RAW, which meant that unprivileged users could create
    a raw socket (bnc#1152782).
    
    CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW,
    which meant that unprivileged users could create a raw socket
    (bsc#1152788).
    
    CVE-2019-16413: The 9p filesystem did not protect i_size_write()
    properly, which caused an i_size_read() infinite loop and denial of
    service on SMP systems (bnc#1151347).
    
    CVE-2019-15902: A backporting issue was discovered that re-introduced
    the Spectre vulnerability it had aimed to eliminate. This occurred
    because the backport process depends on cherry picking specific
    commits, and because two (correctly ordered) code lines were swapped
    (bnc#1149376).
    
    CVE-2019-15291: Fixed a NULL pointer dereference issue that could be
    caused by a malicious USB device (bnc#11465).
    
    CVE-2019-15807: Fixed a memory leak in the SCSI module that could be
    abused to cause denial of service (bnc#1148938).
    
    CVE-2019-14821: An out-of-bounds access issue was fixed in the
    kernel's KVM hypervisor. An unprivileged host user or process with
    access to '/dev/kvm' device could use this flaw to crash the host
    kernel, resulting in a denial of service or potentially escalating
    privileges on the system (bnc#1151350).
    
    CVE-2019-15505: An out-of-bounds issue had been fixed that could be
    caused by crafted USB device traffic (bnc#1147122).
    
    CVE-2017-18595: A double free in allocate_trace_buffer was fixed
    (bnc#1149555).
    
    CVE-2019-14835: A buffer overflow flaw was found in the kernel's vhost
    functionality that translates virtqueue buffers to IOVs. A privileged
    guest user able to pass descriptors with invalid length to the host
    could use this flaw to increase their privileges on the host
    (bnc#1150112).
    
    CVE-2019-15216: A NULL pointer dereference was fixed that could be
    malicious USB device (bnc#1146361).
    
    CVE-2019-9456: An out-of-bounds write in the USB monitor driver has
    been fixed. This issue could lead to local escalation of privilege
    with System execution privileges needed. (bnc#1150025).
    
    CVE-2019-15926: An out-of-bounds access was fixed in the
    drivers/net/wireless/ath/ath6kl module. (bnc#1149527).
    
    CVE-2019-15927: An out-of-bounds access was fixed in the
    sound/usb/mixer module (bnc#1149522).
    
    CVE-2019-15219: A NULL pointer dereference was fixed that could be
    abused by a malicious USB device (bnc#1146524).
    
    CVE-2019-15220: A use-after-free issue was fixed that could be caused
    by a malicious USB device (bnc#1146526).
    
    CVE-2019-15221: A NULL pointer dereference was fixed that could be
    caused by a malicious USB device (bnc#1146529).
    
    CVE-2019-14814: A heap-based buffer overflow was fixed in the marvell
    wifi chip driver. That issue allowed local users to cause a denial of
    service (system crash) or possibly execute arbitrary code
    (bnc#1146512).
    
    CVE-2019-14815: A missing length check while parsing WMM IEs was fixed
    (bsc#1146512, bsc#1146514, bsc#1146516).
    
    CVE-2019-14816: A heap-based buffer overflow in the marvell wifi chip
    driver was fixed. Local users would have abused this issue to cause a
    denial of service (system crash) or possibly execute arbitrary code
    (bnc#1146516).
    
    CVE-2017-18509: An issue in net/ipv6 as fixed. By setting a specific
    socket option, an attacker could control a pointer in kernel land and
    cause an inet_csk_listen_stop general protection fault, or potentially
    execute arbitrary code under certain circumstances. The issue can be
    triggered as root (e.g., inside a default LXC container or with the
    CAP_NET_ADMIN capability) or after namespace unsharing. (bnc#1145477)
    
    CVE-2019-9506: The Bluetooth BR/EDR specification used to permit
    sufficiently low encryption key length and did not prevent an attacker
    from influencing the key length negotiation. This allowed practical
    brute-force attacks (aka 'KNOB') that could decrypt traffic and inject
    arbitrary ciphertext without the victim noticing (bnc#1137865).
    
    CVE-2019-15098: A NULL pointer dereference in drivers/net/wireless/ath
    was fixed (bnc#1146378).
    
    CVE-2019-15290: A NULL pointer dereference in
    ath6kl_usb_alloc_urb_from_pipe was fixed (bsc#1146378).
    
    CVE-2019-15212: A double-free issue was fixed in drivers/usb driver
    (bnc#1146391).
    
    CVE-2016-10906: A use-after-free issue was fixed in
    drivers/net/ethernet/arc (bnc#1146584).
    
    CVE-2019-15217: A a NULL pointer dereference issue caused by a
    malicious USB device was fixed in the drivers/media/usb/zr364xx driver
    (bnc#1146519).
    
    CVE-2019-15218: A NULL pointer dereference caused by a malicious USB
    device was fixed in the drivers/media/usb/siano driver (bnc#1146413).
    
    CVE-2019-15215: A use-after-free issue caused by a malicious USB
    device was fixed in the drivers/media/usb/cpia2 driver (bnc#1146425).
    
    CVE-2018-20976: A use-after-free issue was fixed in the fs/xfs driver
    (bnc#1146285).
    
    CVE-2017-18551: An out-of-bounds write was fixed in the drivers/i2c
    driver (bnc#1146163).
    
    CVE-2019-10207: Add checks for missing tty operations to prevent
    unprivileged user to execute 0x0 address (bsc#1142857 bsc#1123959)
    
    CVE-2019-15118: ALSA: usb-audio: Fix a stack-based buffer overflow bug
    in check_input_term leading to kernel stack exhaustion (bsc#1145922).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117665"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123959"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137586"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137865"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137944"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1139073"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1139751"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1142857"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1144903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1145477"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1145922"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146163"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146285"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146361"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146378"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146413"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146425"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146512"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146514"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146516"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146519"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146524"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146526"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146529"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146540"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146543"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146547"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146584"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146612"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1147122"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1148938"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149376"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149522"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149527"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149555"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1150025"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1150112"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1150452"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1150457"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1150465"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1151347"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1151350"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152782"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153119"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=999278"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10906/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18509/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18551/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18595/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12207/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-20976/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-10207/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-10220/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11135/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11477/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14814/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14815/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14816/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14821/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14835/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15098/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15118/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15212/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15215/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15216/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15217/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15218/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15219/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15220/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15221/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15290/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15291/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15505/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15807/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15902/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15926/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15927/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16232/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16233/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16234/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16413/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17055/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17056/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9456/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9506/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/support/kb/doc/?id=7023735"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/support/kb/doc/?id=7024251"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?00e1d55f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
    SUSE-SLE-SAP-12-SP1-2019-2950=1
    
    SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2019-2950=1
    
    SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch
    SUSE-SLE-Module-Public-Cloud-12-2019-2950=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_124-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_124-xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-devel-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_124-default-1-2.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_124-xen-1-2.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"s390x", reference:"kernel-default-man-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-debuginfo-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debuginfo-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debugsource-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-devel-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-syms-3.12.74-60.64.124.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2956-1.NASL
    descriptionThis update for qemu fixes the following issues : Remove a backslash
    last seen2020-06-01
    modified2020-06-02
    plugin id130954
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130954
    titleSUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2019:2956-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2956-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130954);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/13");
    
      script_cve_id("CVE-2018-12207", "CVE-2018-20126", "CVE-2019-11135", "CVE-2019-12068");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2019:2956-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for qemu fixes the following issues :
    
    Remove a backslash '\' escape character from 80-qemu-ga.rules
    (bsc#1153358) Unlike sles 15 or newer guests, The udev rule file of
    qemu guest agent in sles 12 sp4 or newer guest only needs one escape
    character.
    
    Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991)
    
    Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068
    bsc#1146873)
    
    Expose taa-no 'feature', indicating CPU does not have the TSX Async
    Abort vulnerability. (CVE-2019-11135 bsc#1152506)
    
    Expose pschange-mc-no 'feature', indicating CPU does not have the page
    size change machine check vulnerability (CVE-2018-12207 bsc#1155812)
    
    Patch queue updated from
    https://gitlab.suse.de/virtualization/qemu.git SLE12-SP4
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119991"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146873"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153358"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155812"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://gitlab.suse.de/virtualization/qemu.git"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12207/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-20126/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11135/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12068/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192956-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4f81dc69"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
    SUSE-SLE-SERVER-12-SP4-2019-2956=1
    
    SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP4-2019-2956=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11135");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-iscsi-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-block-ssh-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:qemu-x86");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"qemu-block-rbd-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"qemu-block-rbd-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"qemu-x86-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"s390x", reference:"qemu-s390-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"s390x", reference:"qemu-s390-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-block-curl-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-block-curl-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-block-iscsi-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-block-iscsi-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-block-ssh-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-block-ssh-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-debugsource-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-guest-agent-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-guest-agent-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-lang-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-tools-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-tools-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"qemu-kvm-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"qemu-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"qemu-block-curl-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"qemu-block-curl-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"qemu-debugsource-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"qemu-kvm-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"qemu-tools-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"qemu-tools-debuginfo-2.11.2-5.23.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"qemu-x86-2.11.2-5.23.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2946-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130946
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130946
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2946-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2946-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130946);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/18");
    
      script_cve_id("CVE-2018-12207", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-10220", "CVE-2019-11135", "CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16995", "CVE-2019-17056", "CVE-2019-17133", "CVE-2019-17666");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2946-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 15 kernel was updated to receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit
    a race condition in the Instruction Fetch Unit of the Intel CPU to
    cause a Machine Exception during Page Size Change, causing the CPU
    core to be non-functional.
    
    The Linux Kernel kvm hypervisor was adjusted to avoid page size
    changes in executable pages by splitting / merging huge pages into
    small pages as needed. More information can be found on
    https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135:
    Aborting an asynchronous TSX operation on Intel CPUs with
    Transactional Memory support could be used to facilitate sidechannel
    information leaks out of microarchitectural buffers, similar to the
    previously described 'Microarchitectural Data Sampling' attack.
    
    The Linux kernel was supplemented with the option to disable TSX
    operation altogether (requiring CPU Microcode updates on older
    systems) and better flushing of microarchitectural buffers (VERW).
    
    The set of options available is described in our TID at
    https://www.suse.com/support/kb/doc/?id=7024251 CVE-2019-0154: Fix a
    local denial of service via read of unprotected i915 registers.
    (bsc#1135966)
    
    CVE-2019-0155: Fix privilege escalation in the i915 driver. Batch
    buffers from usermode could have escalated privileges via blitter
    command stream. (bsc#1135967)
    
    CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the
    alloc_workqueue return value, leading to a NULL pointer dereference.
    (bsc#1150457).
    
    CVE-2019-10220: Added sanity checks on the pathnames passed to the
    user space. (bsc#1144903).
    
    CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if
    hsr_add_port failed to add a port, which may have caused denial of
    service (bsc#1152685).
    
    CVE-2019-17666: rtlwifi: Fix potential overflow in P2P code
    (bsc#1154372).
    
    CVE-2019-16232: Fix a potential NULL pointer dereference in the
    Marwell libertas driver (bsc#1150465)
    
    CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue
    return value, leading to a NULL pointer dereference. (bsc#1150452).
    
    CVE-2019-17133: cfg80211 wireless extension did not reject a long SSID
    IE, leading to a Buffer Overflow (bsc#1153158).
    
    CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW,
    which meant that unprivileged users could create a raw socket
    (bsc#1152788).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046299"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046303"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046305"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050244"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050536"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050545"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055186"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061840"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066129"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1073513"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1082635"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086323"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1087092"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1089644"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1090631"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1093205"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1096254"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1097583"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1097584"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1097585"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1097586"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1097587"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1097588"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1101674"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109158"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117665"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119461"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119465"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123034"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123080"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133140"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134303"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135854"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135873"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135966"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135967"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137040"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137799"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138190"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1139073"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140090"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140729"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140845"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1141600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1142635"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1142667"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1143706"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1144338"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1144375"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1144449"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1144903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1145099"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146612"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1148410"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149119"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1150452"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1150457"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1150465"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1150875"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1151508"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152624"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152685"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152791"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153112"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153158"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153236"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153263"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153476"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153509"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153646"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153713"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153717"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153718"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153719"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153969"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154108"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154189"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154354"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154372"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154578"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154607"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154608"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154610"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154611"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154651"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154737"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154747"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154848"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154858"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154905"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155178"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155179"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155184"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155186"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12207/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-0154/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-0155/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-10220/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11135/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16232/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16233/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16234/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16995/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17056/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17133/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17666/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/support/kb/doc/?id=7023735"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/support/kb/doc/?id=7024251"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c2c4ec3a"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 15:zypper in -t patch
    SUSE-SLE-Product-WE-15-2019-2946=1
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-2019-2946=1
    
    SUSE Linux Enterprise Module for Live Patching 15:zypper in -t patch
    SUSE-SLE-Module-Live-Patching-15-2019-2946=1
    
    SUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch
    SUSE-SLE-Module-Legacy-15-2019-2946=1
    
    SUSE Linux Enterprise Module for Development Tools 15:zypper in -t
    patch SUSE-SLE-Module-Development-Tools-15-2019-2946=1
    
    SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-2019-2946=1
    
    SUSE Linux Enterprise High Availability 15:zypper in -t patch
    SUSE-SLE-Product-HA-15-2019-2946=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10220");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-default-man-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-base-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-base-debuginfo-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-qa-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kselftests-kmp-default-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kselftests-kmp-default-debuginfo-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"reiserfs-kmp-default-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"reiserfs-kmp-default-debuginfo-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-build-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-build-debugsource-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-syms-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-base-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-base-debuginfo-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-debuginfo-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-debugsource-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-base-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-devel-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-devel-debuginfo-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-default-man-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-base-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-base-debuginfo-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-qa-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kselftests-kmp-default-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kselftests-kmp-default-debuginfo-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-build-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-build-debugsource-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-syms-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-base-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-base-debuginfo-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-debuginfo-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-debugsource-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-base-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-devel-4.12.14-150.41.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-devel-debuginfo-4.12.14-150.41.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1112.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable.(CVE-2014-3180)A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.(CVE-2019-14901)A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.(CVE-2019-14896)A memory leak in the ath10k_usb_hif_tx_sg() function in driverset/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.(CVE-2019-19078)A memory leak in the mlx5_fpga_conn_create_cq() function in driverset/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7.(CVE-2019-19045)A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.(CVE-2019-14897)An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel
    last seen2020-05-06
    modified2020-02-24
    plugin id133913
    published2020-02-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133913
    titleEulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1112)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133913);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2014-3180",
        "CVE-2016-2085",
        "CVE-2017-18549",
        "CVE-2017-18550",
        "CVE-2018-12207",
        "CVE-2018-5995",
        "CVE-2018-7273",
        "CVE-2019-0155",
        "CVE-2019-11085",
        "CVE-2019-11135",
        "CVE-2019-14895",
        "CVE-2019-14896",
        "CVE-2019-14897",
        "CVE-2019-14901",
        "CVE-2019-18660",
        "CVE-2019-19045",
        "CVE-2019-19078",
        "CVE-2019-19227",
        "CVE-2019-19332",
        "CVE-2019-19447",
        "CVE-2019-19525",
        "CVE-2019-19534",
        "CVE-2019-19536",
        "CVE-2019-19768",
        "CVE-2019-19813",
        "CVE-2019-19922",
        "CVE-2019-19965",
        "CVE-2019-19966",
        "CVE-2019-20054",
        "CVE-2019-20095",
        "CVE-2019-5108",
        "CVE-2019-9458"
      );
    
      script_name(english:"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1112)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - The kernel package contains the Linux kernel (vmlinuz),
        the core of any Linux operating system. The kernel
        handles the basic functions of the operating system:
        memory allocation, process allocation, device input and
        output, etc.Security Fix(es):** DISPUTED ** In
        kernel/compat.c in the Linux kernel before 3.17, as
        used in Google Chrome OS and other products, there is a
        possible out-of-bounds read. restart_syscall uses
        uninitialized data when restarting
        compat_sys_nanosleep. NOTE: this is disputed because
        the code path is unreachable.(CVE-2014-3180)A heap
        overflow flaw was found in the Linux kernel, all
        versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi
        chip driver. The vulnerability allows a remote attacker
        to cause a system crash, resulting in a denial of
        service, or execute arbitrary code. The highest threat
        with this vulnerability is with the availability of the
        system. If code execution occurs, the code will run
        with the permissions of root. This will affect both
        confidentiality and integrity of files on the
        system.(CVE-2019-14901)A heap-based buffer overflow
        vulnerability was found in the Linux kernel, version
        kernel-2.6.32, in Marvell WiFi chip driver. A remote
        attacker could cause a denial of service (system crash)
        or, possibly execute arbitrary code, when the
        lbs_ibss_join_existing function is called after a STA
        connects to an AP.(CVE-2019-14896)A memory leak in the
        ath10k_usb_hif_tx_sg() function in
        driverset/wireless/ath/ath10k/usb.c in the Linux kernel
        through 5.3.11 allows attackers to cause a denial of
        service (memory consumption) by triggering
        usb_submit_urb() failures, aka
        CID-b8d17e7d93d2.(CVE-2019-19078)A memory leak in the
        mlx5_fpga_conn_create_cq() function in
        driverset/ethernet/mellanox/mlx5/core/fpga/conn.c in
        the Linux kernel before 5.3.11 allows attackers to
        cause a denial of service (memory consumption) by
        triggering mlx5_vector2eqn() failures, aka
        CID-c8c2a057fdc7.(CVE-2019-19045)A stack-based buffer
        overflow was found in the Linux kernel, version
        kernel-2.6.32, in Marvell WiFi chip driver. An attacker
        is able to cause a denial of service (system crash) or,
        possibly execute arbitrary code, when a STA works in
        IBSS mode (allows connecting stations together without
        the use of an AP) and connects to another
        STA.(CVE-2019-14897)An out-of-bounds memory write issue
        was found in the Linux Kernel, version 3.13 through
        5.4, in the way the Linux kernel's KVM hypervisor
        handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request
        to get CPUID features emulated by the KVM hypervisor. A
        user or process able to access the '/dev/kvm' device
        could use this flaw to crash the system, resulting in a
        denial of service.(CVE-2019-19332)Improper invalidation
        for page table updates by a virtual guest operating
        system for multiple Intel(R) Processors may allow an
        authenticated user to potentially enable denial of
        service of the host system via local
        access.(CVE-2018-12207)In the Android kernel in the
        video driver there is a use after free due to a race
        condition. This could lead to local escalation of
        privilege with no additional execution privileges
        needed. User interaction is not needed for
        exploitation.(CVE-2019-9458)In the AppleTalk subsystem
        in the Linux kernel before 5.1, there is a potential
        NULL pointer dereference because register_snap_client
        may return NULL. This will lead to denial of service in
        net/appletalk/aarp.c and net/appletalk/ddp.c, as
        demonstrated by unregister_snap_client, aka
        CID-9804501fa122.(CVE-2019-19227)In the Linux kernel
        5.0.21, mounting a crafted btrfs filesystem image,
        performing some operations, and then making a syncfs
        system call can lead to a use-after-free in
        __mutex_lock in kernel/locking/mutex.c. This is related
        to mutex_can_spin_on_owner in kernel/locking/mutex.c,
        __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and
        btrfs_insert_delayed_items in
        fs/btrfs/delayed-inode.c.(CVE-2019-19813)In the Linux
        kernel 5.4.0-rc2, there is a use-after-free (read) in
        the __blk_add_trace function in kernel/trace/blktrace.c
        (which is used to fill out a blk_io_trace structure and
        place it in a per-cpu sub-buffer).(CVE-2019-19768)In
        the Linux kernel before 5.0.6, there is a NULL pointer
        dereference in drop_sysctl_table() in
        fs/proc/proc_sysctl.c, related to put_links, aka
        CID-23da9588037e.(CVE-2019-20054)In the Linux kernel
        before 5.2.9, there is an info-leak bug that can be
        caused by a malicious USB device in the
        driverset/can/usb/peak_usb/pcan_usb_pro.c driver, aka
        CID-ead16e53c2f0.(CVE-2019-19536)In the Linux kernel
        before 5.3.11, there is an info-leak bug that can be
        caused by a malicious USB device in the
        driverset/can/usb/peak_usb/pcan_usb_core.c driver, aka
        CID-f7a1337f0d29.(CVE-2019-19534)In the Linux kernel
        before 5.3.6, there is a use-after-free bug that can be
        caused by a malicious USB device in the
        driverset/ieee802154/atusb.c driver, aka
        CID-7fd25e6fc035.(CVE-2019-19525)Insufficient access
        control in a subsystem for Intel (R) processor graphics
        in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM)
        Processor Families Intel(R) Pentium(R) Processor J, N,
        Silver and Gold Series Intel(R) Celeron(R) Processor J,
        N, G3900 and G4900 Series Intel(R) Atom(R) Processor A
        and E3900 Series Intel(R) Xeon(R) Processor E3-1500 v5
        and v6, E-2100 and E-2200 Processor Families Intel(R)
        Graphics Driver for Windows before 26.20.100.6813 (DCH)
        or 26.20.100.6812 and before 21.20.x.5077
        (aka15.45.5077), i915 Linux Driver for Intel(R)
        Processor Graphics before versions 5.4-rc7, 5.3.11,
        4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an
        authenticated user to potentially enable escalation of
        privilege via local access.(CVE-2019-0155)Insufficient
        input validation in Kernel Mode Driver in Intel(R) i915
        Graphics for Linux before version 5.0 may allow an
        authenticated user to potentially enable escalation of
        privilege via local
        access.(CVE-2019-11085)kernel/sched/fair.c in the Linux
        kernel before 5.3.9, when cpu.cfs_quota_us is used
        (e.g., with Kubernetes), allows attackers to cause a
        denial of service against non-cpu-bound applications by
        generating a workload that triggers unwanted slice
        expiration, aka CID-de53fd7aedb1. (In other words,
        although this slice expiration would typically be seen
        with benign workloads, it is possible that an attacker
        could calculate how many stray requests are required to
        force an entire Kubernetes cluster into a
        low-performance state caused by slice expiration, and
        ensure that a DDoS attack sent that number of stray
        requests. An attack does not affect the stability of
        the kernel it only causes mismanagement of application
        execution.)(CVE-2019-19922)The evm_verify_hmac function
        in security/integrity/evm/evm_main.c in the Linux
        kernel before 4.5 does not properly copy data, which
        makes it easier for local users to forge MAC values via
        a timing side-channel attack.(CVE-2016-2085)The
        pcpu_embed_first_chunk function in mm/percpu.c in the
        Linux kernel through 4.14.14 allows local users to
        obtain sensitive address information by reading dmesg
        data from a 'pages/cpu' printk call.(CVE-2018-5995)TSX
        Asynchronous Abort condition on some CPUs utilizing
        speculative execution may allow an authenticated user
        to potentially enable information disclosure via a side
        channel with local access.(CVE-2019-11135)An issue was
        discovered in drivers/scsi/aacraid/commctrl.c in the
        Linux kernel before 4.13. There is potential exposure
        of kernel stack memory because aac_send_raw_srb does
        not initialize the reply structure.(CVE-2017-18549)An
        issue was discovered in drivers/scsi/aacraid/commctrl.c
        in the Linux kernel before 4.13. There is potential
        exposure of kernel stack memory because
        aac_get_hba_info does not initialize the hbainfo
        structure.(CVE-2017-18550)In the Linux kernel through
        4.15.4, the floppy driver reveals the addresses of
        kernel functions and global variables using printk
        calls within the function show_floppy in
        drivers/block/floppy.c. An attacker can read this
        information from dmesg and use the addresses to find
        the locations of kernel code and data and bypass kernel
        security protections such as KASLR.(CVE-2018-7273)A
        heap-based buffer overflow was discovered in the Linux
        kernel, all versions 3.x.x and 4.x.x before 4.18.0, in
        Marvell WiFi chip driver. The flaw could occur when the
        station attempts a connection negotiation during the
        handling of the remote devices country settings. This
        could allow the remote device to cause a denial of
        service (system crash) or possibly execute arbitrary
        code.(CVE-2019-14895)The Linux kernel before 5.4.1 on
        powerpc allows Information Exposure because the
        Spectre-RSB mitigation is not in place for all
        applicable CPUs, aka CID-39e72bf96f58. This is related
        to arch/powerpc/kernel/entry_64.S and
        arch/powerpc/kernel/security.c.(CVE-2019-18660)In the
        Linux kernel 5.0.21, mounting a crafted ext4 filesystem
        image, performing some operations, and unmounting can
        lead to a use-after-free in ext4_put_super in
        fs/ext4/super.c, related to dump_orphan_list in
        fs/ext4/super.c.(CVE-2019-19447)In the Linux kernel
        through 5.4.6, there is a NULL pointer dereference in
        drivers/scsi/libsas/sas_discover.c because of
        mishandling of port disconnection during discovery,
        related to a PHY down race condition, aka
        CID-f70267f379b5.(CVE-2019-19965)In the Linux kernel
        before 5.1.6, there is a use-after-free in cpia2_exit()
        in drivers/media/usb/cpia2/cpia2_v4l.c that will cause
        denial of service, aka
        CID-dea37a972655.(CVE-2019-19966)An exploitable
        denial-of-service vulnerability exists in the Linux
        kernel prior to mainline 5.3. An attacker could exploit
        this vulnerability by triggering AP to send IAPP
        location updates for stations before the required
        authentication process has completed. This could lead
        to different denial-of-service scenarios, either by
        causing CAM table attacks, or by leading to traffic
        flapping if faking already existing clients in other
        nearby APs of the same wireless infrastructure. An
        attacker can forge Authentication and Association
        Request packets to trigger this
        vulnerability.(CVE-2019-5108)mwifiex_tm_cmd in
        drivers/net/wireless/marvell/mwifiex/cfg80211.c in the
        Linux kernel before 5.1.6 has some error-handling cases
        that did not free allocated hostcmd memory, aka
        CID-003b686ace82. This will cause a memory leak and
        denial of service.(CVE-2019-20095)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1112
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?51adc7d4");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-862.14.1.5.h408.eulerosv2r7",
            "kernel-devel-3.10.0-862.14.1.5.h408.eulerosv2r7",
            "kernel-headers-3.10.0-862.14.1.5.h408.eulerosv2r7",
            "kernel-tools-3.10.0-862.14.1.5.h408.eulerosv2r7",
            "kernel-tools-libs-3.10.0-862.14.1.5.h408.eulerosv2r7",
            "perf-3.10.0-862.14.1.5.h408.eulerosv2r7",
            "python-perf-3.10.0-862.14.1.5.h408.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2019-0052.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30419233] (CVE-2019-11135) - x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135) - x86/tsx: Add
    last seen2020-06-01
    modified2020-06-02
    plugin id130923
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130923
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0052)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2019-0052.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130923);
      script_version("1.4");
      script_cvs_date("Date: 2019/12/13");
    
      script_cve_id("CVE-2018-12207", "CVE-2019-11135");
    
      script_name(english:"OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0052)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - x86/tsx: Add config options to set tsx=on|off|auto
        (Michal Hocko) [Orabug: 30419233] (CVE-2019-11135)
    
      - x86/speculation/taa: Add documentation for TSX Async
        Abort (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)
    
      - x86/tsx: Add 'auto' option to the tsx= cmdline parameter
        (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)
    
      - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
        (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)
    
      - x86/speculation/taa: Add sysfs reporting for TSX Async
        Abort (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)
    
      - x86/speculation/taa: Add mitigation for TSX Async Abort
        (Kanth Ghatraju) [Orabug: 30419233] (CVE-2019-11135)
    
      - x86/cpu: Add a 'tsx=' cmdline option with TSX disabled
        by default (Pawan Gupta) [Orabug: 30419233]
        (CVE-2019-11135)
    
      - x86/cpu: Add a helper function x86_read_arch_cap_msr
        (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)
    
      - x86/msr: Add the IA32_TSX_CTRL MSR (Pawan Gupta)
        [Orabug: 30419233] (CVE-2019-11135)
    
      - kvm: x86: mmu: Recovery of shattered NX large pages
        (Junaid Shahid) [Orabug: 29967631] (CVE-2018-12207)
    
      - kvm: Add helper function for creating VM worker threads
        (Junaid Shahid) [Orabug: 29967631] (CVE-2018-12207)
    
      - kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini)
        [Orabug: 29967631] (CVE-2018-12207)
    
      - KVM: x86: remove now unneeded hugepage gfn adjustment
        (Paolo Bonzini) [Orabug: 29967631] (CVE-2018-12207)
    
      - KVM: x86: make FNAME(fetch) and __direct_map more
        similar (Paolo Bonzini) [Orabug: 29967631]
        (CVE-2018-12207)
    
      - kvm: x86: Do not release the page inside mmu_set_spte
        (Junaid Shahid) [Orabug: 29967631] (CVE-2018-12207)
    
      - x86/cpu: Add Tremont to the cpu vulnerability whitelist
        (Pawan Gupta) [Orabug: 29967631] (CVE-2018-12207)
    
      - x86: Add ITLB_MULTIHIT bug infrastructure (Pawan Gupta)
        [Orabug: 29967631] (CVE-2018-12207)
    
      - KVM: x86: MMU: Move mapping_level_dirty_bitmap call in
        mapping_level (Takuya Yoshikawa) [Orabug: 29967631]
        (CVE-2018-12207)
    
      - Revert 'KVM: x86: use the fast way to invalidate all
        pages' (Sean Christopherson) [Orabug: 29967631]
        (CVE-2018-12207)
    
      - kvm: Convert kvm_lock to a mutex (Junaid Shahid)
        [Orabug: 29967631] (CVE-2018-12207)
    
      - KVM: x86: MMU: Simplify force_pt_level calculation code
        in FNAME(page_fault) (Takuya Yoshikawa) [Orabug:
        29967631] (CVE-2018-12207)
    
      - KVM: x86: MMU: Make force_pt_level bool (Takuya
        Yoshikawa) [Orabug: 29967631] (CVE-2018-12207)
    
      - KVM: x86: MMU: Remove unused parameter parent_pte from
        kvm_mmu_get_page (Takuya Yoshikawa) [Orabug: 29967631]
        (CVE-2018-12207)
    
      - KVM: x86: extend usage of RET_MMIO_PF_* constants (Paolo
        Bonzini) [Orabug: 29967631] (CVE-2018-12207)
    
      - KVM: x86: MMU: Make mmu_set_spte return emulate value
        (Takuya Yoshikawa) [Orabug: 29967631] (CVE-2018-12207)
    
      - KVM: x86: MMU: Move parent_pte handling from
        kvm_mmu_get_page to link_shadow_page (Takuya Yoshikawa)
        [Orabug: 29967631] (CVE-2018-12207)
    
      - KVM: x86: MMU: Move initialization of parent_ptes out
        from kvm_mmu_alloc_page (Takuya Yoshikawa) [Orabug:
        29967631] (CVE-2018-12207)"
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2019-November/000966.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7baad653"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel-uek / kernel-uek-firmware packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11135");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-4.1.12-124.32.3.2.el6uek")) flag++;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-firmware-4.1.12-124.32.3.2.el6uek")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-1689D3FE07.NASL
    descriptionThe 5.3.11 stable kernel update contains a number of important security updates across the tree, including mitigations for the most recent hardware issues disclosed on Nov 12. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130919
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130919
    titleFedora 30 : 2:microcode_ctl / kernel / kernel-headers / kernel-tools (2019-1689d3fe07)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-1689d3fe07.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130919);
      script_version("1.4");
      script_cvs_date("Date: 2019/12/12");
    
      script_cve_id("CVE-2018-12207", "CVE-2019-0117", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135");
      script_xref(name:"FEDORA", value:"2019-1689d3fe07");
    
      script_name(english:"Fedora 30 : 2:microcode_ctl / kernel / kernel-headers / kernel-tools (2019-1689d3fe07)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The 5.3.11 stable kernel update contains a number of important
    security updates across the tree, including mitigations for the most
    recent hardware issues disclosed on Nov 12.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-1689d3fe07"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:microcode_ctl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-12207", "CVE-2019-0117", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for FEDORA-2019-1689d3fe07");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    if (rpm_check(release:"FC30", reference:"microcode_ctl-2.1-33.fc30", epoch:"2")) flag++;
    if (rpm_check(release:"FC30", reference:"kernel-5.3.11-200.fc30")) flag++;
    if (rpm_check(release:"FC30", reference:"kernel-headers-5.3.11-200.fc30")) flag++;
    if (rpm_check(release:"FC30", reference:"kernel-tools-5.3.11-200.fc30")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:microcode_ctl / kernel / kernel-headers / kernel-tools");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1322.NASL
    descriptionA flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU
    last seen2020-06-01
    modified2020-06-02
    plugin id131242
    published2019-11-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131242
    titleAmazon Linux AMI : kernel (ALAS-2019-1322)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1396.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely.(CVE-2019-16230) - In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).(CVE-2019-19768) - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.(CVE-2020-2732) - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.(CVE-2020-8647) - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.(CVE-2020-8648) - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.(CVE-2020-8649) - ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.(CVE-2020-8992) - An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.(CVE-2020-9383) - In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable.(CVE-2014-3180) - A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.(CVE-2019-14896) - A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.(CVE-2019-14897) - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel
    last seen2020-05-06
    modified2020-04-15
    plugin id135525
    published2020-04-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135525
    titleEulerOS 2.0 SP3 : kernel (EulerOS-SA-2020-1396)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2510.NASL
    descriptionThis update for qemu fixes the following issues : qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which includes 2 fixes we already carry, as well as one additional use- after-free fix in slirp. (CVE-2018-20126 bsc#1119991, CVE-2019-14378 bsc#1143794, and CVE-2019-15890 bsc#1149811 respectively) Security issues fixed : - CVE-2019-12068: Fixed potential DOS in lsi scsi controller emulation (bsc#1146873) - CVE-2019-11135: Expose taa-no
    last seen2020-06-01
    modified2020-06-02
    plugin id131064
    published2019-11-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131064
    titleopenSUSE Security Update : qemu (openSUSE-2019-2510)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3835.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130927
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130927
    titleRHEL 7 : kernel-rt (RHSA-2019:3835)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2019-0054.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=a3ec6768f487946b7316364bc9bd17ce4d752af5 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee - x86/vtx ept-shatter ... (Andrew Cooper) [Orabug: 30522238] (CVE-2018-12207) - x86: rename public functions in p2m-pt.c (Mukesh Rathor) [Orabug: 30522238] - Rename
    last seen2020-06-01
    modified2020-06-02
    plugin id131150
    published2019-11-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131150
    titleOracleVM 3.4 : xen (OVMSA-2019-0054)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2947-1.NASL
    descriptionThe SUSE Linux Enterprise 15-SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130947
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130947
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2947-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2955-1.NASL
    descriptionThis update for qemu fixes the following issues : qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which includes 2 fixes we already carry, as well as one additional use- after-free fix in slirp. (CVE-2018-20126 bsc#1119991, CVE-2019-14378 bsc#1143794, and CVE-2019-15890 bsc#1149811 respectively) Security issues fixed : CVE-2019-12068: Fixed potential DOS in lsi scsi controller emulation (bsc#1146873) CVE-2019-11135: Expose taa-no
    last seen2020-06-01
    modified2020-06-02
    plugin id130953
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130953
    titleSUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2955-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-56.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-56 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact : A local attacker could potentially gain privileges on the host system or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-04-01
    modified2020-03-27
    plugin id134964
    published2020-03-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134964
    titleGLSA-202003-56 : Xen: Multiple vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3836.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Intel 6.10 Bug] With mWait/C-states disabled, HT on, ibrs enabled, performance impact observed on user space benchmark (BZ#1560787) * kernel-2.6.32-573.60.2.el6 hangs/resets during boot in efi_enter_virtual_mode() on Xeon v2 E7-2870 (BZ#1645724) * Slab leak: skbuff_head_cache slab object still allocated after mcast processes are stopped and
    last seen2020-06-01
    modified2020-06-02
    plugin id130928
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130928
    titleRHEL 6 : kernel (RHSA-2019:3836)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3837.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130929
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130929
    titleRHEL 7 : kernel (RHSA-2019:3837)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-376EC5C107.NASL
    descriptionadd missing XSA-299 patches ---- x86: Machine Check Error on Page Size Change DoS [XSA-304, CVE-2018-12207] TSX Asynchronous Abort speculative side channel [XSA-305, CVE-2019-11135] ---- VCPUOP_initialise DoS [XSA-296, CVE-2019-18420] missing descriptor table limit checking in x86 PV emulation [XSA-298, CVE-2019-18425] Issues with restartable PV type change operations [XSA-299, CVE-2019-18421] add-to-physmap can be abused to DoS Arm hosts [XSA-301, CVE-2019-18423] passed through PCI devices may corrupt host memory after deassignment [XSA-302, CVE-2019-18424] ARM: Interrupts are unconditionally unmasked in exception handlers [XSA-303, CVE-2019-18422] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131143
    published2019-11-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131143
    titleFedora 31 : xen (2019-376ec5c107)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-4245.NASL
    descriptionAn update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix : * kpatch: hw: incomplete fix for CVE-2018-12207 (CVE-2019-19339) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id132230
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132230
    titleRHEL 8 : kpatch-patch (RHSA-2019:4245)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS19_NOV_4525237.NASL
    descriptionThe remote Windows host is missing security update 4525237. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135) - An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1374) - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. (CVE-2019-1380) - An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1416) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1429) - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384) - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438) - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk. (CVE-2019-1418) - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454) - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388) - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1324) - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391) - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408) - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415) - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719, CVE-2019-0721) - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2019-1411) - An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1381) - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390) - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439) - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406) - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405) - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1389, CVE-2019-1397, CVE-2019-1398) - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712, CVE-2019-1309, CVE-2019-1310) - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456) - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399) - An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations. (CVE-2019-1383, CVE-2019-1417) - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382) - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1409) - An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1420) - An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1436, CVE-2019-1440) - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422) - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2019-1385)
    last seen2020-06-01
    modified2020-06-02
    plugin id130907
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130907
    titleKB4525237: Windows 10 Version 1803 November 2019 Security Update
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2020-0002_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by multiple vulnerabilities: - Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. (CVE-2018-12207) - Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access. (CVE-2019-0154) - Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2019-0155) - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135) - The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. (CVE-2019-9500) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id133072
    published2020-01-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133072
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0002)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2506.NASL
    descriptionThis update for xen fixes the following issues : - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. (bsc#1155945) - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id131060
    published2019-11-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131060
    titleopenSUSE Security Update : xen (openSUSE-2019-2506)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4185-3.NASL
    descriptionUSN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update addresses both issues. We apologize for the inconvenience. Original advisory details : Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131013
    published2019-11-14
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131013
    titleUbuntu 16.04 LTS / 18.04 LTS : linux, linux-hwe, linux-oem vulnerability and regression (USN-4185-3)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4837.NASL
    descriptionDescription of changes: [4.1.12-124.32.3.2.el7uek] - x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30419233] {CVE-2019-11135} - x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30419233] {CVE-2019-11135} - x86/tsx: Add
    last seen2020-06-01
    modified2020-06-02
    plugin id130995
    published2019-11-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130995
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4837)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4836.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id130994
    published2019-11-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130994
    titleOracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4836)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2019-0056.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - ocfs2: protect extent tree in ocfs2_prepare_inode_for_write (Shuning Zhang) [Orabug: 30036349] - ocfs2: direct-IO: protect get_blocks (Junxiao Bi) [Orabug: 30036349] - SUNRPC: Remove xprt_connect_status (Trond Myklebust) [Orabug: 30165838] - SUNRPC: Handle ENETDOWN errors (Trond Myklebust) [Orabug: 30165838] - vhost: make sure log_num < in_num (yongduan) [Orabug: 30312787] (CVE-2019-14835) - vhost: block speculation of translated descriptors (Michael S. Tsirkin) [Orabug: 30312787] (CVE-2019-14835) - vhost: Fix Spectre V1 vulnerability (Jason Wang) [Orabug: 30312787] - array_index_nospec: Sanitize speculative array de-references (Dan Williams) [Orabug: 30312787] - net: hsr: fix memory leak in hsr_dev_finalize (Mao Wenan) [Orabug: 30444853] (CVE-2019-16995) - ieee802154: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30444946] (CVE-2019-17053) - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445158] (CVE-2019-17055) - net: sit: fix memory leak in sit_init_net (Mao Wenan) [Orabug: 30445305] (CVE-2019-16994) - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490491] (CVE-2019-15213) - media: cpia2_usb: first wake up, then free in disconnect (Oliver Neukum) [Orabug: 30511741] (CVE-2019-15215) - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532774] (CVE-2019-15217) - target: Propagate backend read-only to core_tpg_add_lun (Nicholas Bellinger) [Orabug: 30538419] - kvm: mmu: ITLB_MULTIHIT mitigation selection (Kanth Ghatraju) [Orabug: 30539766] - cpu/speculation: Uninline and export CPU mitigations helpers (Kanth Ghatraju) [Orabug: 30539766] - rds: Use correct conn when dropping connections due to cancel (H&aring kon Bugge) [Orabug: 30316058] - rds: ib: Optimize rds_ib_laddr_check (H&aring kon Bugge) [Orabug: 30327671] - rds: Bring loop-back peer down as well (H&aring kon Bugge) [Orabug: 30271704] - rds: ib: Avoid connect retry on loopback connections (H&aring kon Bugge) - rds: ib: Qualify CM REQ duplicate detection with connection being up (H&aring kon Bugge) [Orabug: 30062150] - rds: Further prioritize local loop-back connections (H&aring kon Bugge) - rds: Fix initial zero delay when queuing re-connect work (H&aring kon Bugge) - rds: Re-introduce separate work-queue for local connections (H&aring kon Bugge) [Orabug: 30062150] - rds: Re-factor and avoid superfluous queuing of shutdown work (H&aring kon Bugge) [Orabug: 29994551] - rds: ib: Flush ARP cache when connection attempt is rejected (H&aring kon Bugge) [Orabug: 29994550] - rds: ib: Fix incorrect setting of cp_reconnect_racing (H&aring kon Bugge) - RDMA/cma: Make # CM retries configurable (H&aring kon Bugge) [Orabug: 29994555] - rds: Re-factor and avoid superfluous queuing of reconnect work (H&aring kon Bugge) [Orabug: 29994558] - rds: ib: Correct the cm_id compare commit (H&aring kon Bugge) [Orabug: 29994560] - rds: Increase entropy in hashing (H&aring kon Bugge) [Orabug: 29994561] - rds: ib: Resurrect the CQs instead of delete+create (H&aring kon Bugge) - rds: Avoid queuing superfluous send and recv work (H&aring kon Bugge) - x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30517133] (CVE-2019-11135) - x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30517133] (CVE-2019-11135) - x86/tsx: Add
    last seen2020-06-01
    modified2020-06-02
    plugin id131208
    published2019-11-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131208
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0056)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2508.NASL
    descriptionThis update for xen fixes the following issues : - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. (bsc#1155945) - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id131062
    published2019-11-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131062
    titleopenSUSE Security Update : xen (openSUSE-2019-2508)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS19_NOV_4524570.NASL
    descriptionThe remote Windows host is missing security update 4524570. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135) - An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1374) - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. (CVE-2019-1380) - An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1436, CVE-2019-1440) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1429) - A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2019-1430) - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384) - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454) - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk. (CVE-2019-1418) - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388) - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1324) - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391) - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408) - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415) - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1397, CVE-2019-1398) - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719, CVE-2019-0721) - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2019-1411) - An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1381) - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390) - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439) - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406) - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405) - An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1423) - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712, CVE-2019-1309, CVE-2019-1310) - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456) - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399) - An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations. (CVE-2019-1417) - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382) - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1409) - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1433, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438) - An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1420) - An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1416) - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422) - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2019-1385)
    last seen2020-06-01
    modified2020-06-02
    plugin id130902
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130902
    titleKB4524570: Windows 10 Version 1903 and Windows 10 Version 1909 November 2019 Security Update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4850.NASL
    descriptionDescription of changes: [4.1.12-124.33.4.el7uek] - ocfs2: protect extent tree in ocfs2_prepare_inode_for_write() (Shuning Zhang) [Orabug: 30036349] - ocfs2: direct-IO: protect get_blocks (Junxiao Bi) [Orabug: 30036349] - SUNRPC: Remove xprt_connect_status() (Trond Myklebust) [Orabug: 30165838] - SUNRPC: Handle ENETDOWN errors (Trond Myklebust) [Orabug: 30165838] - vhost: make sure log_num < in_num (yongduan) [Orabug: 30312787] {CVE-2019-14835} - vhost: block speculation of translated descriptors (Michael S. Tsirkin) [Orabug: 30312787] {CVE-2019-14835} - vhost: Fix Spectre V1 vulnerability (Jason Wang) [Orabug: 30312787] - array_index_nospec: Sanitize speculative array de-references (Dan Williams) [Orabug: 30312787] - net: hsr: fix memory leak in hsr_dev_finalize() (Mao Wenan) [Orabug: 30444853] {CVE-2019-16995} - ieee802154: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30444946] {CVE-2019-17053} - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445158] {CVE-2019-17055} - net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445305] {CVE-2019-16994} - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490491] {CVE-2019-15213} - media: cpia2_usb: first wake up, then free in disconnect (Oliver Neukum) [Orabug: 30511741] {CVE-2019-15215} - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532774] {CVE-2019-15217} - target: Propagate backend read-only to core_tpg_add_lun (Nicholas Bellinger) [Orabug: 30538419] - kvm: mmu: ITLB_MULTIHIT mitigation selection (Kanth Ghatraju) [Orabug: 30539766] - cpu/speculation: Uninline and export CPU mitigations helpers (Kanth Ghatraju) [Orabug: 30539766] [4.1.12-124.33.3.el7uek] - rds: Use correct conn when dropping connections due to cancel (H&aring kon Bugge) [Orabug: 30316058] - rds: ib: Optimize rds_ib_laddr_check (H&aring kon Bugge) [Orabug: 30327671] - rds: Bring loop-back peer down as well (H&aring kon Bugge) [Orabug: 30271704] - rds: ib: Avoid connect retry on loopback connections (H&aring kon Bugge) [Orabug: 30271704] - rds: ib: Qualify CM REQ duplicate detection with connection being up (H&aring kon Bugge) [Orabug: 30062150] - rds: Further prioritize local loop-back connections (H&aring kon Bugge) [Orabug: 30062150] - rds: Fix initial zero delay when queuing re-connect work (H&aring kon Bugge) [Orabug: 30062150] - rds: Re-introduce separate work-queue for local connections (H&aring kon Bugge) [Orabug: 30062150] - rds: Re-factor and avoid superfluous queuing of shutdown work (H&aring kon Bugge) [Orabug: 29994551] - rds: ib: Flush ARP cache when connection attempt is rejected (H&aring kon Bugge) [Orabug: 29994550] - rds: ib: Fix incorrect setting of cp_reconnect_racing (H&aring kon Bugge) [Orabug: 29994553] - RDMA/cma: Make # CM retries configurable (H&aring kon Bugge) [Orabug: 29994555] - rds: Re-factor and avoid superfluous queuing of reconnect work (H&aring kon Bugge) [Orabug: 29994558] - rds: ib: Correct the cm_id compare commit (H&aring kon Bugge) [Orabug: 29994560] - rds: Increase entropy in hashing (H&aring kon Bugge) [Orabug: 29994561] - rds: ib: Resurrect the CQs instead of delete+create (H&aring kon Bugge) [Orabug: 29994566] - rds: Avoid queuing superfluous send and recv work (H&aring kon Bugge) [Orabug: 29994564] [4.1.12-124.33.2.el7uek] - x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30517133] {CVE-2019-11135} - x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135} - x86/tsx: Add
    last seen2020-06-01
    modified2020-06-02
    plugin id131174
    published2019-11-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131174
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4850)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2019-0020.NASL
    descriptiona. Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change (MCEPSC) Denial-of-Service vulnerability - CVE-2018-12207 VMware ESXi, Workstation, and Fusion patches include Hypervisor-Specific Mitigations for Machine Check Error on Page Size Change (MCEPSC). A malicious actor with local access to execute code in a virtual machine may be able to trigger a purple diagnostic screen or immediate reboot of the Hypervisor hosting the virtual machine, resulting in a denial-of-service condition. Because the mitigations for CVE-2018-12207 may have a performance impact they are not enabled by default. After applying patches, the mitigation can be enabled by following the instructions found in the article at https://kb.vmware.com/s/article/59139 . Performance impact data found in KB76050 should be reviewed prior to enabling this mitigation. b. Hypervisor-Specific Mitigations for TSX Asynchronous Abort (TAA) Speculative-Execution vulnerability - CVE-2019-11135 VMware ESXi, Workstation, and Fusion patches include Hypervisor-Specific Mitigations for TSX Asynchronous Abort (TAA). A malicious actor with local access to execute code in a virtual machine may be able to infer data otherwise protected by architectural mechanisms from another virtual machine or the hypervisor itself. This vulnerability is only applicable to Hypervisors utilizing 2nd Generation Intel Xeon Scalable Processors (formerly known as Cascade Lake) microarchitecture.
    last seen2020-06-01
    modified2020-06-02
    plugin id131018
    published2019-11-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131018
    titleVMSA-2019-0020 : Hypervisor-Specific Mitigations for Denial-of-Service and Speculative-Execution Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2954-1.NASL
    descriptionThis update for qemu fixes the following issues : Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15 Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991) Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873) Expose taa-no
    last seen2020-06-01
    modified2020-06-02
    plugin id130952
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130952
    titleSUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2954-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2960-1.NASL
    descriptionThis update for xen fixes the following issues : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. (bsc#1155945) CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130958
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130958
    titleSUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2019:2960-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1366.NASL
    descriptionA flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU
    last seen2020-06-01
    modified2020-06-02
    plugin id131235
    published2019-11-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131235
    titleAmazon Linux 2 : kernel (ALAS-2019-1366)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4183-2.NASL
    descriptionUSN-4183-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details : Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Jann Horn discovered a reference count underflow in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15791) Jann Horn discovered a type confusion vulnerability in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15792) Jann Horn discovered that the shiftfs implementation in the Linux kernel did not use the correct file system uid/gid when the user namespace of a lower file system is not in the init user namespace. A local attacker could use this to possibly bypass DAC permissions or have some other unspecified impact. (CVE-2019-15793) It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131011
    published2019-11-14
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131011
    titleUbuntu 19.10 : linux vulnerability (USN-4183-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4186-3.NASL
    descriptionUSN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details : Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666) Maddie Stone discovered that the Binder IPC Driver implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-2215). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-11-14
    plugin id131014
    published2019-11-14
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131014
    titleUbuntu 16.04 LTS : linux vulnerability (USN-4186-3)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2020-0021_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities: - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. (CVE-2017-17805) - Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. (CVE-2018-12207) - An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (CVE-2018-17972) - In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel. (CVE-2018-9568) - Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access. (CVE-2019-0154) - Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2019-0155) - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135) - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka
    last seen2020-03-18
    modified2020-03-08
    plugin id134312
    published2020-03-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134312
    titleNewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0021)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3297-1.NASL
    descriptionThis update for xen fixes the following issues : CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm (bsc#1158003 XSA-307). CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 (bsc#1158003 XSA-307). CVE-2019-19583: Fixed improper checks which could have allowed HVM/PVH guest userspace code to crash the guest,leading to a guest denial of service (bsc#1158004 XSA-308). CVE-2019-19578: Fixed an issue where a malicious or buggy PV guest could have caused hypervisor crash resulting in denial of service affecting the entire host (bsc#1158005 XSA-309). CVE-2019-19580: Fixed a privilege escalation where a malicious PV guest administrator could have been able to escalate their privilege to that of the host (bsc#1158006 XSA-310). CVE-2019-19577: Fixed an issue where a malicious guest administrator could have caused Xen to access data structures while they are being modified leading to a crash (bsc#1158007 XSA-311). CVE-2019-19579: Fixed a privilege escaltion where an untrusted domain with access to a physical device can DMA into host memory (bsc#1157888 XSA-306). CVE-2019-18420: Malicious x86 PV guests may have caused a hypervisor crash, resulting in a denial of service (bsc#1154448 XSA-296) CVE-2019-18425: 32-bit PV guest user mode could elevate its privileges to that of the guest kernel. (bsc#1154456 XSA-298). CVE-2019-18421: A malicious PV guest administrator may have been able to escalate their privilege to that of the host. (bsc#1154458 XSA-299). CVE-2019-18423: A malicious guest administrator may cause a hypervisor crash, resulting in a denial of service (bsc#1154460 XSA-301). CVE-2019-18422: A malicious ARM guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified. (bsc#1154464 XSA-303) CVE-2019-18424: An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. (bsc#1154461 XSA-302). CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. (bsc#1155945 XSA-304) CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id132073
    published2019-12-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132073
    titleSUSE SLES12 Security Update : xen (SUSE-SU-2019:3297-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4184-1.NASL
    descriptionStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Jann Horn discovered a reference count underflow in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15791) Jann Horn discovered a type confusion vulnerability in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15792) Jann Horn discovered that the shiftfs implementation in the Linux kernel did not use the correct file system uid/gid when the user namespace of a lower file system is not in the init user namespace. A local attacker could use this to possibly bypass DAC permissions or have some other unspecified impact. (CVE-2019-15793) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130964
    published2019-11-13
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130964
    titleUbuntu 18.04 LTS / 19.04 : linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, (USN-4184-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0093-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-20095: mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c had some error-handling cases that did not free allocated hostcmd memory. This will cause a memory leak and denial of service (bnc#1159909). CVE-2019-20054: Fixed a a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links (bnc#1159910). CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service (bnc#1159908). CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service (bnc#1159841). CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c (bnc#1158819). CVE-2019-19319: A setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call (bnc#1158021). CVE-2019-19767: Fixed mishandling of ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c (bnc#1159297). CVE-2019-18808: A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption) (bnc#1156259). CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c where the length of variable elements in a beacon head were not checked, leading to a buffer overflow (bnc#1152107). CVE-2019-19066: A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures (bnc#1157303). CVE-2019-19051: There was a memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1159024). CVE-2019-19338: There was an incomplete fix for Transaction Asynchronous Abort (TAA) (bnc#1158954). CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid (bnc#1158827). CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer (bnc#1158904). CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903). CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#1158900). CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver (bnc#1158893). CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834). CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers (bnc#1158824). CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bnc#1158381 1158823 1158834). CVE-2019-15213: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544). CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445). CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427). CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417). CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410). CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394). CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413). CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (bnc#1158407). CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398). CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver (bnc#1158381). CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042). CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258). CVE-2019-19046: A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure (bnc#1157304). CVE-2019-19078: A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157032). CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307). CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298). CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678). CVE-2019-19081: A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157045). CVE-2019-19080: Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157044). CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191). CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171). CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180). CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178). CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173). CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162). CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145). CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). CVE-2019-19073: Fixed memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures (bnc#1157070). CVE-2019-19083: Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157049). CVE-2019-19082: Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157046). CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). CVE-2019-0154: Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1135966). CVE-2019-0155: Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may have allowed an authenticated user to potentially enable escalation of privilege via local access (bnc#1135967). CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187). CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782). CVE-2019-16995: In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d (bnc#1152685). CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access (bnc#1139073). CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150457). CVE-2018-12207: Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may have allowed an authenticated user to potentially enable denial of service of the host system via local access (bnc#1117665). CVE-2019-10220: Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists (bnc#1144903). CVE-2019-17666: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (bnc#1154372). CVE-2019-16232: drivers/net/wireless/marvell/libertas/if_sdio.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150465). CVE-2019-16234: drivers/net/wireless/intel/iwlwifi/pcie/trans.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150452). CVE-2019-17133: cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c did not reject a long SSID IE, leading to a Buffer Overflow (bnc#1153158). CVE-2019-17056: llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176 (bnc#1152788). CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id132925
    published2020-01-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132925
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2020:0093-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3839.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130931
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130931
    titleRHEL 7 : kernel (RHSA-2019:3839)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2962-1.NASL
    descriptionThis update for xen fixes the following issues : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. (bsc#1155945) CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130960
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130960
    titleSUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:2962-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3295-1.NASL
    descriptionThe SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-15916: Fixed a memory leak in register_queue_kobjects() which might have led denial of service (bsc#1149448). CVE-2019-0154: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable denial of service via local access (bsc#1135966). CVE-2019-0155: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1135967). CVE-2019-16231: Fixed a NULL pointer dereference due to lack of checking the alloc_workqueue return value (bsc#1150466). CVE-2019-18805: Fixed an integer overflow in tcp_ack_update_rtt() leading to a denial of service or possibly unspecified other impact (bsc#1156187). CVE-2019-17055: Enforced CAP_NET_RAW in the AF_ISDN network module to restrict unprivileged users to create a raw socket (bsc#1152782). CVE-2019-16995: Fixed a memory leak in hsr_dev_finalize() which may have caused denial of service (bsc#1152685). CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id132071
    published2019-12-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132071
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3295-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-68D7F68507.NASL
    descriptionThe 5.3.11 stable kernel update contains a number of important security updates across the tree, including mitigations for the most recent hardware issues disclosed on Nov 12. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130920
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130920
    titleFedora 31 : 2:microcode_ctl / kernel / kernel-headers / kernel-tools (2019-68d7f68507)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0204.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write (CVE-2019-0155) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126) * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Backport TCP follow-up for small buffers (BZ#1739184) * TCP performance regression after CVE-2019-11478 bug fix (BZ#1743170) * RHEL8.0 - bnx2x link down, caused by transmit timeouts during load test (Marvell/Cavium/QLogic) (L3:) (BZ#1743548) * block: blk-mq improvement (BZ#1780567) * RHEL8.0 - Regression to RHEL7.6 by changing force_latency found during RHEL8.0 validation for SAP HANA on POWER (BZ#1781111) * blk-mq: overwirte performance drops on real MQ device (BZ#1782183) * RHEL8: creating vport takes lot of memory i.e 2GB per vport which leads to drain out system memory quickly. (BZ#1782705)
    last seen2020-06-01
    modified2020-06-02
    plugin id133221
    published2020-01-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133221
    titleRHEL 8 : kernel (RHSA-2020:0204)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1990.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. CVE-2018-12207 It was discovered that on Intel CPUs supporting hardware virtualisation with Extended Page Tables (EPT), a guest VM may manipulate the memory management hardware to cause a Machine Check Error (MCE) and denial of service (hang or crash). The guest triggers this error by changing page tables without a TLB flush, so that both 4 KB and 2 MB entries for the same virtual address are loaded into the instruction TLB (iTLB). This update implements a mitigation in KVM that prevents guest VMs from loading 2 MB entries into the iTLB. This will reduce performance of guest VMs. Further information on the mitigation can be found at <https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/ multihit.html> or in the linux-doc-4.9 package. Intel
    last seen2020-06-01
    modified2020-06-02
    plugin id130979
    published2019-11-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130979
    titleDebian DLA-1990-1 : linux-4.9 security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2984-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685). CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id131120
    published2019-11-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131120
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2984-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3840.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130932
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130932
    titleRHEL 7 : kernel (RHSA-2019:3840)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0388-1.NASL
    descriptionThis update for xen fixes the following issues : CVE-2018-12207: Fixed a race condition where untrusted virtual machines could have been using the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional (bsc#1155945 XSA-304). CVE-2018-19965: Fixed a DoS from attempting to use INVPCID with a non-canonical addresses (bsc#1115045 XSA-279). CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate side-channel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-03-18
    modified2020-02-18
    plugin id133763
    published2020-02-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133763
    titleSUSE SLES12 Security Update : xen (SUSE-SU-2020:0388-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_EDC0BF7E05A111EA9DFAF8B156AC3FF9.NASL
    descriptionIntel discovered a previously published erratum on some Intel platforms can be exploited by malicious software to potentially cause a denial of service by triggering a machine check that will crash or hang the system. Malicious guest operating systems may be able to crash the host.
    last seen2020-06-01
    modified2020-06-02
    plugin id131296
    published2019-11-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131296
    titleFreeBSD : FreeBSD -- Machine Check Exception on Page Size Change (edc0bf7e-05a1-11ea-9dfa-f8b156ac3ff9)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2953-1.NASL
    descriptionThe SUSE Linux Enterprise 15-SP1 Azure Kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 (bnc#1117665 1152505 1155812 1155817 1155945) CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130951
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130951
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2953-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3834.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130926
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130926
    titleRHEL 7 : kernel (RHSA-2019:3834)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4184-2.NASL
    descriptionUSN-4184-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update addresses both issues. We apologize for the inconvenience. Original advisory details : Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Jann Horn discovered a reference count underflow in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15791) Jann Horn discovered a type confusion vulnerability in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15792) Jann Horn discovered that the shiftfs implementation in the Linux kernel did not use the correct file system uid/gid when the user namespace of a lower file system is not in the init user namespace. A local attacker could use this to possibly bypass DAC permissions or have some other unspecified impact. (CVE-2019-15793) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131012
    published2019-11-14
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131012
    titleUbuntu 18.04 LTS / 19.04 : linux, linux-hwe, linux-oem-osp1 vulnerability and regression (USN-4184-2)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3843.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130935
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130935
    titleRHEL 6 : kernel (RHSA-2019:3843)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4602.NASL
    descriptionMultiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks. In addition this update provides mitigations for the
    last seen2020-06-01
    modified2020-06-02
    plugin id132875
    published2020-01-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132875
    titleDebian DSA-4602-1 : xen - security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0334-1.NASL
    descriptionThis update for xen fixes the following issues : CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host (bsc#1161181). CVE-2019-19579: Device quarantine for alternate pci assignment methods (bsc#1157888). CVE-2019-19581: find_next_bit() issues (bsc#1158003). CVE-2019-19583: VMentry failure with debug exceptions and blocked states (bsc#1158004). CVE-2019-19578: Linear pagetable use / entry miscounts (bsc#1158005). CVE-2019-19580: Further issues with restartable PV type change operations (bsc#1158006). CVE-2019-19577: dynamic height for the IOMMU pagetables (bsc#1158007). CVE-2019-18420: VCPUOP_initialise DoS (bsc#1154448). CVE-2019-18425: missing descriptor table limit checking in x86 PV emulation (bsc#1154456). CVE-2019-18421: Issues with restartable PV type change operations (bsc#1154458). CVE-2019-18424: passed through PCI devices may corrupt host memory after deassignment (bsc#1154461). CVE-2018-12207: Machine Check Error Avoidance on Page Size Change (aka IFU issue) (bsc#1155945). CVE-2019-11135: TSX Asynchronous Abort (TAA) issue (bsc#1152497). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133539
    published2020-02-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133539
    titleSUSE SLES12 Security Update : xen (SUSE-SU-2020:0334-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3340-1.NASL
    descriptionThis update for spectre-meltdown-checker fixes the following issues : version 0.43 - feat: implement TAA detection (CVE-2019-11135 bsc#1139073) - feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207 bsc#1117665) - feat: taa: add TSX_CTRL MSR detection in hardware info - feat: fwdb: use both Intel GitHub repo and MCEdb to build our firmware version database - feat: use --live with --kernel/--config/--map to override file detection in live mode - enh: rework the vuln logic of MDS with --paranoid (fixes #307) - enh: explain that Enhanced IBRS is better for performance than classic IBRS - enh: kernel: autodetect customized arch kernels from cmdline - enh: kernel decompression: better tolerance against missing tools - enh: mock: implement reading from /proc/cmdline - fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a - fix: lockdown: detect Red Hat locked down kernels (impacts MSR writes) - fix: lockdown: detect locked down mode in vanilla 5.4+ kernels - fix: sgx: on locked down kernels, fallback to CPUID bit for detection - fix: fwdb: builtin version takes precedence if the local cached version is older - fix: pteinv: don
    last seen2020-06-01
    modified2020-06-02
    plugin id132334
    published2019-12-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132334
    titleSUSE SLES12 Security Update : spectre-meltdown-checker (SUSE-SU-2019:3340-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-7A3FC17778.NASL
    descriptionThe 5.3.11 stable kernel update contains a number of important security updates across the tree, including mitigations for the most recent hardware issues disclosed on Nov 12. ---- The 5.3.9 update contains a number of important fixes across the tree ---- Update to upstream 2.1-22. 20190618 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130989
    published2019-11-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130989
    titleFedora 29 : 2:microcode_ctl / kernel / kernel-headers / kernel-tools (2019-7a3fc17778)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0266_KERNEL-RT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a
    last seen2020-06-01
    modified2020-06-02
    plugin id132499
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132499
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0266)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS19_NOV_4525232.NASL
    descriptionThe remote Windows host is missing security update 4525232. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719, CVE-2019-1389, CVE-2019-1397) - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135) - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388) - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. (CVE-2019-1380) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1429) - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384) - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454) - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk. (CVE-2019-1418) - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1434) - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712) - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391) - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408) - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415) - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2019-1411) - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438) - An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1381) - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390) - An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1436) - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439) - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406) - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405) - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1392) - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456) - An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations. (CVE-2019-1383, CVE-2019-1417) - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382) - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1409) - An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1420) - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422)
    last seen2020-06-01
    modified2020-06-02
    plugin id130903
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130903
    titleKB4525232: Windows 10 November 2019 Security Update
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS19_NOV_4525243.NASL
    descriptionThe remote Windows host is missing security update 4525250 or cumulative update 4525243. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719) - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1389, CVE-2019-1397) - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424) - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2019-1411, CVE-2019-1432) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135) - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388) - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. (CVE-2019-1380) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1429) - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384) - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1434) - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk. (CVE-2019-1418) - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454) - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712) - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391) - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408) - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415) - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438) - An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1381) - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390) - An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2019-1412) - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439) - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406) - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405) - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1392) - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456) - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399) - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382) - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1409) - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422)
    last seen2020-06-01
    modified2020-06-02
    plugin id130909
    published2019-11-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130909
    titleKB4525250: Windows 8.1 and Windows Server 2012 R2 November 2019 Security Update
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20191113_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) - hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2019-11-14
    plugin id131007
    published2019-11-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131007
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20191113)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3348-1.NASL
    descriptionThis update for spectre-meltdown-checker fixes the following issues : - feat: implement TAA detection (CVE-2019-11135 bsc#1139073) - feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207 bsc#1117665) - feat: taa: add TSX_CTRL MSR detection in hardware info - feat: fwdb: use both Intel GitHub repo and MCEdb to build our firmware version database - feat: use --live with --kernel/--config/--map to override file detection in live mode - enh: rework the vuln logic of MDS with --paranoid (fixes #307) - enh: explain that Enhanced IBRS is better for performance than classic IBRS - enh: kernel: autodetect customized arch kernels from cmdline - enh: kernel decompression: better tolerance against missing tools - enh: mock: implement reading from /proc/cmdline - fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a - fix: lockdown: detect Red Hat locked down kernels (impacts MSR writes) - fix: lockdown: detect locked down mode in vanilla 5.4+ kernels - fix: sgx: on locked down kernels, fallback to CPUID bit for detection - fix: fwdb: builtin version takes precedence if the local cached version is older - fix: pteinv: don
    last seen2020-06-01
    modified2020-06-02
    plugin id132337
    published2019-12-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132337
    titleSUSE SLED15 / SLES15 Security Update : spectre-meltdown-checker (SUSE-SU-2019:3348-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3833.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130925
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130925
    titleRHEL 8 : kernel-rt (RHSA-2019:3833)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3842.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130934
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130934
    titleRHEL 6 : kernel (RHSA-2019:3842)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2507.NASL
    descriptionThe openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-0154: An unprotected read access to i915 registers has been fixed that could have been abused to facilitate a local denial-of-service attack. (bsc#1135966) - CVE-2019-0155: A privilege escalation vulnerability has been fixed in the i915 module that allowed batch buffers from user mode to gain super user privileges. (bsc#1135967) - CVE-2019-16231: drivers/net/fjes/fjes_main.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). - CVE-2019-18805: There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6 (bnc#1156187). - CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21 (bnc#1152782). - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id131061
    published2019-11-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131061
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-2507)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS19_NOV_4525235.NASL
    descriptionThe remote Windows host is missing security update 4525233 or cumulative update 4525235. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719) - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1389, CVE-2019-1397) - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424) - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2019-1411, CVE-2019-1432) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135) - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382) - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1429) - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384) - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1434) - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk. (CVE-2019-1418) - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454) - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712) - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391) - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408) - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415) - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438) - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390) - An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2019-1412) - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439) - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406) - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405) - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456) - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399) - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1441) - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1409) - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422)
    last seen2020-06-01
    modified2020-06-02
    plugin id130905
    published2019-11-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130905
    titleKB4525233: Windows 7 and Windows Server 2008 R2 November 2019 Security Update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2961-1.NASL
    descriptionThis update for xen fixes the following issues : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. (bsc#1155945) CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130959
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130959
    titleSUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2019:2961-1)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0264_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a
    last seen2020-06-01
    modified2020-06-02
    plugin id132490
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132490
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0264)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-3834.NASL
    descriptionFrom Red Hat Security Advisory 2019:3834 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id131110
    published2019-11-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131110
    titleOracle Linux 7 : kernel (ELSA-2019-3834)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4185-1.NASL
    descriptionStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130965
    published2019-11-13
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130965
    titleUbuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, (USN-4185-1)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS19_NOV_4523205.NASL
    descriptionThe remote Windows host is missing security update 4523205. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135) - An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1374) - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. (CVE-2019-1380) - An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1416) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1429) - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384) - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454) - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk. (CVE-2019-1418) - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388) - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1324) - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391) - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408) - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415) - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1397, CVE-2019-1398) - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719, CCVE-2019-0721) - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2019-1411) - An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1381) - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390) - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439) - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406) - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405) - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712, CVE-2019-1309, CVE-2019-1310) - An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations. (CVE-2019-1379, CVE-2019-1383, CVE-2019-1417) - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456) - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399) - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382) - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1409) - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1433, CVE-2019-1435, CVE-2019-1437, CVE-2019-1438) - An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1420) - An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1436, CVE-2019-1440) - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422) - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2019-1385)
    last seen2020-06-01
    modified2020-06-02
    plugin id130901
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130901
    titleKB4523205: Windows 10 Version 1809 and Windows Server 2019 November 2019 Security Update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2949-1.NASL
    descriptionThe SUSE Linux Enterprise 12-SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685). CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130949
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130949
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2949-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3844.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130998
    published2019-11-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130998
    titleRHEL 6 : MRG (RHSA-2019:3844)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2710.NASL
    descriptionThis update for spectre-meltdown-checker fixes the following issues : - feat: implement TAA detection (CVE-2019-11135 bsc#1139073) - feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207 bsc#1117665) - feat: taa: add TSX_CTRL MSR detection in hardware info - feat: fwdb: use both Intel GitHub repo and MCEdb to build our firmware version database - feat: use --live with --kernel/--config/--map to override file detection in live mode - enh: rework the vuln logic of MDS with --paranoid (fixes #307) - enh: explain that Enhanced IBRS is better for performance than classic IBRS - enh: kernel: autodetect customized arch kernels from cmdline - enh: kernel decompression: better tolerance against missing tools - enh: mock: implement reading from /proc/cmdline - fix: variant3a: Silvermont CPUs are not vulnerable to variant 3a - fix: lockdown: detect Red Hat locked down kernels (impacts MSR writes) - fix: lockdown: detect locked down mode in vanilla 5.4+ kernels - fix: sgx: on locked down kernels, fallback to CPUID bit for detection - fix: fwdb: builtin version takes precedence if the local cached version is older - fix: pteinv: don
    last seen2020-06-01
    modified2020-06-02
    plugin id132516
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132516
    titleopenSUSE Security Update : spectre-meltdown-checker (openSUSE-2019-2710)
  • NASL familyMisc.
    NASL idXEN_SERVER_XSA-304.NASL
    descriptionAccording to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service vulnerability. An erratum exists across some CPUs whereby an instruction fetch may cause a machine check error if the pagetables have been updated in a specific manner without invalidating the TLB. The x86 architecture explicitly permits modification of the pagetables without TLB invalidation, but in this corner case, the impacted core ceases operating and an unexpected machine check or system reset occurs. This corner case can be triggered by guest kernels.
    last seen2020-03-18
    modified2020-03-02
    plugin id134172
    published2020-03-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134172
    titleXen Denial of Service vulnerability (XSA-304)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2948-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel KVM hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130948
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130948
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2948-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0028.NASL
    descriptionAn update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id132687
    published2020-01-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132687
    titleRHEL 7 : kpatch-patch (RHSA-2020:0028)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3838.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130930
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130930
    titleRHEL 7 : kernel (RHSA-2019:3838)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3832.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130924
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130924
    titleRHEL 8 : kernel (RHSA-2019:3832)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-3836.NASL
    descriptionFrom Red Hat Security Advisory 2019:3836 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Intel 6.10 Bug] With mWait/C-states disabled, HT on, ibrs enabled, performance impact observed on user space benchmark (BZ#1560787) * kernel-2.6.32-573.60.2.el6 hangs/resets during boot in efi_enter_virtual_mode() on Xeon v2 E7-2870 (BZ#1645724) * Slab leak: skbuff_head_cache slab object still allocated after mcast processes are stopped and
    last seen2020-06-01
    modified2020-06-02
    plugin id130993
    published2019-11-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130993
    titleOracle Linux 6 : kernel (ELSA-2019-3836)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3841.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130933
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130933
    titleRHEL 7 : kernel (RHSA-2019:3841)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3860.NASL
    descriptionAn update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host
    last seen2020-06-01
    modified2020-06-02
    plugin id130999
    published2019-11-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130999
    titleRHEL 7 : Virtualization Manager (RHSA-2019:3860)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20191113_KERNEL_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) - hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) - Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) - hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : - [Intel 6.10 Bug] With mWait/C-states disabled, HT on, ibrs enabled, performance impact observed on user space benchmark (BZ#1560787) - kernel-2.6.32-573.60.2.el6 hangs/resets during boot in efi_enter_virtual_mode() on Xeon v2 E7-2870 (BZ#1645724) - Slab leak: skbuff_head_cache slab object still allocated after mcast processes are stopped and
    last seen2020-03-18
    modified2019-11-14
    plugin id131006
    published2019-11-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131006
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20191113)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2503.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-0154: An unprotected read access to i915 registers has been fixed that could have been abused to facilitate a local denial-of-service attack. (bsc#1135966) - CVE-2019-0155: A privilege escalation vulnerability has been fixed in the i915 module that allowed batch buffers from user mode to gain super user privileges. (bsc#1135967) - CVE-2019-16231: drivers/net/fjes/fjes_main.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). - CVE-2019-18805: There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6 (bnc#1156187). - CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21 (bnc#1152782). - CVE-2019-16995: A memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c, if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d (bnc#1152685). - CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id131057
    published2019-11-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131057
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-2503)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2505.NASL
    descriptionThis update for qemu fixes the following issues : - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15 - Fix use-after-free in slirp (CVE-2018-20126 bsc#1119991) - Fix potential DOS in lsi scsi controller emulation (CVE-2019-12068 bsc#1146873) - Expose taa-no
    last seen2020-06-01
    modified2020-06-02
    plugin id131059
    published2019-11-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131059
    titleopenSUSE Security Update : qemu (openSUSE-2019-2505)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4564.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. - CVE-2018-12207 It was discovered that on Intel CPUs supporting hardware virtualisation with Extended Page Tables (EPT), a guest VM may manipulate the memory management hardware to cause a Machine Check Error (MCE) and denial of service (hang or crash). The guest triggers this error by changing page tables without a TLB flush, so that both 4 KB and 2 MB entries for the same virtual address are loaded into the instruction TLB (iTLB). This update implements a mitigation in KVM that prevents guest VMs from loading 2 MB entries into the iTLB. This will reduce performance of guest VMs. Further information on the mitigation can be found at or in the linux-doc-4.9 or linux-doc-4.19 package. A qemu update adding support for the PSCHANGE_MC_NO feature, which allows to disable iTLB Multihit mitigations in nested hypervisors will be provided via DSA 4566-1. Intel
    last seen2020-06-01
    modified2020-06-02
    plugin id130982
    published2019-11-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130982
    titleDebian DSA-4564-1 : linux - security update
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS19_NOV_4525241.NASL
    descriptionThe remote Windows host is missing security update 4525241. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135) - An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1374) - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. (CVE-2019-1380) - An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1416) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1429) - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384) - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438) - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk. (CVE-2019-1418) - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454) - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388) - An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1324) - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712, CVE-2019-1309) - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391) - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408) - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415) - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719, CVE-2019-0721) - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2019-1411) - An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1381) - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390) - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439) - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406) - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405) - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1389, CVE-2019-1397, CVE-2019-1398) - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456) - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399) - An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations. (CVE-2019-1383, CVE-2019-1417) - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382) - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1409) - An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1420) - An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1436, CVE-2019-1440) - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422) - An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. (CVE-2019-1385)
    last seen2020-05-31
    modified2019-11-12
    plugin id130908
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130908
    titleKB4525241: Windows 10 Version 1709 November 2019 Security Update
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS19_NOV_4525246.NASL
    descriptionThe remote Windows host is missing security update 4525253 or cumulative update 4525246. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719) - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1389, CVE-2019-1397) - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424) - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2019-1411, CVE-2019-1432) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135) - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388) - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. (CVE-2019-1380) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1429) - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384) - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1434) - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk. (CVE-2019-1418) - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454) - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712) - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391) - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408) - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415) - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438) - An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1381) - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390) - An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2019-1412) - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439) - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406) - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405) - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1392) - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456) - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399) - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382) - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1409) - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422)
    last seen2020-06-01
    modified2020-06-02
    plugin id130910
    published2019-11-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130910
    titleKB4525253: Windows Server 2012 November 2019 Security Update
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS19_NOV_4525236.NASL
    descriptionThe remote Windows host is missing security update 4525236. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-0719) - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. (CVE-2019-1389, CVE-2019-1397) - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission. (CVE-2019-1424) - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-11135) - An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1374) - An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. (CVE-2019-1388) - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted. The security update addresses the vulnerability by ensuring splwow64.exe properly handles these calls.. (CVE-2019-1380) - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1429) - A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. (CVE-2019-1384) - An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2019-1407, CVE-2019-1433, CVE-2019-1435, CVE-2019-1438) - An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk. (CVE-2019-1418) - An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. (CVE-2019-1454) - A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. (CVE-2019-0712) - A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2018-12207, CVE-2019-1391) - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408) - An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. (CVE-2019-1415) - An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory. (CVE-2019-1411) - An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1381) - A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2019-1390) - An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2019-1436) - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. (CVE-2019-1439) - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. (CVE-2019-1406) - An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1405) - A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. (CVE-2019-1419, CVE-2019-1456) - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2019-1399) - An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the victim system. The update addresses the vulnerability by correcting the way the Windows Data Sharing Service handles file operations. (CVE-2019-1383, CVE-2019-1417) - An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files. (CVE-2019-1382) - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2019-1409) - An elevation of privilege vulnerability exists in the way that the dssvc.dll handles file creation allowing for a file overwrite or creation in a secured location. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1420) - An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2019-1422)
    last seen2020-06-01
    modified2020-06-02
    plugin id130906
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130906
    titleKB4525236: Windows 10 Version 1607 and Windows Server 2016 November 2019 Security Update
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-3834.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id131032
    published2019-11-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131032
    titleCentOS 7 : kernel (CESA-2019:3834)

Redhat

advisories
  • rhsa
    idRHSA-2019:3916
  • rhsa
    idRHSA-2019:3936
  • rhsa
    idRHSA-2019:3941
  • rhsa
    idRHSA-2020:0026
  • rhsa
    idRHSA-2020:0028
  • rhsa
    idRHSA-2020:0204
rpms
  • bpftool-0:4.18.0-147.0.2.el8_1
  • bpftool-debuginfo-0:4.18.0-147.0.2.el8_1
  • kernel-0:4.18.0-147.0.2.el8_1
  • kernel-abi-whitelists-0:4.18.0-147.0.2.el8_1
  • kernel-core-0:4.18.0-147.0.2.el8_1
  • kernel-cross-headers-0:4.18.0-147.0.2.el8_1
  • kernel-debug-0:4.18.0-147.0.2.el8_1
  • kernel-debug-core-0:4.18.0-147.0.2.el8_1
  • kernel-debug-debuginfo-0:4.18.0-147.0.2.el8_1
  • kernel-debug-devel-0:4.18.0-147.0.2.el8_1
  • kernel-debug-modules-0:4.18.0-147.0.2.el8_1
  • kernel-debug-modules-extra-0:4.18.0-147.0.2.el8_1
  • kernel-debuginfo-0:4.18.0-147.0.2.el8_1
  • kernel-debuginfo-common-aarch64-0:4.18.0-147.0.2.el8_1
  • kernel-debuginfo-common-ppc64le-0:4.18.0-147.0.2.el8_1
  • kernel-debuginfo-common-s390x-0:4.18.0-147.0.2.el8_1
  • kernel-debuginfo-common-x86_64-0:4.18.0-147.0.2.el8_1
  • kernel-devel-0:4.18.0-147.0.2.el8_1
  • kernel-doc-0:4.18.0-147.0.2.el8_1
  • kernel-headers-0:4.18.0-147.0.2.el8_1
  • kernel-modules-0:4.18.0-147.0.2.el8_1
  • kernel-modules-extra-0:4.18.0-147.0.2.el8_1
  • kernel-tools-0:4.18.0-147.0.2.el8_1
  • kernel-tools-debuginfo-0:4.18.0-147.0.2.el8_1
  • kernel-tools-libs-0:4.18.0-147.0.2.el8_1
  • kernel-tools-libs-devel-0:4.18.0-147.0.2.el8_1
  • kernel-zfcpdump-0:4.18.0-147.0.2.el8_1
  • kernel-zfcpdump-core-0:4.18.0-147.0.2.el8_1
  • kernel-zfcpdump-debuginfo-0:4.18.0-147.0.2.el8_1
  • kernel-zfcpdump-devel-0:4.18.0-147.0.2.el8_1
  • kernel-zfcpdump-modules-0:4.18.0-147.0.2.el8_1
  • kernel-zfcpdump-modules-extra-0:4.18.0-147.0.2.el8_1
  • perf-0:4.18.0-147.0.2.el8_1
  • perf-debuginfo-0:4.18.0-147.0.2.el8_1
  • python3-perf-0:4.18.0-147.0.2.el8_1
  • python3-perf-debuginfo-0:4.18.0-147.0.2.el8_1
  • kernel-rt-0:4.18.0-147.0.2.rt24.94.el8_1
  • kernel-rt-core-0:4.18.0-147.0.2.rt24.94.el8_1
  • kernel-rt-debug-0:4.18.0-147.0.2.rt24.94.el8_1
  • kernel-rt-debug-core-0:4.18.0-147.0.2.rt24.94.el8_1
  • kernel-rt-debug-debuginfo-0:4.18.0-147.0.2.rt24.94.el8_1
  • kernel-rt-debug-devel-0:4.18.0-147.0.2.rt24.94.el8_1
  • kernel-rt-debug-kvm-0:4.18.0-147.0.2.rt24.94.el8_1
  • kernel-rt-debug-kvm-debuginfo-0:4.18.0-147.0.2.rt24.94.el8_1
  • kernel-rt-debug-modules-0:4.18.0-147.0.2.rt24.94.el8_1
  • kernel-rt-debug-modules-extra-0:4.18.0-147.0.2.rt24.94.el8_1
  • kernel-rt-debuginfo-0:4.18.0-147.0.2.rt24.94.el8_1
  • kernel-rt-debuginfo-common-x86_64-0:4.18.0-147.0.2.rt24.94.el8_1
  • kernel-rt-devel-0:4.18.0-147.0.2.rt24.94.el8_1
  • kernel-rt-kvm-0:4.18.0-147.0.2.rt24.94.el8_1
  • kernel-rt-kvm-debuginfo-0:4.18.0-147.0.2.rt24.94.el8_1
  • kernel-rt-modules-0:4.18.0-147.0.2.rt24.94.el8_1
  • kernel-rt-modules-extra-0:4.18.0-147.0.2.rt24.94.el8_1
  • bpftool-0:3.10.0-1062.4.2.el7
  • bpftool-debuginfo-0:3.10.0-1062.4.2.el7
  • kernel-0:3.10.0-1062.4.2.el7
  • kernel-abi-whitelists-0:3.10.0-1062.4.2.el7
  • kernel-bootwrapper-0:3.10.0-1062.4.2.el7
  • kernel-debug-0:3.10.0-1062.4.2.el7
  • kernel-debug-debuginfo-0:3.10.0-1062.4.2.el7
  • kernel-debug-devel-0:3.10.0-1062.4.2.el7
  • kernel-debuginfo-0:3.10.0-1062.4.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-1062.4.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-1062.4.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-1062.4.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-1062.4.2.el7
  • kernel-devel-0:3.10.0-1062.4.2.el7
  • kernel-doc-0:3.10.0-1062.4.2.el7
  • kernel-headers-0:3.10.0-1062.4.2.el7
  • kernel-kdump-0:3.10.0-1062.4.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-1062.4.2.el7
  • kernel-kdump-devel-0:3.10.0-1062.4.2.el7
  • kernel-tools-0:3.10.0-1062.4.2.el7
  • kernel-tools-debuginfo-0:3.10.0-1062.4.2.el7
  • kernel-tools-libs-0:3.10.0-1062.4.2.el7
  • kernel-tools-libs-devel-0:3.10.0-1062.4.2.el7
  • perf-0:3.10.0-1062.4.2.el7
  • perf-debuginfo-0:3.10.0-1062.4.2.el7
  • python-perf-0:3.10.0-1062.4.2.el7
  • python-perf-debuginfo-0:3.10.0-1062.4.2.el7
  • kernel-rt-0:3.10.0-1062.4.2.rt56.1028.el7
  • kernel-rt-debug-0:3.10.0-1062.4.2.rt56.1028.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-1062.4.2.rt56.1028.el7
  • kernel-rt-debug-devel-0:3.10.0-1062.4.2.rt56.1028.el7
  • kernel-rt-debug-kvm-0:3.10.0-1062.4.2.rt56.1028.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-1062.4.2.rt56.1028.el7
  • kernel-rt-debuginfo-0:3.10.0-1062.4.2.rt56.1028.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-1062.4.2.rt56.1028.el7
  • kernel-rt-devel-0:3.10.0-1062.4.2.rt56.1028.el7
  • kernel-rt-doc-0:3.10.0-1062.4.2.rt56.1028.el7
  • kernel-rt-kvm-0:3.10.0-1062.4.2.rt56.1028.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-1062.4.2.rt56.1028.el7
  • kernel-rt-trace-0:3.10.0-1062.4.2.rt56.1028.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-1062.4.2.rt56.1028.el7
  • kernel-rt-trace-devel-0:3.10.0-1062.4.2.rt56.1028.el7
  • kernel-rt-trace-kvm-0:3.10.0-1062.4.2.rt56.1028.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-1062.4.2.rt56.1028.el7
  • kernel-0:2.6.32-754.24.2.el6
  • kernel-abi-whitelists-0:2.6.32-754.24.2.el6
  • kernel-bootwrapper-0:2.6.32-754.24.2.el6
  • kernel-debug-0:2.6.32-754.24.2.el6
  • kernel-debug-debuginfo-0:2.6.32-754.24.2.el6
  • kernel-debug-devel-0:2.6.32-754.24.2.el6
  • kernel-debuginfo-0:2.6.32-754.24.2.el6
  • kernel-debuginfo-common-i686-0:2.6.32-754.24.2.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-754.24.2.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-754.24.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-754.24.2.el6
  • kernel-devel-0:2.6.32-754.24.2.el6
  • kernel-doc-0:2.6.32-754.24.2.el6
  • kernel-firmware-0:2.6.32-754.24.2.el6
  • kernel-headers-0:2.6.32-754.24.2.el6
  • kernel-kdump-0:2.6.32-754.24.2.el6
  • kernel-kdump-debuginfo-0:2.6.32-754.24.2.el6
  • kernel-kdump-devel-0:2.6.32-754.24.2.el6
  • perf-0:2.6.32-754.24.2.el6
  • perf-debuginfo-0:2.6.32-754.24.2.el6
  • python-perf-0:2.6.32-754.24.2.el6
  • python-perf-debuginfo-0:2.6.32-754.24.2.el6
  • bpftool-0:3.10.0-957.38.2.el7
  • kernel-0:3.10.0-957.38.2.el7
  • kernel-abi-whitelists-0:3.10.0-957.38.2.el7
  • kernel-bootwrapper-0:3.10.0-957.38.2.el7
  • kernel-debug-0:3.10.0-957.38.2.el7
  • kernel-debug-debuginfo-0:3.10.0-957.38.2.el7
  • kernel-debug-devel-0:3.10.0-957.38.2.el7
  • kernel-debuginfo-0:3.10.0-957.38.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-957.38.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-957.38.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-957.38.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-957.38.2.el7
  • kernel-devel-0:3.10.0-957.38.2.el7
  • kernel-doc-0:3.10.0-957.38.2.el7
  • kernel-headers-0:3.10.0-957.38.2.el7
  • kernel-kdump-0:3.10.0-957.38.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-957.38.2.el7
  • kernel-kdump-devel-0:3.10.0-957.38.2.el7
  • kernel-tools-0:3.10.0-957.38.2.el7
  • kernel-tools-debuginfo-0:3.10.0-957.38.2.el7
  • kernel-tools-libs-0:3.10.0-957.38.2.el7
  • kernel-tools-libs-devel-0:3.10.0-957.38.2.el7
  • perf-0:3.10.0-957.38.2.el7
  • perf-debuginfo-0:3.10.0-957.38.2.el7
  • python-perf-0:3.10.0-957.38.2.el7
  • python-perf-debuginfo-0:3.10.0-957.38.2.el7
  • kernel-0:3.10.0-862.43.2.el7
  • kernel-abi-whitelists-0:3.10.0-862.43.2.el7
  • kernel-bootwrapper-0:3.10.0-862.43.2.el7
  • kernel-debug-0:3.10.0-862.43.2.el7
  • kernel-debug-debuginfo-0:3.10.0-862.43.2.el7
  • kernel-debug-devel-0:3.10.0-862.43.2.el7
  • kernel-debuginfo-0:3.10.0-862.43.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-862.43.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-862.43.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-862.43.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-862.43.2.el7
  • kernel-devel-0:3.10.0-862.43.2.el7
  • kernel-doc-0:3.10.0-862.43.2.el7
  • kernel-headers-0:3.10.0-862.43.2.el7
  • kernel-kdump-0:3.10.0-862.43.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-862.43.2.el7
  • kernel-kdump-devel-0:3.10.0-862.43.2.el7
  • kernel-tools-0:3.10.0-862.43.2.el7
  • kernel-tools-debuginfo-0:3.10.0-862.43.2.el7
  • kernel-tools-libs-0:3.10.0-862.43.2.el7
  • kernel-tools-libs-devel-0:3.10.0-862.43.2.el7
  • perf-0:3.10.0-862.43.2.el7
  • perf-debuginfo-0:3.10.0-862.43.2.el7
  • python-perf-0:3.10.0-862.43.2.el7
  • python-perf-debuginfo-0:3.10.0-862.43.2.el7
  • kernel-0:3.10.0-693.60.2.el7
  • kernel-abi-whitelists-0:3.10.0-693.60.2.el7
  • kernel-bootwrapper-0:3.10.0-693.60.2.el7
  • kernel-debug-0:3.10.0-693.60.2.el7
  • kernel-debug-debuginfo-0:3.10.0-693.60.2.el7
  • kernel-debug-devel-0:3.10.0-693.60.2.el7
  • kernel-debuginfo-0:3.10.0-693.60.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-693.60.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-693.60.2.el7
  • kernel-devel-0:3.10.0-693.60.2.el7
  • kernel-doc-0:3.10.0-693.60.2.el7
  • kernel-headers-0:3.10.0-693.60.2.el7
  • kernel-tools-0:3.10.0-693.60.2.el7
  • kernel-tools-debuginfo-0:3.10.0-693.60.2.el7
  • kernel-tools-libs-0:3.10.0-693.60.2.el7
  • kernel-tools-libs-devel-0:3.10.0-693.60.2.el7
  • perf-0:3.10.0-693.60.2.el7
  • perf-debuginfo-0:3.10.0-693.60.2.el7
  • python-perf-0:3.10.0-693.60.2.el7
  • python-perf-debuginfo-0:3.10.0-693.60.2.el7
  • kernel-0:3.10.0-514.70.2.el7
  • kernel-abi-whitelists-0:3.10.0-514.70.2.el7
  • kernel-bootwrapper-0:3.10.0-514.70.2.el7
  • kernel-debug-0:3.10.0-514.70.2.el7
  • kernel-debug-debuginfo-0:3.10.0-514.70.2.el7
  • kernel-debug-devel-0:3.10.0-514.70.2.el7
  • kernel-debuginfo-0:3.10.0-514.70.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-514.70.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-514.70.2.el7
  • kernel-devel-0:3.10.0-514.70.2.el7
  • kernel-doc-0:3.10.0-514.70.2.el7
  • kernel-headers-0:3.10.0-514.70.2.el7
  • kernel-tools-0:3.10.0-514.70.2.el7
  • kernel-tools-debuginfo-0:3.10.0-514.70.2.el7
  • kernel-tools-libs-0:3.10.0-514.70.2.el7
  • kernel-tools-libs-devel-0:3.10.0-514.70.2.el7
  • perf-0:3.10.0-514.70.2.el7
  • perf-debuginfo-0:3.10.0-514.70.2.el7
  • python-perf-0:3.10.0-514.70.2.el7
  • python-perf-debuginfo-0:3.10.0-514.70.2.el7
  • kernel-0:3.10.0-327.82.2.el7
  • kernel-abi-whitelists-0:3.10.0-327.82.2.el7
  • kernel-debug-0:3.10.0-327.82.2.el7
  • kernel-debug-debuginfo-0:3.10.0-327.82.2.el7
  • kernel-debug-devel-0:3.10.0-327.82.2.el7
  • kernel-debuginfo-0:3.10.0-327.82.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-327.82.2.el7
  • kernel-devel-0:3.10.0-327.82.2.el7
  • kernel-doc-0:3.10.0-327.82.2.el7
  • kernel-headers-0:3.10.0-327.82.2.el7
  • kernel-tools-0:3.10.0-327.82.2.el7
  • kernel-tools-debuginfo-0:3.10.0-327.82.2.el7
  • kernel-tools-libs-0:3.10.0-327.82.2.el7
  • kernel-tools-libs-devel-0:3.10.0-327.82.2.el7
  • perf-0:3.10.0-327.82.2.el7
  • perf-debuginfo-0:3.10.0-327.82.2.el7
  • python-perf-0:3.10.0-327.82.2.el7
  • python-perf-debuginfo-0:3.10.0-327.82.2.el7
  • kernel-0:2.6.32-504.81.3.el6
  • kernel-abi-whitelists-0:2.6.32-504.81.3.el6
  • kernel-debug-0:2.6.32-504.81.3.el6
  • kernel-debug-debuginfo-0:2.6.32-504.81.3.el6
  • kernel-debug-devel-0:2.6.32-504.81.3.el6
  • kernel-debuginfo-0:2.6.32-504.81.3.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-504.81.3.el6
  • kernel-devel-0:2.6.32-504.81.3.el6
  • kernel-doc-0:2.6.32-504.81.3.el6
  • kernel-firmware-0:2.6.32-504.81.3.el6
  • kernel-headers-0:2.6.32-504.81.3.el6
  • perf-0:2.6.32-504.81.3.el6
  • perf-debuginfo-0:2.6.32-504.81.3.el6
  • python-perf-0:2.6.32-504.81.3.el6
  • python-perf-debuginfo-0:2.6.32-504.81.3.el6
  • kernel-0:2.6.32-431.96.3.el6
  • kernel-abi-whitelists-0:2.6.32-431.96.3.el6
  • kernel-debug-0:2.6.32-431.96.3.el6
  • kernel-debug-debuginfo-0:2.6.32-431.96.3.el6
  • kernel-debug-devel-0:2.6.32-431.96.3.el6
  • kernel-debuginfo-0:2.6.32-431.96.3.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-431.96.3.el6
  • kernel-devel-0:2.6.32-431.96.3.el6
  • kernel-doc-0:2.6.32-431.96.3.el6
  • kernel-firmware-0:2.6.32-431.96.3.el6
  • kernel-headers-0:2.6.32-431.96.3.el6
  • perf-0:2.6.32-431.96.3.el6
  • perf-debuginfo-0:2.6.32-431.96.3.el6
  • python-perf-0:2.6.32-431.96.3.el6
  • python-perf-debuginfo-0:2.6.32-431.96.3.el6
  • kernel-rt-1:3.10.0-693.60.2.rt56.655.el6rt
  • kernel-rt-debug-1:3.10.0-693.60.2.rt56.655.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-693.60.2.rt56.655.el6rt
  • kernel-rt-debug-devel-1:3.10.0-693.60.2.rt56.655.el6rt
  • kernel-rt-debuginfo-1:3.10.0-693.60.2.rt56.655.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.60.2.rt56.655.el6rt
  • kernel-rt-devel-1:3.10.0-693.60.2.rt56.655.el6rt
  • kernel-rt-doc-1:3.10.0-693.60.2.rt56.655.el6rt
  • kernel-rt-firmware-1:3.10.0-693.60.2.rt56.655.el6rt
  • kernel-rt-trace-1:3.10.0-693.60.2.rt56.655.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-693.60.2.rt56.655.el6rt
  • kernel-rt-trace-devel-1:3.10.0-693.60.2.rt56.655.el6rt
  • kernel-rt-vanilla-1:3.10.0-693.60.2.rt56.655.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-693.60.2.rt56.655.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-693.60.2.rt56.655.el6rt
  • redhat-release-virtualization-host-0:4.2-16.1.el7
  • redhat-release-virtualization-host-0:4.3.6-5.el7ev
  • redhat-release-virtualization-host-content-0:4.2-16.1.el7
  • redhat-virtualization-host-image-update-0:4.2-20191107.0.el7_6
  • redhat-virtualization-host-image-update-0:4.3.6-20191108.0.el7_7
  • redhat-virtualization-host-image-update-placeholder-0:4.2-16.1.el7
  • redhat-virtualization-host-image-update-placeholder-0:4.3.6-5.el7ev
  • kpatch-patch-4_18_0-147-0:1-3.el8_1
  • kpatch-patch-4_18_0-147-debuginfo-0:1-3.el8_1
  • kpatch-patch-4_18_0-147-debugsource-0:1-3.el8_1
  • kpatch-patch-3_10_0-957_35_1-0:1-5.el7
  • kpatch-patch-3_10_0-957_35_1-debuginfo-0:1-5.el7
  • kpatch-patch-3_10_0-957_35_2-0:1-4.el7
  • kpatch-patch-3_10_0-957_35_2-debuginfo-0:1-4.el7
  • kpatch-patch-3_10_0-957_38_1-0:1-3.el7
  • kpatch-patch-3_10_0-957_38_1-debuginfo-0:1-3.el7
  • kpatch-patch-3_10_0-1062-0:1-9.el7
  • kpatch-patch-3_10_0-1062-debuginfo-0:1-9.el7
  • kpatch-patch-3_10_0-1062_1_1-0:1-8.el7
  • kpatch-patch-3_10_0-1062_1_1-debuginfo-0:1-8.el7
  • kpatch-patch-3_10_0-1062_1_2-0:1-7.el7
  • kpatch-patch-3_10_0-1062_1_2-debuginfo-0:1-7.el7
  • kpatch-patch-3_10_0-1062_4_1-0:1-4.el7
  • kpatch-patch-3_10_0-1062_4_1-debuginfo-0:1-4.el7
  • bpftool-0:4.18.0-80.15.1.el8_0
  • bpftool-debuginfo-0:4.18.0-80.15.1.el8_0
  • kernel-0:4.18.0-80.15.1.el8_0
  • kernel-abi-whitelists-0:4.18.0-80.15.1.el8_0
  • kernel-core-0:4.18.0-80.15.1.el8_0
  • kernel-cross-headers-0:4.18.0-80.15.1.el8_0
  • kernel-debug-0:4.18.0-80.15.1.el8_0
  • kernel-debug-core-0:4.18.0-80.15.1.el8_0
  • kernel-debug-debuginfo-0:4.18.0-80.15.1.el8_0
  • kernel-debug-devel-0:4.18.0-80.15.1.el8_0
  • kernel-debug-modules-0:4.18.0-80.15.1.el8_0
  • kernel-debug-modules-extra-0:4.18.0-80.15.1.el8_0
  • kernel-debuginfo-0:4.18.0-80.15.1.el8_0
  • kernel-debuginfo-common-aarch64-0:4.18.0-80.15.1.el8_0
  • kernel-debuginfo-common-ppc64le-0:4.18.0-80.15.1.el8_0
  • kernel-debuginfo-common-s390x-0:4.18.0-80.15.1.el8_0
  • kernel-debuginfo-common-x86_64-0:4.18.0-80.15.1.el8_0
  • kernel-devel-0:4.18.0-80.15.1.el8_0
  • kernel-doc-0:4.18.0-80.15.1.el8_0
  • kernel-headers-0:4.18.0-80.15.1.el8_0
  • kernel-modules-0:4.18.0-80.15.1.el8_0
  • kernel-modules-extra-0:4.18.0-80.15.1.el8_0
  • kernel-tools-0:4.18.0-80.15.1.el8_0
  • kernel-tools-debuginfo-0:4.18.0-80.15.1.el8_0
  • kernel-tools-libs-0:4.18.0-80.15.1.el8_0
  • kernel-zfcpdump-0:4.18.0-80.15.1.el8_0
  • kernel-zfcpdump-core-0:4.18.0-80.15.1.el8_0
  • kernel-zfcpdump-debuginfo-0:4.18.0-80.15.1.el8_0
  • kernel-zfcpdump-devel-0:4.18.0-80.15.1.el8_0
  • kernel-zfcpdump-modules-0:4.18.0-80.15.1.el8_0
  • kernel-zfcpdump-modules-extra-0:4.18.0-80.15.1.el8_0
  • perf-0:4.18.0-80.15.1.el8_0
  • perf-debuginfo-0:4.18.0-80.15.1.el8_0
  • python3-perf-0:4.18.0-80.15.1.el8_0
  • python3-perf-debuginfo-0:4.18.0-80.15.1.el8_0

References