Vulnerabilities > CVE-2018-13096 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
linux
debian
canonical
opensuse
CWE-787
nessus

Summary

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.

Vulnerable Configurations

Part Description Count
OS
Linux
2933
OS
Debian
1
OS
Canonical
4
OS
Opensuse
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4118-1.NASL
    descriptionIt was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that the Intel wifi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (wifi disconnect). (CVE-2019-0136) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Amit Klein and Benny Pinkas discovered that the location of kernel addresses could exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639) Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that a NULL pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Tuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) pro possibly execute arbitrary code. (CVE-2019-15214) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) It was discovered that a use-after-free vulnerability existed in the Appletalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physicall proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511) It was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id128478
    published2019-09-03
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128478
    titleUbuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4118-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128478);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/24 11:30:51");
    
      script_cve_id("CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13098", "CVE-2018-13099", "CVE-2018-13100", "CVE-2018-14609", "CVE-2018-14610", "CVE-2018-14611", "CVE-2018-14612", "CVE-2018-14613", "CVE-2018-14614", "CVE-2018-14615", "CVE-2018-14616", "CVE-2018-14617", "CVE-2018-16862", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-20784", "CVE-2018-20856", "CVE-2018-5383", "CVE-2019-0136", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11085", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-12984", "CVE-2019-13233", "CVE-2019-13272", "CVE-2019-13631", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-2024", "CVE-2019-2101", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3846", "CVE-2019-3900", "CVE-2019-9506");
      script_xref(name:"USN", value:"4118-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the alarmtimer implementation in the Linux
    kernel contained an integer overflow vulnerability. A local attacker
    could use this to cause a denial of service. (CVE-2018-13053)
    
    Wen Xu discovered that the XFS filesystem implementation in the Linux
    kernel did not properly track inode validations. An attacker could use
    this to construct a malicious XFS image that, when mounted, could
    cause a denial of service (system crash). (CVE-2018-13093)
    
    Wen Xu discovered that the f2fs file system implementation in the
    Linux kernel did not properly validate metadata. An attacker could use
    this to construct a malicious f2fs image that, when mounted, could
    cause a denial of service (system crash). (CVE-2018-13096,
    CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100,
    CVE-2018-14614, CVE-2018-14615, CVE-2018-14616)
    
    Wen Xu and Po-Ning Tseng discovered that btrfs file system
    implementation in the Linux kernel did not properly validate metadata.
    An attacker could use this to construct a malicious btrfs image that,
    when mounted, could cause a denial of service (system crash).
    (CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612,
    CVE-2018-14613)
    
    Wen Xu discovered that the HFS+ filesystem implementation in the Linux
    kernel did not properly handle malformed catalog data in some
    situations. An attacker could use this to construct a malicious HFS+
    image that, when mounted, could cause a denial of service (system
    crash). (CVE-2018-14617)
    
    Vasily Averin and Pavel Tikhomirov discovered that the cleancache
    subsystem of the Linux kernel did not properly initialize new files in
    some situations. A local attacker could use this to expose sensitive
    information. (CVE-2018-16862)
    
    Hui Peng and Mathias Payer discovered that the Option USB High Speed
    driver in the Linux kernel did not properly validate metadata received
    from the device. A physically proximate attacker could use this to
    cause a denial of service (system crash). (CVE-2018-19985)
    
    Hui Peng and Mathias Payer discovered that the USB subsystem in the
    Linux kernel did not properly handle size checks when handling an
    extra USB descriptor. A physically proximate attacker could use this
    to cause a denial of service (system crash). (CVE-2018-20169)
    
    Zhipeng Xie discovered that an infinite loop could triggered in the
    CFS Linux kernel process scheduler. A local attacker could possibly
    use this to cause a denial of service. (CVE-2018-20784)
    
    It was discovered that a use-after-free error existed in the block
    layer subsystem of the Linux kernel when certain failure conditions
    occurred. A local attacker could possibly use this to cause a denial
    of service (system crash) or possibly execute arbitrary code.
    (CVE-2018-20856)
    
    Eli Biham and Lior Neumann discovered that the Bluetooth
    implementation in the Linux kernel did not properly validate elliptic
    curve parameters during Diffie-Hellman key exchange in some
    situations. An attacker could use this to expose sensitive
    information. (CVE-2018-5383)
    
    It was discovered that the Intel wifi device driver in the Linux
    kernel did not properly validate certain Tunneled Direct Link Setup
    (TDLS). A physically proximate attacker could use this to cause a
    denial of service (wifi disconnect). (CVE-2019-0136)
    
    It was discovered that a heap buffer overflow existed in the Marvell
    Wireless LAN device driver for the Linux kernel. An attacker could use
    this to cause a denial of service (system crash) or possibly execute
    arbitrary code. (CVE-2019-10126)
    
    It was discovered that the Bluetooth UART implementation in the Linux
    kernel did not properly check for missing tty operations. A local
    attacker could use this to cause a denial of service. (CVE-2019-10207)
    
    Amit Klein and Benny Pinkas discovered that the Linux kernel did not
    sufficiently randomize IP ID values generated for connectionless
    networking protocols. A remote attacker could use this to track
    particular Linux devices. (CVE-2019-10638)
    
    Amit Klein and Benny Pinkas discovered that the location of kernel
    addresses could exposed by the implementation of connection-less
    network protocols in the Linux kernel. A remote attacker could
    possibly use this to assist in the exploitation of another
    vulnerability in the Linux kernel. (CVE-2019-10639)
    
    Adam Zabrocki discovered that the Intel i915 kernel mode graphics
    driver in the Linux kernel did not properly restrict mmap() ranges in
    some situations. A local attacker could use this to cause a denial of
    service (system crash) or possibly execute arbitrary code.
    (CVE-2019-11085)
    
    It was discovered that an integer overflow existed in the Linux kernel
    when reference counting pages, leading to potential use-after-free
    issues. A local attacker could use this to cause a denial of service
    (system crash) or possibly execute arbitrary code. (CVE-2019-11487)
    
    Jann Horn discovered that a race condition existed in the Linux kernel
    when performing core dumps. A local attacker could use this to cause a
    denial of service (system crash) or expose sensitive information.
    (CVE-2019-11599)
    
    It was discovered that a NULL pointer dereference vulnerability
    existed in the LSI Logic MegaRAID driver in the Linux kernel. A local
    attacker could use this to cause a denial of service (system crash).
    (CVE-2019-11810)
    
    It was discovered that a race condition leading to a use-after-free
    existed in the Reliable Datagram Sockets (RDS) protocol implementation
    in the Linux kernel. The RDS protocol is blacklisted by default in
    Ubuntu. If enabled, a local attacker could use this to cause a denial
    of service (system crash) or possibly execute arbitrary code.
    (CVE-2019-11815)
    
    It was discovered that the ext4 file system implementation in the
    Linux kernel did not properly zero out memory in some situations. A
    local attacker could use this to expose sensitive information (kernel
    memory). (CVE-2019-11833)
    
    It was discovered that the Bluetooth Human Interface Device Protocol
    (HIDP) implementation in the Linux kernel did not properly verify
    strings were NULL terminated in certain situations. A local attacker
    could use this to expose sensitive information (kernel memory).
    (CVE-2019-11884)
    
    It was discovered that a NULL pointer dereference vulnerabilty existed
    in the Near-field communication (NFC) implementation in the Linux
    kernel. An attacker could use this to cause a denial of service
    (system crash). (CVE-2019-12818)
    
    It was discovered that the MDIO bus devices subsystem in the Linux
    kernel improperly dropped a device reference in an error condition,
    leading to a use-after-free. An attacker could use this to cause a
    denial of service (system crash). (CVE-2019-12819)
    
    It was discovered that a NULL pointer dereference vulnerability
    existed in the Near-field communication (NFC) implementation in the
    Linux kernel. A local attacker could use this to cause a denial of
    service (system crash). (CVE-2019-12984)
    
    Jann Horn discovered a use-after-free vulnerability in the Linux
    kernel when accessing LDT entries in some situations. A local attacker
    could use this to cause a denial of service (system crash) or possibly
    execute arbitrary code. (CVE-2019-13233)
    
    Jann Horn discovered that the ptrace implementation in the Linux
    kernel did not properly record credentials in some situations. A local
    attacker could use this to cause a denial of service (system crash) or
    possibly gain administrative privileges. (CVE-2019-13272)
    
    It was discovered that the GTCO tablet input driver in the Linux
    kernel did not properly bounds check the initial HID report sent by
    the device. A physically proximate attacker could use to cause a
    denial of service (system crash) or possibly execute arbitrary code.
    (CVE-2019-13631)
    
    It was discovered that the floppy driver in the Linux kernel did not
    properly validate meta data, leading to a buffer overread. A local
    attacker could use this to cause a denial of service (system crash).
    (CVE-2019-14283)
    
    It was discovered that the floppy driver in the Linux kernel did not
    properly validate ioctl() calls, leading to a division-by-zero. A
    local attacker could use this to cause a denial of service (system
    crash). (CVE-2019-14284)
    
    Tuba Yavuz discovered that a race condition existed in the DesignWare
    USB3 DRD Controller device driver in the Linux kernel. A physically
    proximate attacker could use this to cause a denial of service.
    (CVE-2019-14763)
    
    It was discovered that an out-of-bounds read existed in the QLogic
    QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker
    could possibly use this to expose sensitive information (kernel
    memory). (CVE-2019-15090)
    
    It was discovered that the Raremono AM/FM/SW radio device driver in
    the Linux kernel did not properly allocate memory, leading to a
    use-after-free. A physically proximate attacker could use this to
    cause a denial of service or possibly execute arbitrary code.
    (CVE-2019-15211)
    
    It was discovered at a double-free error existed in the USB Rio 500
    device driver for the Linux kernel. A physically proximate attacker
    could use this to cause a denial of service. (CVE-2019-15212)
    
    It was discovered that a race condition existed in the Advanced Linux
    Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a
    potential use-after-free. A physically proximate attacker could use
    this to cause a denial of service (system crash) pro possibly execute
    arbitrary code. (CVE-2019-15214)
    
    It was discovered that a race condition existed in the CPiA2
    video4linux device driver for the Linux kernel, leading to a
    use-after-free. A physically proximate attacker could use this to
    cause a denial of service (system crash) or possibly execute arbitrary
    code. (CVE-2019-15215)
    
    It was discovered that a race condition existed in the Softmac USB
    Prism54 device driver in the Linux kernel. A physically proximate
    attacker could use this to cause a denial of service (system crash).
    (CVE-2019-15220)
    
    It was discovered that a use-after-free vulnerability existed in the
    Appletalk implementation in the Linux kernel if an error occurs during
    initialization. A local attacker could use this to cause a denial of
    service (system crash). (CVE-2019-15292)
    
    It was discovered that the Empia EM28xx DVB USB device driver
    implementation in the Linux kernel contained a use-after-free
    vulnerability when disconnecting the device. An attacker could use
    this to cause a denial of service (system crash). (CVE-2019-2024)
    
    It was discovered that the USB video device class implementation in
    the Linux kernel did not properly validate control bits, resulting in
    an out of bounds buffer read. A local attacker could use this to
    possibly expose sensitive information (kernel memory). (CVE-2019-2101)
    
    It was discovered that the Marvell Wireless LAN device driver in the
    Linux kernel did not properly validate the BSS descriptor. A local
    attacker could possibly use this to cause a denial of service (system
    crash) or possibly execute arbitrary code. (CVE-2019-3846)
    
    Jason Wang discovered that an infinite loop vulnerability existed in
    the virtio net driver in the Linux kernel. A local attacker in a guest
    VM could possibly use this to cause a denial of service in the host
    system. (CVE-2019-3900)
    
    Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen
    discovered that the Bluetooth protocol BR/EDR specification did not
    properly require sufficiently strong encryption key lengths. A
    physicall proximate attacker could use this to expose sensitive
    information. (CVE-2019-9506)
    
    It was discovered that the Appletalk IP encapsulation driver in the
    Linux kernel did not properly prevent kernel addresses from being
    copied to user space. A local attacker with the CAP_NET_ADMIN
    capability could use this to expose sensitive information.
    (CVE-2018-20511)
    
    It was discovered that a race condition existed in the USB YUREX
    device driver in the Linux kernel. A physically proximate attacker
    could use this to cause a denial of service (system crash).
    (CVE-2019-15216)
    
    It was discovered that the Siano USB MDTV receiver device driver in
    the Linux kernel made improper assumptions about the device
    characteristics. A physically proximate attacker could use this cause
    a denial of service (system crash). (CVE-2019-15218)
    
    It was discovered that the Line 6 POD USB device driver in the Linux
    kernel did not properly validate data size information from the
    device. A physically proximate attacker could use this to cause a
    denial of service (system crash). (CVE-2019-15221)
    
    Muyu Yu discovered that the CAN implementation in the Linux kernel in
    some situations did not properly restrict the field size when
    processing outgoing frames. A local attacker with CAP_NET_ADMIN
    privileges could use this to execute arbitrary code. (CVE-2019-3701)
    
    Vladis Dronov discovered that the debug interface for the Linux
    kernel's HID subsystem did not properly validate passed parameters in
    some situations. A local privileged attacker could use this to cause a
    denial of service (infinite loop). (CVE-2019-3819).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4118-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-4.15-aws, linux-image-aws and / or
    linux-image-aws-hwe packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13098", "CVE-2018-13099", "CVE-2018-13100", "CVE-2018-14609", "CVE-2018-14610", "CVE-2018-14611", "CVE-2018-14612", "CVE-2018-14613", "CVE-2018-14614", "CVE-2018-14615", "CVE-2018-14616", "CVE-2018-14617", "CVE-2018-16862", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-20784", "CVE-2018-20856", "CVE-2018-5383", "CVE-2019-0136", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11085", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-12984", "CVE-2019-13233", "CVE-2019-13272", "CVE-2019-13631", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-2024", "CVE-2019-2101", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3846", "CVE-2019-3900", "CVE-2019-9506");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4118-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-1047-aws", pkgver:"4.15.0-1047.49~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-aws-hwe", pkgver:"4.15.0.1047.47")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1047-aws", pkgver:"4.15.0-1047.49")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-aws", pkgver:"4.15.0.1047.46")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.15-aws / linux-image-aws / linux-image-aws-hwe");
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-030-01.NASL
    descriptionNew kernel packages are available for Slackware 14.2 to fix security issues.
    last seen2020-03-17
    modified2019-01-31
    plugin id121505
    published2019-01-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121505
    titleSlackware 14.2 : Slackware 14.2 kernel (SSA:2019-030-01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2019-030-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121505);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20");
    
      script_cve_id("CVE-2017-18241", "CVE-2017-18249", "CVE-2018-10880", "CVE-2018-1120", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13099", "CVE-2018-13100", "CVE-2018-14610", "CVE-2018-14611", "CVE-2018-14612", "CVE-2018-14613", "CVE-2018-14614", "CVE-2018-14616", "CVE-2018-14633", "CVE-2018-16862", "CVE-2018-16884", "CVE-2018-17972", "CVE-2018-18021", "CVE-2018-18281", "CVE-2018-18690", "CVE-2018-18710", "CVE-2018-19824", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-5848", "CVE-2018-7755", "CVE-2019-3701");
      script_xref(name:"SSA", value:"2019-030-01");
    
      script_name(english:"Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-030-01)");
      script_summary(english:"Checks for updated packages in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New kernel packages are available for Slackware 14.2 to fix security
    issues."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.842527
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0db5ea06"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-14633");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:kernel-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:kernel-generic-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:kernel-huge");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:kernel-huge-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:kernel-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:kernel-modules-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/01/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"14.2", pkgname:"kernel-firmware", pkgver:"20190118_a8b75ca", pkgarch:"noarch", pkgnum:"1")) flag++;
    if (slackware_check(osver:"14.2", pkgname:"kernel-generic", pkgver:"4.4.172", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"14.2", pkgname:"kernel-generic-smp", pkgver:"4.4.172_smp", pkgarch:"i686", pkgnum:"1")) flag++;
    if (slackware_check(osver:"14.2", pkgname:"kernel-headers", pkgver:"4.4.172_smp", pkgarch:"x86", pkgnum:"1")) flag++;
    if (slackware_check(osver:"14.2", pkgname:"kernel-huge", pkgver:"4.4.172", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"14.2", pkgname:"kernel-huge-smp", pkgver:"4.4.172_smp", pkgarch:"i686", pkgnum:"1")) flag++;
    if (slackware_check(osver:"14.2", pkgname:"kernel-modules", pkgver:"4.4.172", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"14.2", pkgname:"kernel-modules-smp", pkgver:"4.4.172_smp", pkgarch:"i686", pkgnum:"1")) flag++;
    if (slackware_check(osver:"14.2", pkgname:"kernel-source", pkgver:"4.4.172_smp", pkgarch:"noarch", pkgnum:"1")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"kernel-firmware", pkgver:"20190118_a8b75ca", pkgarch:"noarch", pkgnum:"1")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"kernel-generic", pkgver:"4.4.172", pkgarch:"x86_64", pkgnum:"1")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"kernel-headers", pkgver:"4.4.172", pkgarch:"x86", pkgnum:"1")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"kernel-huge", pkgver:"4.4.172", pkgarch:"x86_64", pkgnum:"1")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"kernel-modules", pkgver:"4.4.172", pkgarch:"x86_64", pkgnum:"1")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"kernel-source", pkgver:"4.4.172", pkgarch:"noarch", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4094-1.NASL
    descriptionIt was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616, CVE-2018-13096, CVE-2018-13098, CVE-2018-14615) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14609) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127889
    published2019-08-14
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127889
    titleUbuntu 16.04 LTS / 18.04 LTS : linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, (USN-4094-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4094-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127889);
      script_version("1.5");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13098", "CVE-2018-13099", "CVE-2018-13100", "CVE-2018-14609", "CVE-2018-14610", "CVE-2018-14611", "CVE-2018-14612", "CVE-2018-14613", "CVE-2018-14614", "CVE-2018-14615", "CVE-2018-14616", "CVE-2018-14617", "CVE-2018-16862", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-20856", "CVE-2018-5383", "CVE-2019-10126", "CVE-2019-1125", "CVE-2019-12614", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-12984", "CVE-2019-13233", "CVE-2019-13272", "CVE-2019-2024", "CVE-2019-2101", "CVE-2019-3846");
      script_xref(name:"USN", value:"4094-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, (USN-4094-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the alarmtimer implementation in the Linux
    kernel contained an integer overflow vulnerability. A local attacker
    could use this to cause a denial of service. (CVE-2018-13053)
    
    Wen Xu discovered that the XFS filesystem implementation in the Linux
    kernel did not properly track inode validations. An attacker could use
    this to construct a malicious XFS image that, when mounted, could
    cause a denial of service (system crash). (CVE-2018-13093)
    
    Wen Xu discovered that the f2fs file system implementation in the
    Linux kernel did not properly validate metadata. An attacker could use
    this to construct a malicious f2fs image that, when mounted, could
    cause a denial of service (system crash). (CVE-2018-13097,
    CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616,
    CVE-2018-13096, CVE-2018-13098, CVE-2018-14615)
    
    Wen Xu and Po-Ning Tseng discovered that btrfs file system
    implementation in the Linux kernel did not properly validate metadata.
    An attacker could use this to construct a malicious btrfs image that,
    when mounted, could cause a denial of service (system crash).
    (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613,
    CVE-2018-14609)
    
    Wen Xu discovered that the HFS+ filesystem implementation in the Linux
    kernel did not properly handle malformed catalog data in some
    situations. An attacker could use this to construct a malicious HFS+
    image that, when mounted, could cause a denial of service (system
    crash). (CVE-2018-14617)
    
    Vasily Averin and Pavel Tikhomirov discovered that the cleancache
    subsystem of the Linux kernel did not properly initialize new files in
    some situations. A local attacker could use this to expose sensitive
    information. (CVE-2018-16862)
    
    Hui Peng and Mathias Payer discovered that the USB subsystem in the
    Linux kernel did not properly handle size checks when handling an
    extra USB descriptor. A physically proximate attacker could use this
    to cause a denial of service (system crash). (CVE-2018-20169)
    
    It was discovered that a use-after-free error existed in the block
    layer subsystem of the Linux kernel when certain failure conditions
    occurred. A local attacker could possibly use this to cause a denial
    of service (system crash) or possibly execute arbitrary code.
    (CVE-2018-20856)
    
    Eli Biham and Lior Neumann discovered that the Bluetooth
    implementation in the Linux kernel did not properly validate elliptic
    curve parameters during Diffie-Hellman key exchange in some
    situations. An attacker could use this to expose sensitive
    information. (CVE-2018-5383)
    
    It was discovered that a heap buffer overflow existed in the Marvell
    Wireless LAN device driver for the Linux kernel. An attacker could use
    this to cause a denial of service (system crash) or possibly execute
    arbitrary code. (CVE-2019-10126)
    
    Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors
    incorrectly handle SWAPGS instructions during speculative execution. A
    local attacker could use this to expose sensitive information (kernel
    memory). (CVE-2019-1125)
    
    It was discovered that the PowerPC dlpar implementation in the Linux
    kernel did not properly check for allocation errors in some
    situations. A local attacker could possibly use this to cause a denial
    of service (system crash). (CVE-2019-12614)
    
    It was discovered that a NULL pointer dereference vulnerabilty existed
    in the Near-field communication (NFC) implementation in the Linux
    kernel. An attacker could use this to cause a denial of service
    (system crash). (CVE-2019-12818)
    
    It was discovered that the MDIO bus devices subsystem in the Linux
    kernel improperly dropped a device reference in an error condition,
    leading to a use-after-free. An attacker could use this to cause a
    denial of service (system crash). (CVE-2019-12819)
    
    It was discovered that a NULL pointer dereference vulnerability
    existed in the Near-field communication (NFC) implementation in the
    Linux kernel. A local attacker could use this to cause a denial of
    service (system crash). (CVE-2019-12984)
    
    Jann Horn discovered a use-after-free vulnerability in the Linux
    kernel when accessing LDT entries in some situations. A local attacker
    could use this to cause a denial of service (system crash) or possibly
    execute arbitrary code. (CVE-2019-13233)
    
    Jann Horn discovered that the ptrace implementation in the Linux
    kernel did not properly record credentials in some situations. A local
    attacker could use this to cause a denial of service (system crash) or
    possibly gain administrative privileges. (CVE-2019-13272)
    
    It was discovered that the Empia EM28xx DVB USB device driver
    implementation in the Linux kernel contained a use-after-free
    vulnerability when disconnecting the device. An attacker could use
    this to cause a denial of service (system crash). (CVE-2019-2024)
    
    It was discovered that the USB video device class implementation in
    the Linux kernel did not properly validate control bits, resulting in
    an out of bounds buffer read. A local attacker could use this to
    possibly expose sensitive information (kernel memory). (CVE-2019-2101)
    
    It was discovered that the Marvell Wireless LAN device driver in the
    Linux kernel did not properly validate the BSS descriptor. A local
    attacker could possibly use this to cause a denial of service (system
    crash) or possibly execute arbitrary code. (CVE-2019-3846)
    
    It was discovered that the Appletalk IP encapsulation driver in the
    Linux kernel did not properly prevent kernel addresses from being
    copied to user space. A local attacker with the CAP_NET_ADMIN
    capability could use this to expose sensitive information.
    (CVE-2018-20511).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4094-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3846");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gke");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13098", "CVE-2018-13099", "CVE-2018-13100", "CVE-2018-14609", "CVE-2018-14610", "CVE-2018-14611", "CVE-2018-14612", "CVE-2018-14613", "CVE-2018-14614", "CVE-2018-14615", "CVE-2018-14616", "CVE-2018-14617", "CVE-2018-16862", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-20856", "CVE-2018-5383", "CVE-2019-10126", "CVE-2019-1125", "CVE-2019-12614", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-12984", "CVE-2019-13233", "CVE-2019-13272", "CVE-2019-2024", "CVE-2019-2101", "CVE-2019-3846");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4094-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-1021-oracle", pkgver:"4.15.0-1021.23~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-1040-gcp", pkgver:"4.15.0-1040.42~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-1055-azure", pkgver:"4.15.0-1055.60")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-58-generic", pkgver:"4.15.0-58.64~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-58-generic-lpae", pkgver:"4.15.0-58.64~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-58-lowlatency", pkgver:"4.15.0-58.64~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-azure", pkgver:"4.15.0.1055.58")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-gcp", pkgver:"4.15.0.1040.54")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-hwe-16.04", pkgver:"4.15.0.58.79")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-lpae-hwe-16.04", pkgver:"4.15.0.58.79")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-gke", pkgver:"4.15.0.1040.54")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-lowlatency-hwe-16.04", pkgver:"4.15.0.58.79")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-oem", pkgver:"4.15.0.58.79")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-oracle", pkgver:"4.15.0.1021.15")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-virtual-hwe-16.04", pkgver:"4.15.0.58.79")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1021-oracle", pkgver:"4.15.0-1021.23")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1040-gcp", pkgver:"4.15.0-1040.42")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1040-gke", pkgver:"4.15.0-1040.42")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1042-kvm", pkgver:"4.15.0-1042.42")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1043-raspi2", pkgver:"4.15.0-1043.46")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1050-oem", pkgver:"4.15.0-1050.57")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1060-snapdragon", pkgver:"4.15.0-1060.66")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-58-generic", pkgver:"4.15.0-58.64")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-58-generic-lpae", pkgver:"4.15.0-58.64")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-58-lowlatency", pkgver:"4.15.0-58.64")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-gcp", pkgver:"4.15.0.1040.42")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-generic", pkgver:"4.15.0.58.60")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-generic-lpae", pkgver:"4.15.0.58.60")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-gke", pkgver:"4.15.0.1040.43")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-gke-4.15", pkgver:"4.15.0.1040.43")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-kvm", pkgver:"4.15.0.1042.42")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-lowlatency", pkgver:"4.15.0.58.60")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-oem", pkgver:"4.15.0.1050.54")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-oracle", pkgver:"4.15.0.1021.24")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-raspi2", pkgver:"4.15.0.1043.41")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-snapdragon", pkgver:"4.15.0.1060.63")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-virtual", pkgver:"4.15.0.58.60")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.15-azure / linux-image-4.15-gcp / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1715.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18249 A race condition was discovered in the disk space allocator of F2FS. A user with access to an F2FS volume could use this to cause a denial of service or other security impact. CVE-2018-1128, CVE-2018-1129 The cephx authentication protocol used by Ceph was susceptible to replay attacks, and calculated signatures incorrectly. These vulnerabilities in the server required changes to authentication that are incompatible with existing clients. The kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id122879
    published2019-03-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122879
    titleDebian DLA-1715-1 : linux-4.9 security update (Spectre)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1715-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122879);
      script_version("1.4");
      script_cvs_date("Date: 2020/02/05");
    
      script_cve_id("CVE-2017-18249", "CVE-2018-1128", "CVE-2018-1129", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13100", "CVE-2018-13406", "CVE-2018-14610", "CVE-2018-14611", "CVE-2018-14612", "CVE-2018-14613", "CVE-2018-14614", "CVE-2018-14616", "CVE-2018-15471", "CVE-2018-16862", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-18690", "CVE-2018-18710", "CVE-2018-19407", "CVE-2018-3639", "CVE-2018-5391", "CVE-2018-5848", "CVE-2018-6554");
    
      script_name(english:"Debian DLA-1715-1 : linux-4.9 security update (Spectre)");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or information
    leaks.
    
    CVE-2017-18249
    
    A race condition was discovered in the disk space allocator of F2FS. A
    user with access to an F2FS volume could use this to cause a denial of
    service or other security impact.
    
    CVE-2018-1128, CVE-2018-1129
    
    The cephx authentication protocol used by Ceph was susceptible to
    replay attacks, and calculated signatures incorrectly. These
    vulnerabilities in the server required changes to authentication that
    are incompatible with existing clients. The kernel's client code has
    now been updated to be compatible with the fixed server.
    
    CVE-2018-3639 (SSB)
    
    Multiple researchers have discovered that Speculative Store Bypass
    (SSB), a feature implemented in many processors, could be used to read
    sensitive information from another context. In particular, code in a
    software sandbox may be able to read sensitive information from
    outside the sandbox. This issue is also known as Spectre variant 4.
    
    This update adds a further mitigation for this issue in the
    eBPF (Extended Berkeley Packet Filter) implementation.
    
    CVE-2018-5391 (FragmentSmack)
    
    Juha-Matti Tilli discovered a flaw in the way the Linux kernel handled
    reassembly of fragmented IPv4 and IPv6 packets. A remote attacker can
    take advantage of this flaw to trigger time and calculation expensive
    fragment reassembly algorithms by sending specially crafted packets,
    leading to remote denial of service.
    
    This was previously mitigated by reducing the default limits
    on memory usage for incomplete fragmented packets. This
    update replaces that mitigation with a more complete fix.
    
    CVE-2018-5848
    
    The wil6210 wifi driver did not properly validate lengths in scan and
    connection requests, leading to a possible buffer overflow. On systems
    using this driver, a local user with the CAP_NET_ADMIN capability
    could use this for denial of service (memory corruption or crash) or
    potentially for privilege escalation.
    
    CVE-2018-12896, CVE-2018-13053
    
    Team OWL337 reported possible integer overflows in the POSIX timer
    implementation. These might have some security impact.
    
    CVE-2018-13096, CVE-2018-13097, CVE-2018-13100, CVE-2018-14614,
    CVE-2018-14616
    
    Wen Xu from SSLab at Gatech reported that crafted F2FS volumes could
    trigger a crash (BUG, Oops, or division by zero) and/or out-of-bounds
    memory access. An attacker able to mount such a volume could use this
    to cause a denial of service or possibly for privilege escalation.
    
    CVE-2018-13406
    
    Dr Silvio Cesare of InfoSect reported a potential integer overflow in
    the uvesafb driver. A user with permission to access such a device
    might be able to use this for denial of service or privilege
    escalation.
    
    CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613
    
    Wen Xu from SSLab at Gatech reported that crafted Btrfs volumes could
    trigger a crash (Oops) and/or out-of-bounds memory access. An attacker
    able to mount such a volume could use this to cause a denial of
    service or possibly for privilege escalation.
    
    CVE-2018-15471 ((XSA-270)
    
    Felix Wilhelm of Google Project Zero discovered a flaw in the hash
    handling of the xen-netback Linux kernel module. A malicious or buggy
    frontend may cause the (usually privileged) backend to make out of
    bounds memory accesses, potentially resulting in privilege escalation,
    denial of service, or information leaks.
    
    https://xenbits.xen.org/xsa/advisory-270.html
    
    CVE-2018-16862
    
    Vasily Averin and Pavel Tikhomirov from Virtuozzo Kernel Team
    discovered that the cleancache memory management feature did not
    invalidate cached data for deleted files. On Xen guests using the tmem
    driver, local users could potentially read data from other users'
    deleted files if they were able to create new files on the same
    volume.
    
    CVE-2018-17972
    
    Jann Horn reported that the /proc/*/stack files in procfs leaked
    sensitive data from the kernel. These files are now only readable by
    users with the CAP_SYS_ADMIN capability (usually only root)
    
    CVE-2018-18281
    
    Jann Horn reported a race condition in the virtual memory manager that
    can result in a process briefly having access to memory after it is
    freed and reallocated. A local user could possibly exploit this for
    denial of service (memory corruption) or for privilege escalation.
    
    CVE-2018-18690
    
    Kanda Motohiro reported that XFS did not correctly handle some xattr
    (extended attribute) writes that require changing the disk format of
    the xattr. A user with access to an XFS volume could use this for
    denial of service.
    
    CVE-2018-18710
    
    It was discovered that the cdrom driver does not correctly validate
    the parameter to the CDROM_SELECT_DISC ioctl. A user with access to a
    cdrom device could use this to read sensitive information from the
    kernel or to cause a denial of service (crash).
    
    CVE-2018-19407
    
    Wei Wu reported a potential crash (Oops) in the KVM implementation for
    x86 processors. A user with access to /dev/kvm could use this for
    denial of service.
    
    For Debian 8 'Jessie', these problems have been fixed in version
    4.9.144-3.1~deb8u1. This version also includes fixes for Debian bugs
    #890034, #896911, #907581, #915229, and #915231; and other fixes
    included in upstream stable updates.
    
    We recommend that you upgrade your linux-4.9 packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/linux-4.9"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://xenbits.xen.org/xsa/advisory-270.html"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-13406");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-doc-4.9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-manual-4.9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-perf-4.9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-source-4.9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/18");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.9-arm", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-doc-4.9", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-686", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-686-pae", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-amd64", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-armel", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-armhf", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-i386", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-amd64", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-armmp", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-armmp-lpae", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-common", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-common-rt", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-marvell", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-rt-686-pae", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-rt-amd64", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686-pae", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686-pae-dbg", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-amd64", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-amd64-dbg", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-armmp", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-armmp-lpae", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-marvell", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-686-pae", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-amd64", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-kbuild-4.9", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-manual-4.9", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-perf-4.9", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-source-4.9", reference:"4.9.144-3.1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-support-4.9.0-0.bpo.7", reference:"4.9.144-3.1~deb8u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3821-1.NASL
    descriptionWen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the f2fs filesystem implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096) Wen Xu and Po-Ning Tseng discovered that the btrfs filesystem implementation in the Linux kernel did not properly handle relocations in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14609) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service (host system crash) or execute arbitrary code in the host. (CVE-2018-18021). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118971
    published2018-11-15
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118971
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3821-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3821-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118971);
      script_version("1.4");
      script_cvs_date("Date: 2019/09/18 12:31:49");
    
      script_cve_id("CVE-2018-10880", "CVE-2018-13053", "CVE-2018-13096", "CVE-2018-14609", "CVE-2018-14617", "CVE-2018-17972", "CVE-2018-18021");
      script_xref(name:"USN", value:"3821-1");
    
      script_name(english:"Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3821-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Wen Xu discovered that the ext4 filesystem implementation in the Linux
    kernel did not properly ensure that xattr information remained in
    inode bodies. An attacker could use this to construct a malicious ext4
    image that, when mounted, could cause a denial of service (system
    crash). (CVE-2018-10880)
    
    It was discovered that the alarmtimer implementation in the Linux
    kernel contained an integer overflow vulnerability. A local attacker
    could use this to cause a denial of service. (CVE-2018-13053)
    
    Wen Xu discovered that the f2fs filesystem implementation in the Linux
    kernel did not properly validate metadata. An attacker could use this
    to construct a malicious f2fs image that, when mounted, could cause a
    denial of service (system crash). (CVE-2018-13096)
    
    Wen Xu and Po-Ning Tseng discovered that the btrfs filesystem
    implementation in the Linux kernel did not properly handle relocations
    in some situations. An attacker could use this to construct a
    malicious btrfs image that, when mounted, could cause a denial of
    service (system crash). (CVE-2018-14609)
    
    Wen Xu discovered that the HFS+ filesystem implementation in the Linux
    kernel did not properly handle malformed catalog data in some
    situations. An attacker could use this to construct a malicious HFS+
    image that, when mounted, could cause a denial of service (system
    crash). (CVE-2018-14617)
    
    Jann Horn discovered that the procfs file system implementation in the
    Linux kernel did not properly restrict the ability to inspect the
    kernel stack of an arbitrary task. A local attacker could use this to
    expose sensitive information. (CVE-2018-17972)
    
    It was discovered that the KVM implementation in the Linux kernel on
    ARM 64bit processors did not properly handle some ioctls. An attacker
    with the privilege to create KVM-based virtual machines could use this
    to cause a denial of service (host system crash) or execute arbitrary
    code in the host. (CVE-2018-18021).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3821-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-10880", "CVE-2018-13053", "CVE-2018-13096", "CVE-2018-14609", "CVE-2018-14617", "CVE-2018-17972", "CVE-2018-18021");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3821-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1037-kvm", pkgver:"4.4.0-1037.43")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1072-aws", pkgver:"4.4.0-1072.82")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1100-raspi2", pkgver:"4.4.0-1100.108")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1104-snapdragon", pkgver:"4.4.0-1104.109")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-139-generic", pkgver:"4.4.0-139.165")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-139-generic-lpae", pkgver:"4.4.0-139.165")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-139-lowlatency", pkgver:"4.4.0-139.165")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-aws", pkgver:"4.4.0.1072.74")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic", pkgver:"4.4.0.139.145")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-lpae", pkgver:"4.4.0.139.145")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-kvm", pkgver:"4.4.0.1037.36")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-lowlatency", pkgver:"4.4.0.139.145")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-raspi2", pkgver:"4.4.0.1100.100")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-snapdragon", pkgver:"4.4.0.1104.96")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.4-aws / linux-image-4.4-generic / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3821-2.NASL
    descriptionUSN-3821-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880) It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the f2fs filesystem implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096) Wen Xu and Po-Ning Tseng discovered that the btrfs filesystem implementation in the Linux kernel did not properly handle relocations in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14609) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service (host system crash) or execute arbitrary code in the host. (CVE-2018-18021). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118972
    published2018-11-15
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118972
    titleUbuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3821-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3821-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118972);
      script_version("1.4");
      script_cvs_date("Date: 2019/09/18 12:31:49");
    
      script_cve_id("CVE-2018-10880", "CVE-2018-13053", "CVE-2018-13096", "CVE-2018-14609", "CVE-2018-14617", "CVE-2018-17972", "CVE-2018-18021");
      script_xref(name:"USN", value:"3821-2");
    
      script_name(english:"Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3821-2)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-3821-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
    LTS. This update provides the corresponding updates for the Linux
    Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
    14.04 LTS.
    
    Wen Xu discovered that the ext4 filesystem implementation in the Linux
    kernel did not properly ensure that xattr information remained in
    inode bodies. An attacker could use this to construct a malicious ext4
    image that, when mounted, could cause a denial of service (system
    crash). (CVE-2018-10880)
    
    It was discovered that the alarmtimer implementation in the Linux
    kernel contained an integer overflow vulnerability. A local attacker
    could use this to cause a denial of service. (CVE-2018-13053)
    
    Wen Xu discovered that the f2fs filesystem implementation in the Linux
    kernel did not properly validate metadata. An attacker could use this
    to construct a malicious f2fs image that, when mounted, could cause a
    denial of service (system crash). (CVE-2018-13096)
    
    Wen Xu and Po-Ning Tseng discovered that the btrfs filesystem
    implementation in the Linux kernel did not properly handle relocations
    in some situations. An attacker could use this to construct a
    malicious btrfs image that, when mounted, could cause a denial of
    service (system crash). (CVE-2018-14609)
    
    Wen Xu discovered that the HFS+ filesystem implementation in the Linux
    kernel did not properly handle malformed catalog data in some
    situations. An attacker could use this to construct a malicious HFS+
    image that, when mounted, could cause a denial of service (system
    crash). (CVE-2018-14617)
    
    Jann Horn discovered that the procfs file system implementation in the
    Linux kernel did not properly restrict the ability to inspect the
    kernel stack of an arbitrary task. A local attacker could use this to
    expose sensitive information. (CVE-2018-17972)
    
    It was discovered that the KVM implementation in the Linux kernel on
    ARM 64bit processors did not properly handle some ioctls. An attacker
    with the privilege to create KVM-based virtual machines could use this
    to cause a denial of service (host system crash) or execute arbitrary
    code in the host. (CVE-2018-18021).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3821-2/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-10880", "CVE-2018-13053", "CVE-2018-13096", "CVE-2018-14609", "CVE-2018-14617", "CVE-2018-17972", "CVE-2018-18021");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3821-2");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-1034-aws", pkgver:"4.4.0-1034.37")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-139-generic", pkgver:"4.4.0-139.165~14.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-139-generic-lpae", pkgver:"4.4.0-139.165~14.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-139-lowlatency", pkgver:"4.4.0-139.165~14.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-aws", pkgver:"4.4.0.1034.34")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-generic-lpae-lts-xenial", pkgver:"4.4.0.139.119")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-generic-lts-xenial", pkgver:"4.4.0.139.119")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-lowlatency-lts-xenial", pkgver:"4.4.0.139.119")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.4-aws / linux-image-4.4-generic / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1519.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network.(CVE-2013-4350i1/4%0 - The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impacts via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function.(CVE-2017-7187i1/4%0 - An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller
    last seen2020-03-19
    modified2019-05-14
    plugin id124972
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124972
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1519)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124972);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2013-4350",
        "CVE-2014-3182",
        "CVE-2014-8173",
        "CVE-2014-9895",
        "CVE-2015-1328",
        "CVE-2015-2042",
        "CVE-2015-4178",
        "CVE-2015-5157",
        "CVE-2016-0723",
        "CVE-2016-4998",
        "CVE-2016-7911",
        "CVE-2017-17712",
        "CVE-2017-2584",
        "CVE-2017-7187",
        "CVE-2017-8890",
        "CVE-2018-10021",
        "CVE-2018-10322",
        "CVE-2018-1091",
        "CVE-2018-13096",
        "CVE-2019-3701"
      );
      script_bugtraq_id(
        62405,
        69770,
        72730,
        73133,
        75206,
        76005
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1519)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - The IPv6 SCTP implementation in net/sctp/ipv6.c in the
        Linux kernel through 3.11.1 uses data structures and
        function calls that do not trigger an intended
        configuration of IPsec encryption, which allows remote
        attackers to obtain sensitive information by sniffing
        the network.(CVE-2013-4350i1/4%0
    
      - The sg_ioctl function in drivers/scsi/sg.c in the Linux
        kernel allows local users to cause a denial of service
        (stack-based buffer overflow) or possibly have
        unspecified other impacts via a large command size in
        an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds
        write access in the sg_write function.(CVE-2017-7187i1/4%0
    
      - An issue was discovered in can_can_gw_rcv in
        net/can/gw.c in the Linux kernel through 4.19.13. The
        CAN frame modification rules allow bitwise logical
        operations that can be also applied to the can_dlc
        field. Because of a missing check, the CAN drivers may
        write arbitrary content beyond the data registers in
        the CAN controller's I/O memory when processing can-gw
        manipulated outgoing frames. This is related to
        cgw_csum_xor_rel. An unprivileged user can trigger a
        system crash (general protection
        fault).(CVE-2019-3701i1/4%0
    
      - net/rds/sysctl.c in the Linux kernel before 3.19 uses
        an incorrect data type in a sysctl table, which allows
        local users to obtain potentially sensitive information
        from kernel memory or possibly have unspecified other
        impact by accessing a sysctl entry.(CVE-2015-2042i1/4%0
    
      - The inet_csk_clone_lock function in
        net/ipv4/inet_connection_sock.c in the Linux kernel
        allows attackers to cause a denial of service (double
        free) or possibly have unspecified other impact by
        leveraging use of the accept system call. An
        unprivileged local user could use this flaw to induce
        kernel memory corruption on the system, leading to a
        crash. Due to the nature of the flaw, privilege
        escalation cannot be fully ruled out, although we
        believe it is unlikely.(CVE-2017-8890i1/4%0
    
      - The overlayfs implementation in the linux (aka Linux
        kernel) package before 3.19.0-21.21 in Ubuntu through
        15.04 does not properly check permissions for file
        creation in the upper filesystem directory, which
        allows local users to obtain root access by leveraging
        a configuration in which overlayfs is permitted in an
        arbitrary mount namespace.(CVE-2015-1328i1/4%0
    
      - The xfs_dinode_verify function in
        fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel
        through 4.16.3 allows local users to cause a denial of
        service (xfs_ilock_attr_map_shared invalid pointer
        dereference) via a crafted xfs image.(CVE-2018-10322i1/4%0
    
      - In the flush_tmregs_to_thread function in
        arch/powerpc/kernel/ptrace.c in the Linux kernel before
        4.13.5, a guest kernel crash can be triggered from
        unprivileged userspace during a core dump on a POWER
        host due to a missing processor feature check and an
        erroneous use of transactional memory (TM) instructions
        in the core dump path, leading to a denial of
        service.(CVE-2018-1091i1/4%0
    
      - ** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in
        the Linux kernel before 4.16 allows local users to
        cause a denial of service (ata qc leak) by triggering
        certain failure conditions. NOTE: a third party
        disputes the relevance of this report because the
        failure can only occur for physically proximate
        attackers who unplug SAS Host Bus Adapter
        cables.(CVE-2018-10021i1/4%0
    
      - A use-after-free flaw was discovered in the Linux
        kernel's tty subsystem, which allows for the disclosure
        of uncontrolled memory location and possible kernel
        panic. The information leak is caused by a race
        condition when attempting to set and read the tty line
        discipline. A local attacker could use the TIOCSETD
        (via tty_set_ldisc ) to switch to a new line discipline
        a concurrent call to a TIOCGETD ioctl performing a read
        on a given tty could then access previously allocated
        memory. Up to 4 bytes could be leaked when querying the
        line discipline or the kernel could panic with a
        NULL-pointer dereference.(CVE-2016-0723i1/4%0
    
      - An out-of-bounds read flaw was found in the way the
        Logitech Unifying receiver driver handled HID reports
        with an invalid device_index value. An attacker with
        physical access to the system could use this flaw to
        crash the system or, potentially, escalate their
        privileges on the system.(CVE-2014-3182i1/4%0
    
      - arch/x86/kvm/emulate.c in the Linux kernel through
        4.9.3 allows local users to obtain sensitive
        information from kernel memory or cause a denial of
        service (use-after-free) via a crafted application that
        leverages instruction emulation for fxrstor, fxsave,
        sgdt, and sidt.(CVE-2017-2584i1/4%0
    
      - A flaw was found in the way the Linux kernel handled
        IRET faults during the processing of NMIs. An
        unprivileged, local user could use this flaw to crash
        the system or, potentially (although highly unlikely),
        escalate their privileges on the
        system.(CVE-2015-5157i1/4%0
    
      - drivers/media/media-device.c in the Linux kernel before
        3.11, as used in Android before 2016-08-05 on Nexus 5
        and 7 (2013) devices, does not properly initialize
        certain data structures, which allows local users to
        obtain sensitive information via a crafted application,
        aka Android internal bug 28750150 and Qualcomm internal
        bug CR570757, a different vulnerability than
        CVE-2014-1739.(CVE-2014-9895i1/4%0
    
      - A use-after-free vulnerability in sys_ioprio_get() was
        found due to get_task_ioprio() accessing the
        task-i1/4zio_context without holding the task lock and
        could potentially race with exit_io_context(), leading
        to a use-after-free.(CVE-2016-7911i1/4%0
    
      - A flaw was found in the Linux kernel which is related
        to the user namespace lazily unmounting file systems.
        The fs_pin struct has two members (m_list and s_list)
        which are usually initialized on use in the
        pin_insert_group function. However, these members might
        go unmodified in this case, the system panics when it
        attempts to destroy or free them. This flaw could be
        used to launch a denial-of-service
        attack.(CVE-2015-4178i1/4%0
    
      - A flaw was found in the Linux kernel's implementation
        of raw_sendmsg allowing a local attacker to panic the
        kernel or possibly leak kernel addresses. A local
        attacker, with the privilege of creating raw sockets,
        can abuse a possible race condition when setting the
        socket option to allow the kernel to automatically
        create ip header values and thus potentially escalate
        their privileges.(CVE-2017-17712i1/4%0
    
      - A flaw was discovered in the F2FS filesystem code in
        fs/f2fs/super.c in the Linux kernel. A denial of
        service, due to an out-of-bounds memory access, can
        occur upon encountering an abnormal bitmap size when
        mounting a crafted f2fs image.(CVE-2018-13096i1/4%0
    
      - A NULL pointer dereference flaw was found in the way
        the Linux kernel's madvise MADV_WILLNEED functionality
        handled page table locking. A local, unprivileged user
        could use this flaw to crash the
        system.(CVE-2014-8173i1/4%0
    
      - An out-of-bounds heap memory access leading to a Denial
        of Service, heap disclosure, or further impact was
        found in setsockopt(). The function call is normally
        restricted to root, however some processes with
        cap_sys_admin may also be able to trigger this flaw in
        privileged container environments.(CVE-2016-4998i1/4%0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1519
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dd726d31");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-4.19.28-1.2.117",
            "kernel-devel-4.19.28-1.2.117",
            "kernel-headers-4.19.28-1.2.117",
            "kernel-tools-4.19.28-1.2.117",
            "kernel-tools-libs-4.19.28-1.2.117",
            "kernel-tools-libs-devel-4.19.28-1.2.117",
            "perf-4.19.28-1.2.117",
            "python-perf-4.19.28-1.2.117"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1184.NASL
    descriptionThe openSUSE Leap 42.3 kernel was updated to 4.4.159 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-13096: A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image (bnc#1100062). - CVE-2018-13097: There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG) (bnc#1100061). - CVE-2018-13098: A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode (bnc#1100060). - CVE-2018-13099: A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr (bnc#1100059). - CVE-2018-13100: An issue was discovered in fs/f2fs/super.c which did not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error (bnc#1100056). - CVE-2018-14613: There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c (bnc#1102896). - CVE-2018-14617: There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bnc#1102870). - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack-based buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target
    last seen2020-06-05
    modified2018-10-18
    plugin id118194
    published2018-10-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118194
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2018-1184)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-1184.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118194);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13098", "CVE-2018-13099", "CVE-2018-13100", "CVE-2018-14613", "CVE-2018-14617", "CVE-2018-14633", "CVE-2018-16276", "CVE-2018-16597", "CVE-2018-17182", "CVE-2018-7480", "CVE-2018-7757");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2018-1184)");
      script_summary(english:"Check for the openSUSE-2018-1184 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE Leap 42.3 kernel was updated to 4.4.159 to receive
    various security and bugfixes.
    
    The following security bugs were fixed :
    
      - CVE-2018-13096: A denial of service (out-of-bounds
        memory access and BUG) can occur upon encountering an
        abnormal bitmap size when mounting a crafted f2fs image
        (bnc#1100062).
    
      - CVE-2018-13097: There is an out-of-bounds read or a
        divide-by-zero error for an incorrect user_block_count
        in a corrupted f2fs image, leading to a denial of
        service (BUG) (bnc#1100061).
    
      - CVE-2018-13098: A denial of service (slab out-of-bounds
        read and BUG) can occur for a modified f2fs filesystem
        image in which FI_EXTRA_ATTR is set in an inode
        (bnc#1100060).
    
      - CVE-2018-13099: A denial of service (out-of-bounds
        memory access and BUG) can occur for a modified f2fs
        filesystem image in which an inline inode contains an
        invalid reserved blkaddr (bnc#1100059).
    
      - CVE-2018-13100: An issue was discovered in
        fs/f2fs/super.c which did not properly validate
        secs_per_zone in a corrupted f2fs image, as demonstrated
        by a divide-by-zero error (bnc#1100056).
    
      - CVE-2018-14613: There is an invalid pointer dereference
        in io_ctl_map_page() when mounting and operating a
        crafted btrfs image, because of a lack of block group
        item validation in check_leaf_item in
        fs/btrfs/tree-checker.c (bnc#1102896).
    
      - CVE-2018-14617: There is a NULL pointer dereference and
        panic in hfsplus_lookup() in fs/hfsplus/dir.c when
        opening a file (that is purportedly a hard link) in an
        hfs+ filesystem that has malformed catalog data, and is
        mounted read-only without a metadata directory
        (bnc#1102870).
    
      - CVE-2018-14633: A security flaw was found in the
        chap_server_compute_md5() function in the ISCSI target
        code in the Linux kernel in a way an authentication
        request from an ISCSI initiator is processed. An
        unauthenticated remote attacker can cause a stack-based
        buffer overflow and smash up to 17 bytes of the stack.
        The attack requires the iSCSI target to be enabled on
        the victim host. Depending on how the target's code was
        built (i.e. depending on a compiler, compile flags and
        hardware architecture) an attack may lead to a system
        crash and thus to a denial-of-service or possibly to a
        non-authorized access to data exported by an iSCSI
        target. Due to the nature of the flaw, privilege
        escalation cannot be fully ruled out, although we
        believe it is highly unlikely. Kernel versions 4.18.x,
        4.14.x and 3.10.x are believed to be vulnerable
        (bnc#1107829).
    
      - CVE-2018-16276: Local attackers could use user access
        read/writes with incorrect bounds checking in the yurex
        USB driver to crash the kernel or potentially escalate
        privileges (bnc#1106095).
    
      - CVE-2018-16597: Incorrect access checking in overlayfs
        mounts could be used by local attackers to modify or
        truncate files in the underlying filesystem
        (bnc#1106512).
    
      - CVE-2018-17182: The vmacache_flush_all function in
        mm/vmacache.c mishandled sequence number overflows. An
        attacker can trigger a use-after-free (and possibly gain
        privileges) via certain thread creation, map, unmap,
        invalidation, and dereference operations (bnc#1108399).
    
      - CVE-2018-7480: The blkcg_init_queue function in
        block/blk-cgroup.c allowed local users to cause a denial
        of service (double free) or possibly have unspecified
        other impact by triggering a creation failure
        (bnc#1082863).
    
      - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events
        function in drivers/scsi/libsas/sas_expander.c allowed
        local users to cause a denial of service (memory
        consumption) via many read accesses to files in the
        /sys/class/sas_phy directory, as demonstrated by the
        /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file
        (bnc#1084536).
    
    The following non-security bugs were fixed :
    
      - alsa: bebob: use address returned by kmalloc() instead
        of kernel stack for streaming DMA mapping (bnc#1012382).
    
      - alsa: emu10k1: fix possible info leak to userspace on
        SNDRV_EMU10K1_IOCTL_INFO (bnc#1012382).
    
      - alsa: hda - Fix cancel_work_sync() stall from jackpoll
        work (bnc#1012382).
    
      - alsa: msnd: Fix the default sample sizes (bnc#1012382).
    
      - alsa: pcm: Fix snd_interval_refine first/last with open
        min/max (bnc#1012382).
    
      - alsa: usb-audio: Fix multiple definitions in
        AU0828_DEVICE() macro (bnc#1012382).
    
      - arc: [plat-axs*]: Enable SWAP (bnc#1012382).
    
      - arm64: bpf: jit JMP_JSET_(X,K) (bsc#1110613).
    
      - arm64: Correct type for PUD macros (bsc#1110600).
    
      - arm64: dts: qcom: db410c: Fix Bluetooth LED trigger
        (bnc#1012382).
    
      - arm64: fix erroneous __raw_read_system_reg() cases
        (bsc#1110606).
    
      - arm64: Fix potential race with hardware DBM in
        ptep_set_access_flags() (bsc#1110605).
    
      - arm64: fpsimd: Avoid FPSIMD context leakage for the init
        task (bsc#1110603).
    
      - arm64: kasan: avoid bad virt_to_pfn() (bsc#1110612).
    
      - arm64: kasan: avoid pfn_to_nid() before page array is
        initialized (bsc#1110619).
    
      - arm64/kasan: do not allocate extra shadow memory
        (bsc#1110611).
    
      - arm64: kernel: Update kerneldoc for cpu_suspend() rename
        (bsc#1110602).
    
      - arm64: kgdb: handle read-only text / modules
        (bsc#1110604).
    
      - arm64/mm/kasan: do not use vmemmap_populate() to
        initialize shadow (bsc#1110618).
    
      - arm64: ptrace: Avoid setting compat FP[SC]R to garbage
        if get_user fails (bsc#1110601).
    
      - arm64: supported.conf: mark armmmci as not supported
    
      - arm64 Update config files. (bsc#1110468) Set
        MMC_QCOM_DML to build-in and delete driver from
        supported.conf
    
      - arm64: vdso: fix clock_getres for 4GiB-aligned res
        (bsc#1110614).
    
      - arm: exynos: Clear global variable on init error path
        (bnc#1012382).
    
      - arm: hisi: check of_iomap and fix missing of_node_put
        (bnc#1012382).
    
      - arm: hisi: fix error handling and missing of_node_put
        (bnc#1012382).
    
      - arm: hisi: handle of_iomap and fix missing of_node_put
        (bnc#1012382).
    
      - asm/sections: add helpers to check for section data
        (bsc#1063026).
    
      - asoc: cs4265: fix MMTLR Data switch control
        (bnc#1012382).
    
      - asoc: wm8994: Fix missing break in switch (bnc#1012382).
    
      - ata: libahci: Correct setting of DEVSLP register
        (bnc#1012382).
    
      - ath10k: disable bundle mgmt tx completion event support
        (bnc#1012382).
    
      - ath10k: prevent active scans on potential unusable
        channels (bnc#1012382).
    
      - audit: fix use-after-free in audit_add_watch
        (bnc#1012382).
    
      - autofs: fix autofs_sbi() does not check super block type
        (bnc#1012382).
    
      - binfmt_elf: Respect error return from `regset->active'
        (bnc#1012382).
    
      - block: bvec_nr_vecs() returns value for wrong slab
        (bsc#1082979).
    
      - Bluetooth: h5: Fix missing dependency on
        BT_HCIUART_SERDEV (bnc#1012382).
    
      - Bluetooth: hidp: Fix handling of strncpy for hid->name
        information (bnc#1012382).
    
      - bpf: fix overflow in prog accounting (bsc#1012382).
    
      - btrfs: Add checker for EXTENT_CSUM (bsc#1102882,
        bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).
    
      - btrfs: Add sanity check for EXTENT_DATA when reading out
        leaf (bsc#1102882, bsc#1102896, bsc#1102879,
        bsc#1102877, bsc#1102875,).
    
      - btrfs: Check if item pointer overlaps with the item
        itself (bsc#1102882, bsc#1102896, bsc#1102879,
        bsc#1102877, bsc#1102875,).
    
      - btrfs: Check that each block group has corresponding
        chunk at mount time (bsc#1102882, bsc#1102896,
        bsc#1102879, bsc#1102877, bsc#1102875,).
    
      - btrfs: Introduce mount time chunk <-> dev extent mapping
        check (bsc#1102882, bsc#1102896, bsc#1102879,
        bsc#1102877, bsc#1102875,).
    
      - btrfs: Move leaf and node validation checker to
        tree-checker.c (bsc#1102882, bsc#1102896, bsc#1102879,
        bsc#1102877, bsc#1102875,).
    
      - btrfs: relocation: Only remove reloc rb_trees if reloc
        control has been initialized (bnc#1012382).
    
      - btrfs: replace: Reset on-disk dev stats value after
        replace (bnc#1012382).
    
      - btrfs: scrub: Do not use inode page cache in
        scrub_handle_errored_block() (bsc#1108096).
    
      - btrfs: tree-checker: Add checker for dir item
        (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,
        bsc#1102875,).
    
      - btrfs: tree-checker: Detect invalid and empty essential
        trees (bsc#1102882, bsc#1102896, bsc#1102879,
        bsc#1102877, bsc#1102875,).
    
      - btrfs: tree-checker: Enhance btrfs_check_node output
        (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,
        bsc#1102875,).
    
      - btrfs: tree-checker: Enhance output for btrfs_check_leaf
        (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,
        bsc#1102875,).
    
      - btrfs: tree-checker: Enhance output for check_csum_item
        (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,
        bsc#1102875,).
    
      - btrfs: tree-checker: Enhance output for
        check_extent_data_item (bsc#1102882, bsc#1102896,
        bsc#1102879, bsc#1102877, bsc#1102875,).
    
      - btrfs: tree-checker: Fix false panic for sanity test
        (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,
        bsc#1102875,).
    
      - btrfs: tree-checker: Replace root parameter with fs_info
        (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,
        bsc#1102875,).
    
      - btrfs: tree-checker: use %zu format string for size_t
        (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,
        bsc#1102875,).
    
      - btrfs: tree-checker: use %zu format string for size_t
        (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,
        bsc#1102875,).
    
      - btrfs: tree-checker: Verify block_group_item
        (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,
        bsc#1102875,).
    
      - btrfs: use correct compare function of
        dirty_metadata_bytes (bnc#1012382).
    
      - btrfs: Verify that every chunk has corresponding block
        group at mount time (bsc#1102882, bsc#1102896,
        bsc#1102879, bsc#1102877, bsc#1102875,).
    
      - cfq: Give a chance for arming slice idle timer in case
        of group_idle (bnc#1012382).
    
      - cifs: check if SMB2 PDU size has been padded and
        suppress the warning (bnc#1012382).
    
      - cifs: fix wrapping bugs in num_entries() (bnc#1012382).
    
      - cifs: integer overflow in in SMB2_ioctl() (bsc#1012382).
    
      - cifs: prevent integer overflow in nxt_dir_entry()
        (bnc#1012382).
    
      - clk: imx6ul: fix missing of_node_put() (bnc#1012382).
    
      - coresight: Handle errors in finding input/output ports
        (bnc#1012382).
    
      - coresight: tpiu: Fix disabling timeouts (bnc#1012382).
    
      - cpu/hotplug: Fix SMT supported evaluation (bsc#1089343).
    
      - crypto: clarify licensing of OpenSSL asm code ().
    
      - crypto: sharah - Unregister correct algorithms for
        SAHARA 3 (bnc#1012382).
    
      - crypto: vmx - Remove overly verbose printk from AES XTS
        init (git-fixes).
    
      - debugobjects: Make stack check warning more informative
        (bnc#1012382).
    
      - Define early_radix_enabled() (bsc#1094244).
    
      - Delete
        patches.fixes/slab-__GFP_ZERO-is-incompatible-with-a-con
        structor.patch (bnc#1110297) we still have a code which
        uses both __GFP_ZERO and constructors. The code seems to
        be correct and the warning does more harm than good so
        revert for the the meantime until we catch offenders.
    
      - dmaengine: pl330: fix irq race with terminate_all
        (bnc#1012382).
    
      - dm kcopyd: avoid softlockup in run_complete_job
        (bnc#1012382).
    
      - dm-mpath: do not try to access NULL rq (bsc#1110337).
    
      - dm-mpath: finally fixup cmd_flags (bsc#1110930).
    
      - drivers: net: cpsw: fix parsing of phy-handle DT
        property in dual_emac config (bnc#1012382).
    
      - drivers: net: cpsw: fix segfault in case of bad
        phy-handle (bnc#1012382).
    
      - drm/amdkfd: Fix error codes in kfd_get_process
        (bnc#1012382).
    
      - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume()
        in connector_detect() (bnc#1012382).
    
      - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping
        (bnc#1012382).
    
      - EDAC: Fix memleak in module init error path
        (bsc#1109441).
    
      - EDAC, i7core: Fix memleaks and use-after-free on probe
        and remove (1109441).
    
      - ethernet: ti: davinci_emac: add missing of_node_put
        after calling of_parse_phandle (bnc#1012382).
    
      - ethtool: Remove trailing semicolon for static inline
        (bnc#1012382).
    
      - ext4: avoid divide by zero fault when deleting corrupted
        inline directories (bnc#1012382).
    
      - ext4: do not mark mmp buffer head dirty (bnc#1012382).
    
      - ext4: fix online resize's handling of a too-small final
        block group (bnc#1012382).
    
      - ext4: fix online resizing for bigalloc file systems with
        a 1k block size (bnc#1012382).
    
      - ext4: recalucate superblock checksum after updating free
        blocks/inodes (bnc#1012382).
    
      - f2fs: do not set free of current section (bnc#1012382).
    
      - f2fs: fix to do sanity check with
        (sit,nat)_ver_bitmap_bytesize (bnc#1012382).
    
      - fat: validate ->i_start before using (bnc#1012382).
    
      - fbdev: Distinguish between interlaced and progressive
        modes (bnc#1012382).
    
      - fbdev/via: fix defined but not used warning
        (bnc#1012382).
    
      - Follow-up fix for
        patches.arch/01-jump_label-reduce-the-size-of-struct-sta
        tic_key-kabi.patch. (bsc#1108803)
    
      - fork: do not copy inconsistent signal handler state to
        child (bnc#1012382).
    
      - fs/dcache.c: fix kmemcheck splat at
        take_dentry_name_snapshot() (bnc#1012382).
    
      - fs/eventpoll: loosen irq-safety when possible
        (bsc#1096052).
    
      - genirq: Delay incrementing interrupt count if it's
        disabled/pending (bnc#1012382).
    
      - gfs2: Special-case rindex for gfs2_grow (bnc#1012382).
    
      - gpiolib: Mark gpio_suffixes array with __maybe_unused
        (bnc#1012382).
    
      - gpio: ml-ioh: Fix buffer underwrite on probe error path
        (bnc#1012382).
    
      - gpio: tegra: Move driver registration to subsys_init
        level (bnc#1012382).
    
      - gso_segment: Reset skb->mac_len after modifying network
        header (bnc#1012382).
    
      - hfsplus: do not return 0 when fill_super() failed
        (bnc#1012382).
    
      - hfs: prevent crash on exit from failed search
        (bnc#1012382).
    
      - HID: sony: Support DS4 dongle (bnc#1012382).
    
      - HID: sony: Update device ids (bnc#1012382).
    
      - i2c: i801: fix DNV's SMBCTRL register offset
        (bnc#1012382).
    
      - i2c: xiic: Make the start and the byte count write
        atomic (bnc#1012382).
    
      - i2c: xlp9xx: Add support for SMBAlert (bsc#1103308).
    
      - i2c: xlp9xx: Fix case where SSIF read transaction
        completes early (bsc#1103308).
    
      - i2c: xlp9xx: Fix issue seen when updating receive length
        (bsc#1103308).
    
      - i2c: xlp9xx: Make sure the transfer size is not more
        than I2C_SMBUS_BLOCK_SIZE (bsc#1103308).
    
      - ib/ipoib: Avoid a race condition between start_xmit and
        cm_rep_handler (bnc#1012382).
    
      - ib_srp: Remove WARN_ON in srp_terminate_io()
        (bsc#1094562).
    
      - input: atmel_mxt_ts - only use first T9 instance
        (bnc#1012382).
    
      - iommu/amd: Return devid as alias for ACPI HID devices
        (bsc#1106105).
    
      - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer
        register (bnc#1012382).
    
      - iommu/ipmmu-vmsa: Fix allocation in atomic context
        (bnc#1012382).
    
      - ipmi:ssif: Add support for multi-part transmit messages
        > 2 parts (bsc#1103308).
    
      - ipv6: fix possible use-after-free in ip6_xmit()
        (bnc#1012382).
    
      - ipvs: fix race between ip_vs_conn_new() and
        ip_vs_del_dest() (bnc#1012382).
    
      - irqchip/bcm7038-l1: Hide cpu offline callback when
        building for !SMP (bnc#1012382).
    
      - irqchip/gic-v3: Add missing barrier to 32bit version of
        gic_read_iar() (bnc#1012382).
    
      - iw_cxgb4: only allow 1 flush on user qps (bnc#1012382).
    
      - KABI: move the new handler to end of machdep_calls and
        hide it from genksyms (bsc#1094244).
    
      - kabi protect hnae_ae_ops (bsc#1107924).
    
      - kbuild: add .DELETE_ON_ERROR special target
        (bnc#1012382).
    
      - kbuild: make missing $DEPMOD a Warning instead of an
        Error (bnc#1012382).
    
      - kernel/params.c: downgrade warning for unsafe parameters
        (bsc#1050549).
    
      - kprobes/x86: Release insn_slot in failure path
        (bsc#1110006).
    
      - kthread: fix boot hang (regression) on MIPS/OpenRISC
        (bnc#1012382).
    
      - kthread: Fix use-after-free if kthread fork fails
        (bnc#1012382).
    
      - kvm: nVMX: Do not expose MPX VMX controls when guest MPX
        disabled (bsc#1106240).
    
      - kvm: nVMX: Do not flush TLB when vmcs12 uses VPID
        (bsc#1106240).
    
      - kvm: x86: Do not re-(try,execute) after failed emulation
        in L2 (bsc#1106240).
    
      - kvm: x86: Do not use kvm_x86_ops->mpx_supported()
        directly (bsc#1106240).
    
      - kvm: x86: fix APIC page invalidation (bsc#1106240).
    
      - kvm/x86: remove WARN_ON() for when vm_munmap() fails
        (bsc#1106240).
    
      - kvm: x86: SVM: Call x86_spec_ctrl_set_guest/host() with
        interrupts disabled (bsc#1106240).
    
      - l2tp: cast l2tp traffic counter to unsigned
        (bsc#1099810).
    
      - locking/osq_lock: Fix osq_lock queue corruption
        (bnc#1012382).
    
      - locking/rwsem-xadd: Fix missed wakeup due to reordering
        of load (bnc#1012382).
    
      - lpfc: fixup crash in lpfc_els_unsol_buffer()
        (bsc#1107318).
    
      - mac80211: restrict delayed tailroom needed decrement
        (bnc#1012382).
    
      - macintosh/via-pmu: Add missing mmio accessors
        (bnc#1012382).
    
      - md/raid1: exit sync request if MD_RECOVERY_INTR is set
        (git-fixes).
    
      - md/raid5: fix data corruption of replacements after
        originals dropped (bnc#1012382).
    
      - media: videobuf2-core: check for q->error in
        vb2_core_qbuf() (bnc#1012382).
    
      - mei: bus: type promotion bug in mei_nfc_if_version()
        (bnc#1012382).
    
      - mei: me: allow runtime pm for platform with D0i3
        (bnc#1012382).
    
      - mfd: sm501: Set coherent_dma_mask when creating
        subdevices (bnc#1012382).
    
      - mfd: ti_am335x_tscadc: Fix struct clk memory leak
        (bnc#1012382).
    
      - misc: hmc6352: fix potential Spectre v1 (bnc#1012382).
    
      - misc: mic: SCIF Fix scif_get_new_port() error handling
        (bnc#1012382).
    
      - misc: ti-st: Fix memory leak in the error path of
        probe() (bnc#1012382).
    
      - mmc: mmci: stop building qcom dml as module
        (bsc#1110468).
    
      - mm/fadvise.c: fix signed overflow UBSAN complaint
        (bnc#1012382).
    
      - mm: fix devmem_is_allowed() for sub-page System RAM
        intersections (bsc#1110006).
    
      - mm: get rid of vmacache_flush_all() entirely
        (bnc#1012382).
    
      - mm: shmem.c: Correctly annotate new inodes for lockdep
        (bnc#1012382).
    
      - mtdchar: fix overflows in adjustment of `count`
        (bnc#1012382).
    
      - mtd/maps: fix solutionengine.c printk format warnings
        (bnc#1012382).
    
      - neighbour: confirm neigh entries when ARP packet is
        received (bnc#1012382).
    
      - net/9p: fix error path of p9_virtio_probe (bnc#1012382).
    
      - net/appletalk: fix minor pointer leak to userspace in
        SIOCFINDIPDDPRT (bnc#1012382).
    
      - net: bcmgenet: use MAC link status for fixed phy
        (bnc#1012382).
    
      - net: dcb: For wild-card lookups, use priority -1, not 0
        (bnc#1012382).
    
      - net: ena: Eliminate duplicate barriers on weakly-ordered
        archs (bsc#1108240).
    
      - net: ena: fix device destruction to gracefully free
        resources (bsc#1108240).
    
      - net: ena: fix driver when PAGE_SIZE == 64kB
        (bsc#1108240).
    
      - net: ena: fix incorrect usage of memory barriers
        (bsc#1108240).
    
      - net: ena: fix missing calls to READ_ONCE (bsc#1108240).
    
      - net: ena: fix missing lock during device destruction
        (bsc#1108240).
    
      - net: ena: fix potential double ena_destroy_device()
        (bsc#1108240).
    
      - net: ena: fix surprise unplug NULL dereference kernel
        crash (bsc#1108240).
    
      - net: ethernet: mvneta: Fix napi structure mixup on
        armada 3700 (bsc#1110616).
    
      - net: ethernet: ti: cpsw: fix mdio device reference leak
        (bnc#1012382).
    
      - netfilter: x_tables: avoid stack-out-of-bounds read in
        xt_copy_counters_from_user (bnc#1012382).
    
      - net: hns: add netif_carrier_off before change speed and
        duplex (bsc#1107924).
    
      - net: hns: add the code for cleaning pkt in chip
        (bsc#1107924).
    
      - net: hp100: fix always-true check for link up state
        (bnc#1012382).
    
      - net: mvneta: fix mtu change on port without link
        (bnc#1012382).
    
      - net: mvneta: fix mvneta_config_rss on armada 3700
        (bsc#1110615).
    
      - nfc: Fix possible memory corruption when handling SHDLC
        I-Frame commands (bnc#1012382).
    
      - nfc: Fix the number of pipes (bnc#1012382).
    
      - nfs: Use an appropriate work queue for direct-write
        completion (bsc#1082519).
    
      - nfsv4.0 fix client reference leak in callback
        (bnc#1012382).
    
      - nvme_fc: add 'nvme_discovery' sysfs attribute to fc
        transport device (bsc#1044189).
    
      - nvmet: fixup crash on NULL device path (bsc#1082979).
    
      - ocfs2: fix ocfs2 read block panic (bnc#1012382).
    
      - ovl: modify ovl_permission() to do checks on two inodes
        (bsc#1106512)
    
      - ovl: proper cleanup of workdir (bnc#1012382).
    
      - ovl: rename is_merge to is_lowest (bnc#1012382).
    
      - parport: sunbpp: fix error return code (bnc#1012382).
    
      - partitions/aix: append null character to print data from
        disk (bnc#1012382).
    
      - partitions/aix: fix usage of uninitialized lv_info and
        lvname structures (bnc#1012382).
    
      - PCI: altera: Fix bool initialization in
        tlp_read_packet() (bsc#1109806).
    
      - PCI: designware: Fix I/O space page leak (bsc#1109806).
    
      - PCI: designware: Fix pci_remap_iospace() failure path
        (bsc#1109806).
    
      - PCI: mvebu: Fix I/O space end address calculation
        (bnc#1012382).
    
      - PCI: OF: Fix I/O space page leak (bsc#1109806).
    
      - PCI: pciehp: Fix unprotected list iteration in IRQ
        handler (bsc#1109806).
    
      - PCI: shpchp: Fix AMD POGO identification (bsc#1109806).
    
      - PCI: Supply CPU physical address (not bus address) to
        iomem_is_exclusive() (bsc#1109806).
    
      - PCI: versatile: Fix I/O space page leak (bsc#1109806).
    
      - PCI: versatile: Fix pci_remap_iospace() failure path
        (bsc#1109806).
    
      - PCI: xgene: Fix I/O space page leak (bsc#1109806).
    
      - PCI: xilinx: Add missing of_node_put() (bsc#1109806).
    
      - perf powerpc: Fix callchain ip filtering (bnc#1012382).
    
      - perf powerpc: Fix callchain ip filtering when return
        address is in a register (bnc#1012382).
    
      - perf tools: Allow overriding MAX_NR_CPUS at compile time
        (bnc#1012382).
    
      - phy: qcom-ufs: add MODULE_LICENSE tag (bsc#1110468).
    
      - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to
        be compliant (bnc#1012382).
    
      - pipe: actually allow root to exceed the pipe buffer
        limit (git-fixes).
    
      - platform/x86: alienware-wmi: Correct a memory leak
        (bnc#1012382).
    
      - platform/x86: asus-nb-wmi: Add keymap entry for lid flip
        action on UX360 (bnc#1012382).
    
      - platform/x86: toshiba_acpi: Fix defined but not used
        build warnings (bnc#1012382).
    
      - powerpc/64: Do load of PACAKBASE in LOAD_HANDLER
        (bsc#1094244).
    
      - powerpc/64s: move machine check SLB flushing to mm/slb.c
        (bsc#1094244).
    
      - powerpc/book3s: Fix MCE console messages for
        unrecoverable MCE (bsc#1094244).
    
      - powerpc/fadump: cleanup crash memory ranges support
        (bsc#1103269).
    
      - powerpc/fadump: re-register firmware-assisted dump if
        already registered (bsc#1108170, bsc#1108823).
    
      - powerpc: Fix size calculation using resource_size()
        (bnc#1012382).
    
      - powerpc/mce: Fix SLB rebolting during MCE recovery path
        (bsc#1094244).
    
      - powerpc/mce: Move 64-bit machine check code into mce.c
        (bsc#1094244).
    
      - powerpc/numa: Use associativity if VPHN hcall is
        successful (bsc#1110363).
    
      - powerpc/perf/hv-24x7: Fix off-by-one error in
        request_buffer check (git-fixes).
    
      - powerpc/powernv/ioda2: Reduce upper limit for DMA window
        size (bsc#1066223).
    
      - powerpc/powernv: opal_put_chars partial write fix
        (bnc#1012382).
    
      - powerpc/powernv: Rename machine_check_pSeries_early() to
        powernv (bsc#1094244).
    
      - powerpc/pseries: Avoid using the size greater than
        RTAS_ERROR_LOG_MAX (bnc#1012382).
    
      - powerpc/pseries: Defer the logging of rtas error to irq
        work queue (bsc#1094244).
    
      - powerpc/pseries: Define MCE error event section
        (bsc#1094244).
    
      - powerpc/pseries: Disable CPU hotplug across migrations
        (bsc#1066223).
    
      - powerpc/pseries: Display machine check error details
        (bsc#1094244).
    
      - powerpc/pseries: Dump the SLB contents on SLB MCE errors
        (bsc#1094244).
    
      - powerpc/pseries: Flush SLB contents on SLB MCE errors
        (bsc#1094244).
    
      - powerpc/pseries: Remove prrn_work workqueue
        (bsc#1102495, bsc#1109337).
    
      - powerpc/pseries: Remove unneeded uses of dlpar work
        queue (bsc#1102495, bsc#1109337).
    
      - powerpc/tm: Avoid possible userspace r1 corruption on
        reclaim (bsc#1109333).
    
      - powerpc/tm: Fix userspace r13 corruption (bsc#1109333).
    
      - printk: do not spin in printk when in nmi (bsc#1094244).
    
      - pstore: Fix incorrect persistent ram buffer mapping
        (bnc#1012382).
    
      - rdma/cma: Do not ignore net namespace for unbound cm_id
        (bnc#1012382).
    
      - rdma/cma: Protect cma dev list with lock (bnc#1012382).
    
      - rdma/rw: Fix rdma_rw_ctx_signature_init() kernel-doc
        header (bsc#1082979).
    
      - reiserfs: change j_timestamp type to time64_t
        (bnc#1012382).
    
      - Revert 'ARM: imx_v6_v7_defconfig: Select ULPI support'
        (bnc#1012382).
    
      - Revert 'dma-buf/sync-file: Avoid enable fence signaling
        if poll(.timeout=0)' (bsc#1111363).
    
      - Revert 'Drop kernel trampoline stack.' This reverts
        commit 85dead31706c1c1755adff90405ff9861c39c704.
    
      - Revert 'kabi/severities: Ignore missing cpu_tss_tramp
        (bsc#1099597)' This reverts commit
        edde1f21880e3bfe244c6f98a3733b05b13533dc.
    
      - Revert 'mm: get rid of vmacache_flush_all() entirely'
        (kabi).
    
      - Revert 'NFC: Fix the number of pipes' (kabi).
    
      - ring-buffer: Allow for rescheduling when removing pages
        (bnc#1012382).
    
      - rtc: bq4802: add error handling for devm_ioremap
        (bnc#1012382).
    
      - s390/dasd: fix hanging offline processing due to
        canceled worker (bnc#1012382).
    
      - s390/facilites: use stfle_fac_list array size for
        MAX_FACILITY_BIT (bnc#1108315, LTC#171326).
    
      - s390/lib: use expoline for all bcr instructions
        (LTC#171029 bnc#1012382 bnc#1106934).
    
      - s390/qeth: fix race in used-buffer accounting
        (bnc#1012382).
    
      - s390/qeth: reset layer2 attribute on layer switch
        (bnc#1012382).
    
      - s390/qeth: use vzalloc for QUERY OAT buffer
        (bnc#1108315, LTC#171527).
    
      - sched/fair: Fix bandwidth timer clock drift condition
        (Git-fixes).
    
      - sched/fair: Fix vruntime_normalized() for remote
        non-migration wakeup (Git-fixes).
    
      - sch_hhf: fix NULL pointer dereference on init failure
        (bnc#1012382).
    
      - sch_htb: fix crash on init failure (bnc#1012382).
    
      - sch_multiq: fix double free on init failure
        (bnc#1012382).
    
      - sch_netem: avoid NULL pointer deref on init failure
        (bnc#1012382).
    
      - sch_tbf: fix two NULL pointer dereferences on init
        failure (bnc#1012382).
    
      - scripts: modpost: check memory allocation results
        (bnc#1012382).
    
      - scsi: 3ware: fix return 0 on the error path of probe
        (bnc#1012382).
    
      - scsi: aic94xx: fix an error code in aic94xx_init()
        (bnc#1012382).
    
      - scsi: ipr: System hung while dlpar adding primary ipr
        adapter back (bsc#1109336).
    
      - scsi: qla2xxx: Add changes for devloss timeout in driver
        (bsc#1084427).
    
      - scsi: qla2xxx: Add FC-NVMe abort processing
        (bsc#1084427).
    
      - scsi: qla2xxx: Add longer window for chip reset
        (bsc#1094555).
    
      - scsi: qla2xxx: Avoid double completion of abort command
        (bsc#1094555).
    
      - scsi: qla2xxx: Cleanup code to improve FC-NVMe error
        handling (bsc#1084427).
    
      - scsi: qla2xxx: Cleanup for N2N code (bsc#1094555).
    
      - scsi: qla2xxx: correctly shift host byte (bsc#1094555).
    
      - scsi: qla2xxx: Correct setting of
        SAM_STAT_CHECK_CONDITION (bsc#1094555).
    
      - scsi: qla2xxx: Delete session for nport id change
        (bsc#1094555).
    
      - scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan
        (bsc#1084427).
    
      - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command
        (bsc#1094555).
    
      - scsi: qla2xxx: Fix double free bug after firmware
        timeout (bsc#1094555).
    
      - scsi: qla2xxx: Fix driver unload by shutting down chip
        (bsc#1094555).
    
      - scsi: qla2xxx: fix error message on <qla2400
        (bsc#1094555).
    
      - scsi: qla2xxx: Fix FC-NVMe IO abort during driver reset
        (bsc#1084427).
    
      - scsi: qla2xxx: Fix function argument descriptions
        (bsc#1094555).
    
      - scsi: qla2xxx: Fix Inquiry command being dropped in
        Target mode (bsc#1094555).
    
      - scsi: qla2xxx: Fix issue reported by static checker for
        qla2x00_els_dcmd2_sp_done() (bsc#1094555).
    
      - scsi: qla2xxx: Fix login retry count (bsc#1094555).
    
      - scsi: qla2xxx: Fix Management Server NPort handle
        reservation logic (bsc#1094555).
    
      - scsi: qla2xxx: Fix memory leak for allocating abort IOCB
        (bsc#1094555).
    
      - scsi: qla2xxx: Fix n2n_ae flag to prevent dev_loss on
        PDB change (bsc#1084427).
    
      - scsi: qla2xxx: Fix N2N link re-connect (bsc#1094555).
    
      - scsi: qla2xxx: Fix NPIV deletion by calling
        wait_for_sess_deletion (bsc#1094555).
    
      - scsi: qla2xxx: Fix race between switch cmd completion
        and timeout (bsc#1094555).
    
      - scsi: qla2xxx: Fix race condition between iocb timeout
        and initialisation (bsc#1094555).
    
      - scsi: qla2xxx: Fix redundant fc_rport registration
        (bsc#1094555).
    
      - scsi: qla2xxx: Fix retry for PRLI RJT with reason of
        BUSY (bsc#1084427).
    
      - scsi: qla2xxx: Fix Rport and session state getting out
        of sync (bsc#1094555).
    
      - scsi: qla2xxx: Fix sending ADISC command for login
        (bsc#1094555).
    
      - scsi: qla2xxx: Fix session state stuck in Get Port DB
        (bsc#1094555).
    
      - scsi: qla2xxx: Fix stalled relogin (bsc#1094555).
    
      - scsi: qla2xxx: Fix TMF and Multi-Queue config
        (bsc#1094555).
    
      - scsi: qla2xxx: Fix unintended Logout (bsc#1094555).
    
      - scsi: qla2xxx: Fix unintialized List head crash
        (bsc#1094555).
    
      - scsi: qla2xxx: Flush mailbox commands on chip reset
        (bsc#1094555).
    
      - scsi: qla2xxx: fx00 copypaste typo (bsc#1094555).
    
      - scsi: qla2xxx: Migrate NVME N2N handling into state
        machine (bsc#1094555).
    
      - scsi: qla2xxx: Move GPSC and GFPNID out of session
        management (bsc#1094555).
    
      - scsi: qla2xxx: Prevent relogin loop by removing stale
        code (bsc#1094555).
    
      - scsi: qla2xxx: Prevent sysfs access when chip is down
        (bsc#1094555).
    
      - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs
        (bsc#1094555).
    
      - scsi: qla2xxx: remove irq save in qla2x00_poll()
        (bsc#1094555).
    
      - scsi: qla2xxx: Remove nvme_done_list (bsc#1084427).
    
      - scsi: qla2xxx: Remove stale debug value for login_retry
        flag (bsc#1094555).
    
      - scsi: qla2xxx: Remove unneeded message and minor cleanup
        for FC-NVMe (bsc#1084427).
    
      - scsi: qla2xxx: Restore ZIO threshold setting
        (bsc#1084427).
    
      - scsi: qla2xxx: Return busy if rport going away
        (bsc#1084427).
    
      - scsi: qla2xxx: Save frame payload size from ICB
        (bsc#1094555).
    
      - scsi: qla2xxx: Set IIDMA and fcport state before
        qla_nvme_register_remote() (bsc#1084427).
    
      - scsi: qla2xxx: Silent erroneous message (bsc#1094555).
    
      - scsi: qla2xxx: Update driver version to 10.00.00.06-k
        (bsc#1084427).
    
      - scsi: qla2xxx: Update driver version to 10.00.00.07-k
        (bsc#1094555).
    
      - scsi: qla2xxx: Update driver version to 10.00.00.08-k
        (bsc#1094555).
    
      - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1094555).
    
      - scsi: qla2xxx: Use predefined get_datalen_for_atio()
        inline function (bsc#1094555).
    
      - scsi: target: fix __transport_register_session locking
        (bnc#1012382).
    
      - selftests/powerpc: Kill child processes on SIGINT
        (bnc#1012382).
    
      - selftest: timers: Tweak raw_skew to SKIP when
        ADJ_OFFSET/other clock adjustments are in progress
        (bnc#1012382).
    
      - selinux: use GFP_NOWAIT in the AVC kmem_caches
        (bnc#1012382).
    
      - smb3: fix reset of bytes read and written stats
        (bnc#1012382).
    
      - SMB3: Number of requests sent should be displayed for
        SMB3 not just CIFS (bnc#1012382).
    
      - srcu: Allow use of Tiny/Tree SRCU from both process and
        interrupt context (bsc#1050549).
    
      - staging: android: ion: fix ION_IOC_(MAP,SHARE)
        use-after-free (bnc#1012382).
    
      - staging: comedi: ni_mio_common: fix subdevice flags for
        PFI subdevice (bnc#1012382).
    
      - staging: rt5208: Fix a sleep-in-atomic bug in
        xd_copy_page (bnc#1012382).
    
      - staging/rts5208: Fix read overflow in memcpy
        (bnc#1012382).
    
      - stop_machine: Atomically queue and wake stopper threads
        (git-fixes).
    
      - tcp: do not restart timewait timer on rst reception
        (bnc#1012382).
    
      - Tools: hv: Fix a bug in the key delete code
        (bnc#1012382).
    
      - tty: Drop tty->count on tty_reopen() failure
        (bnc#1105428). As this depends on earlier tty patches,
        they were moved to the sorted section too.
    
      - tty: rocket: Fix possible buffer overwrite on
        register_PCI (bnc#1012382).
    
      - tty: vt_ioctl: fix potential Spectre v1 (bnc#1012382).
    
      - uio: potential double frees if __uio_register_device()
        fails (bnc#1012382).
    
      - Update
        patches.suse/dm-Always-copy-cmd_flags-when-cloning-a-req
        uest.patch (bsc#1088087, bsc#1103156).
    
      - USB: add quirk for WORLDE Controller KS49 or Prodipe
        MIDI 49C USB controller (bnc#1012382).
    
      - USB: Add quirk to support DJI CineSSD (bnc#1012382).
    
      - usb: Avoid use-after-free by flushing endpoints early in
        usb_set_interface() (bnc#1012382).
    
      - usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
        service_outstanding_interrupt() (bnc#1012382).
    
      - usb: Do not die twice if PCI xhci host is not responding
        in resume (bnc#1012382).
    
      - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug
        in u132_get_frame() (bnc#1012382).
    
      - usbip: vhci_sysfs: fix potential Spectre v1
        (bsc#1096547).
    
      - usb: misc: uss720: Fix two sleep-in-atomic-context bugs
        (bnc#1012382).
    
      - USB: net2280: Fix erroneous synchronization change
        (bnc#1012382).
    
      - USB: serial: io_ti: fix array underflow in completion
        handler (bnc#1012382).
    
      - USB: serial: ti_usb_3410_5052: fix array underflow in
        completion handler (bnc#1012382).
    
      - USB: yurex: Fix buffer over-read in yurex_write()
        (bnc#1012382).
    
      - VFS: do not test owner for NFS in set_posix_acl()
        (bsc#1103405).
    
      - video: goldfishfb: fix memory leak on driver remove
        (bnc#1012382).
    
      - vmw_balloon: include asm/io.h (bnc#1012382).
    
      - vti6: remove !skb->ignore_df check from vti6_xmit()
        (bnc#1012382).
    
      - watchdog: w83627hf: Added NCT6102D support
        (bsc#1106434).
    
      - watchdog: w83627hf_wdt: Add quirk for Inves system
        (bsc#1106434).
    
      - x86/apic: Fix restoring boot IRQ mode in reboot and
        kexec/kdump (bsc#1110006).
    
      - x86/apic: Split disable_IO_APIC() into two functions to
        fix CONFIG_KEXEC_JUMP=y (bsc#1110006).
    
      - x86/apic: Split out restore_boot_irq_mode() from
        disable_IO_APIC() (bsc#1110006).
    
      - x86/boot: Fix 'run_size' calculation (bsc#1110006).
    
      - x86/entry/64: Remove %ebx handling from error_entry/exit
        (bnc#1102715).
    
      - x86/kaiser: Avoid loosing NMIs when using trampoline
        stack (bsc#1106293 bsc#1099597).
    
      - x86/mm: Remove in_nmi() warning from vmalloc_fault()
        (bnc#1012382).
    
      - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE
        defines (bsc#1110006).
    
      - x86/pae: use 64 bit atomic xchg function in
        native_ptep_get_and_clear (bnc#1012382).
    
      - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
        (bnc#1012382).
    
      - x86/vdso: Fix asm constraints on vDSO syscall fallbacks
        (bsc#1110006).
    
      - x86/vdso: Fix vDSO build if a retpoline is emitted
        (bsc#1110006).
    
      - x86/vdso: Fix vDSO syscall fallback asm constraint
        regression (bsc#1110006).
    
      - x86/vdso: Only enable vDSO retpolines when enabled and
        supported (bsc#1110006).
    
      - xen: avoid crash in disable_hotplug_cpu (bsc#1106594).
    
      - xen/blkfront: correct purging of persistent grants
        (bnc#1065600).
    
      - xen: issue warning message when out of grant maptrack
        entries (bsc#1105795).
    
      - xen/netfront: do not bug in case of too many frags
        (bnc#1012382).
    
      - xen-netfront: fix queue name setting (bnc#1012382).
    
      - xen/netfront: fix waiting for xenbus state change
        (bnc#1012382).
    
      - xen-netfront: fix warn message as irq device name has
        '/' (bnc#1012382).
    
      - xen/x86/vpmu: Zero struct pt_regs before calling into
        sample handling code (bnc#1012382).
    
      - xfs: add a new xfs_iext_lookup_extent_before helper
        (bsc#1095344).
    
      - xfs: add asserts for the mmap lock in
        xfs_(insert,collapse)_file_space (bsc#1095344).
    
      - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344).
    
      - xfs: add a xfs_iext_update_extent helper (bsc#1095344).
    
      - xfs: add comments documenting the rebalance algorithm
        (bsc#1095344).
    
      - xfs: add some comments to
        xfs_iext_insert/xfs_iext_insert_node (bsc#1095344).
    
      - xfs: add xfs_trim_extent (bsc#1095344).
    
      - xfs: allow unaligned extent records in
        xfs_bmbt_disk_set_all (bsc#1095344).
    
      - xfs: borrow indirect blocks from freed extent when
        available (bsc#1095344).
    
      - xfs: cleanup xfs_bmap_last_before (bsc#1095344).
    
      - xfs: do not create overlapping extents in
        xfs_bmap_add_extent_delay_real (bsc#1095344).
    
      - xfs: do not rely on extent indices in
        xfs_bmap_collapse_extents (bsc#1095344).
    
      - xfs: do not rely on extent indices in
        xfs_bmap_insert_extents (bsc#1095344).
    
      - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi
        (bsc#1095344).
    
      - xfs: during btree split, save new block key & ptr for
        future insertion (bsc#1095344).
    
      - xfs: factor out a helper to initialize a local format
        inode fork (bsc#1095344).
    
      - xfs: fix memory leak in xfs_iext_free_last_leaf
        (bsc#1095344).
    
      - xfs: fix number of records handling in
        xfs_iext_split_leaf (bsc#1095344).
    
      - xfs: fix transaction allocation deadlock in IO path
        (bsc#1090535).
    
      - xfs: handle indlen shortage on delalloc extent merge
        (bsc#1095344).
    
      - xfs: handle zero entries case in xfs_iext_rebalance_leaf
        (bsc#1095344).
    
      - xfs: improve kmem_realloc (bsc#1095344).
    
      - xfs: inline xfs_shift_file_space into callers
        (bsc#1095344).
    
      - xfs: introduce the xfs_iext_cursor abstraction
        (bsc#1095344).
    
      - xfs: iterate over extents in xfs_bmap_extents_to_btree
        (bsc#1095344).
    
      - xfs: iterate over extents in xfs_iextents_copy
        (bsc#1095344).
    
      - xfs: make better use of the 'state' variable in
        xfs_bmap_del_extent_real (bsc#1095344).
    
      - xfs: merge xfs_bmap_read_extents into xfs_iread_extents
        (bsc#1095344).
    
      - xfs: move pre/post-bmap tracing into
        xfs_iext_update_extent (bsc#1095344).
    
      - xfs: move some code around inside xfs_bmap_shift_extents
        (bsc#1095344).
    
      - xfs: move some more code into xfs_bmap_del_extent_real
        (bsc#1095344).
    
      - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h
        (bsc#1095344).
    
      - xfs: move xfs_iext_insert tracepoint to report useful
        information (bsc#1095344).
    
      - xfs: new inode extent list lookup helpers (bsc#1095344).
    
      - xfs: only run torn log write detection on dirty logs
        (bsc#1095753).
    
      - xfs: pass an on-disk extent to xfs_bmbt_validate_extent
        (bsc#1095344).
    
      - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq
        (bsc#1095344).
    
      - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update
        (bsc#1095344).
    
      - xfs: pass struct xfs_bmbt_irec to
        xfs_bmbt_validate_extent (bsc#1095344).
    
      - xfs: provide helper for counting extents from if_bytes
        (bsc#1095344).
    
      - xfs: refactor delalloc accounting in
        xfs_bmap_add_extent_delay_real (bsc#1095344).
    
      - xfs: refactor delalloc indlen reservation split into
        helper (bsc#1095344).
    
      - xfs: refactor dir2 leaf readahead shadow buffer
        cleverness (bsc#1095344).
    
      - xfs: refactor in-core log state update to helper
        (bsc#1095753).
    
      - xfs: refactor unmount record detection into helper
        (bsc#1095753).
    
      - xfs: refactor xfs_bmap_add_extent_delay_real
        (bsc#1095344).
    
      - xfs: refactor xfs_bmap_add_extent_hole_delay
        (bsc#1095344).
    
      - xfs: refactor xfs_bmap_add_extent_hole_real
        (bsc#1095344).
    
      - xfs: refactor xfs_bmap_add_extent_unwritten_real
        (bsc#1095344).
    
      - xfs: refactor xfs_bunmapi_cow (bsc#1095344).
    
      - xfs: refactor xfs_del_extent_real (bsc#1095344).
    
      - xfs: remove a duplicate assignment in
        xfs_bmap_add_extent_delay_real (bsc#1095344).
    
      - xfs: remove all xfs_bmbt_set_* helpers except for
        xfs_bmbt_set_all (bsc#1095344).
    
      - xfs: remove a superflous assignment in
        xfs_iext_remove_node (bsc#1095344).
    
      - xfs: remove if_rdev (bsc#1095344).
    
      - xfs: remove prev argument to xfs_bmapi_reserve_delalloc
        (bsc#1095344).
    
      - xfs: remove support for inlining data/extents into the
        inode fork (bsc#1095344).
    
      - xfs: remove the never fully implemented UUID fork format
        (bsc#1095344).
    
      - xfs: remove the nr_extents argument to xfs_iext_insert
        (bsc#1095344).
    
      - xfs: remove the nr_extents argument to xfs_iext_remove
        (bsc#1095344).
    
      - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344).
    
      - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344).
    
      - xfs: remove xfs_bmbt_get_state (bsc#1095344).
    
      - xfs: remove xfs_bmse_shift_one (bsc#1095344).
    
      - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344).
    
      - xfs: replace xfs_bmbt_lookup_ge with
        xfs_bmbt_lookup_first (bsc#1095344).
    
      - xfs: replace xfs_qm_get_rtblks with a direct call to
        xfs_bmap_count_leaves (bsc#1095344).
    
      - xfs: rewrite getbmap using the xfs_iext_* helpers
        (bsc#1095344).
    
      - xfs: rewrite xfs_bmap_count_leaves using
        xfs_iext_get_extent (bsc#1095344).
    
      - xfs: rewrite xfs_bmap_first_unused to make better use of
        xfs_iext_get_extent (bsc#1095344).
    
      - xfs: separate log head record discovery from
        verification (bsc#1095753).
    
      - xfs: simplify the xfs_getbmap interface (bsc#1095344).
    
      - xfs: simplify validation of the unwritten extent bit
        (bsc#1095344).
    
      - xfs: split indlen reservations fairly when under
        reserved (bsc#1095344).
    
      - xfs: split xfs_bmap_shift_extents (bsc#1095344).
    
      - xfs: switch xfs_bmap_local_to_extents to use
        xfs_iext_insert (bsc#1095344).
    
      - xfs: treat idx as a cursor in
        xfs_bmap_add_extent_delay_real (bsc#1095344).
    
      - xfs: treat idx as a cursor in
        xfs_bmap_add_extent_hole_delay (bsc#1095344).
    
      - xfs: treat idx as a cursor in
        xfs_bmap_add_extent_hole_real (bsc#1095344).
    
      - xfs: treat idx as a cursor in
        xfs_bmap_add_extent_unwritten_real (bsc#1095344).
    
      - xfs: treat idx as a cursor in xfs_bmap_collapse_extents
        (bsc#1095344).
    
      - xfs: treat idx as a cursor in xfs_bmap_del_extent_*
        (bsc#1095344).
    
      - xfs: update freeblocks counter after extent deletion
        (bsc#1095344).
    
      - xfs: update got in xfs_bmap_shift_update_extent
        (bsc#1095344).
    
      - xfs: use a b+tree for the in-core extent list
        (bsc#1095344).
    
      - xfs: use correct state defines in
        xfs_bmap_del_extent_(cow,delay) (bsc#1095344).
    
      - xfs: use new extent lookup helpers in xfs_bmapi_read
        (bsc#1095344).
    
      - xfs: use new extent lookup helpers in xfs_bmapi_write
        (bsc#1095344).
    
      - xfs: use new extent lookup helpers in __xfs_bunmapi
        (bsc#1095344).
    
      - xfs: use the state defines in xfs_bmap_del_extent_real
        (bsc#1095344).
    
      - xfs: use xfs_bmap_del_extent_delay for the data fork as
        well (bsc#1095344).
    
      - xfs: use xfs_iext_*_extent helpers in
        xfs_bmap_shift_extents (bsc#1095344).
    
      - xfs: use xfs_iext_*_extent helpers in
        xfs_bmap_split_extent_at (bsc#1095344).
    
      - xfs: use xfs_iext_get_extent instead of open coding it
        (bsc#1095344).
    
      - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused
        (bsc#1095344).
    
      - xfrm: fix 'passing zero to ERR_PTR()' warning
        (bnc#1012382)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1044189"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050549"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1063026"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1066223"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082519"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082863"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082979"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084427"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084536"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088087"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089343"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090535"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094244"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094555"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094562"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095344"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095753"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1096052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1096547"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099597"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099810"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100056"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100059"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100060"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100061"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100062"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102495"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102715"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102870"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102875"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102877"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102879"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103156"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103269"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103308"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103405"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1105428"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1105795"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106095"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106240"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106293"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106512"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106594"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106934"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1107318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1107829"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1107924"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108096"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108170"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108240"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108315"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108399"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108823"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109333"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109336"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109337"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109441"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110006"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110297"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110337"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110363"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110468"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110601"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110602"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110603"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110604"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110605"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110606"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110611"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110612"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110613"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110614"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110615"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110616"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110618"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110619"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110930"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111363"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-base-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-base-debuginfo-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-debuginfo-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-debugsource-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-devel-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-devel-debuginfo-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-base-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-base-debuginfo-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-debuginfo-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-debugsource-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-devel-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-devel-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-docs-html-4.4.159-73.2") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-docs-pdf-4.4.159-73.2") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-macros-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-build-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-build-debugsource-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-qa-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-source-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-source-vanilla-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-syms-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-base-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-base-debuginfo-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-debuginfo-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-debugsource-4.4.159-73.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-devel-4.4.159-73.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-devel / kernel-macros / kernel-source / etc");
    }