Vulnerabilities > CVE-2018-14634 - Integer Overflow or Wraparound vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linux
redhat
canonical
netapp
CWE-190
nessus
exploit available

Summary

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.

Vulnerable Configurations

Part Description Count
OS
Linux
979
OS
Redhat
14
OS
Canonical
2
Application
Netapp
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Exploit-Db

descriptionLinux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation. CVE-2018-14634. Local exploit for Lin...
fileexploits/linux/local/45516.c
idEDB-ID:45516
last seen2018-10-07
modified2018-09-26
platformlinux
port
published2018-09-26
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/45516/
titleLinux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation
typelocal

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20181009_KERNEL_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) - kernel: Integer overflow in Linux
    last seen2020-03-18
    modified2018-10-11
    plugin id118057
    published2018-10-11
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118057
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20181009)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118057);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
    
      script_cve_id("CVE-2018-14634", "CVE-2018-5391");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20181009)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - A flaw named FragmentSmack was found in the way the
        Linux kernel handled reassembly of fragmented IPv4 and
        IPv6 packets. A remote attacker could use this flaw to
        trigger time and calculation expensive fragment
        reassembly algorithm by sending specially crafted
        packets which could lead to a CPU saturation and hence a
        denial of service on the system. (CVE-2018-5391)
    
      - kernel: Integer overflow in Linux's create_elf_tables
        function (CVE-2018-14634)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1810&L=scientific-linux-errata&F=&S=&P=6630
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ac90b8a1"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"kernel-2.6.32-754.6.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-abi-whitelists-2.6.32-754.6.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-2.6.32-754.6.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-debuginfo-2.6.32-754.6.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-devel-2.6.32-754.6.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debuginfo-2.6.32-754.6.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debuginfo-common-i686-2.6.32-754.6.3.el6")) flag++;
    if (rpm_check(release:"SL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-754.6.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-devel-2.6.32-754.6.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-doc-2.6.32-754.6.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-firmware-2.6.32-754.6.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-headers-2.6.32-754.6.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perf-2.6.32-754.6.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perf-debuginfo-2.6.32-754.6.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"python-perf-2.6.32-754.6.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"python-perf-debuginfo-2.6.32-754.6.3.el6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1087.NASL
    descriptionNOTE: CVE-2018-14634 was already fixed in the 4.14 kernel released with the 2018.03 AMI release. The advisory release date does not accurately reflect the date this was fixed. The actual date of the fix being released is: 2018-04-23. An integer overflow flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id117924
    published2018-10-05
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117924
    titleAmazon Linux AMI : kernel (ALAS-2018-1087)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2018-1087.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(117924);
      script_version("1.3");
      script_cvs_date("Date: 2019/04/05 23:25:05");
    
      script_cve_id("CVE-2018-14634");
      script_xref(name:"ALAS", value:"2018-1087");
    
      script_name(english:"Amazon Linux AMI : kernel (ALAS-2018-1087)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "NOTE: CVE-2018-14634 was already fixed in the 4.14 kernel released
    with the 2018.03 AMI release. The advisory release date does not
    accurately reflect the date this was fixed. The actual date of the fix
    being released is: 2018-04-23.
    
    An integer overflow flaw was found in the Linux kernel's
    create_elf_tables() function. An unprivileged local user with access
    to SUID (or otherwise privileged) binary could use this flaw to
    escalate their privileges on the system. This issue has been give the
    code name Mutagen Astronomy.(CVE-2018-14634)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2018-1087.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "If you are already running a 4.14 kernel, no action is required.
    
    If you are running an older kernel, run 'yum update kernel' and reboot
    your instance to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"kernel-4.14.26-46.32.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-debuginfo-4.14.26-46.32.amzn1")) flag++;
    if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-4.14.26-46.32.amzn1")) flag++;
    if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.14.26-46.32.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-devel-4.14.26-46.32.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-headers-4.14.26-46.32.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-4.14.26-46.32.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-4.14.26-46.32.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-devel-4.14.26-46.32.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"perf-4.14.26-46.32.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"perf-debuginfo-4.14.26-46.32.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0143_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities: - A flaw was found in the Linux kernel
    last seen2020-03-18
    modified2019-08-12
    plugin id127408
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127408
    titleNewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0143)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0143. The text
    # itself is copyright (C) ZTE, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(127408);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20");
    
      script_cve_id(
        "CVE-2016-9555",
        "CVE-2017-5753",
        "CVE-2017-5754",
        "CVE-2017-7308",
        "CVE-2017-8824",
        "CVE-2017-13166",
        "CVE-2017-1000112",
        "CVE-2018-3639",
        "CVE-2018-3693",
        "CVE-2018-5390",
        "CVE-2018-5391",
        "CVE-2018-10675",
        "CVE-2018-10901",
        "CVE-2018-14634"
      );
      script_bugtraq_id(
        102371,
        102378,
        104976,
        105407,
        106128
      );
    
      script_name(english:"NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0143)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple
    vulnerabilities:
    
      - A flaw was found in the Linux kernel's implementation of
        the SCTP protocol. A remote attacker could trigger an
        out-of-bounds read with an offset of up to 64kB
        potentially causing the system to crash. (CVE-2016-9555)
    
      - An exploitable memory corruption flaw was found in the
        Linux kernel. The append path can be erroneously
        switched from UFO to non-UFO in ip_ufo_append_data()
        when building an UFO packet with MSG_MORE option. If
        unprivileged user namespaces are available, this flaw
        can be exploited to gain root privileges.
        (CVE-2017-1000112)
    
      - A bug in the 32-bit compatibility layer of the ioctl
        handling code of the v4l2 video driver in the Linux
        kernel has been found. A memory protection mechanism
        ensuring that user-provided buffers always point to a
        userspace memory were disabled, allowing destination
        address to be in a kernel space. This flaw could be
        exploited by an attacker to overwrite a kernel memory
        from an unprivileged userspace process, leading to
        privilege escalation. (CVE-2017-13166)
    
      - An industry-wide issue was found in the way many modern
        microprocessor designs have implemented speculative
        execution of instructions (a commonly used performance
        optimization). There are three primary variants of the
        issue which differ in the way the speculative execution
        can be exploited. Variant CVE-2017-5753 triggers the
        speculative execution by performing a bounds-check
        bypass. It relies on the presence of a precisely-defined
        instruction sequence in the privileged code as well as
        the fact that memory accesses may cause allocation into
        the microprocessor's data cache even for speculatively
        executed instructions that never actually commit
        (retire). As a result, an unprivileged attacker could
        use this flaw to cross the syscall boundary and read
        privileged memory by conducting targeted cache side-
        channel attacks. (CVE-2017-5753)
    
      - An industry-wide issue was found in the way many modern
        microprocessor designs have implemented speculative
        execution of instructions (a commonly used performance
        optimization). There are three primary variants of the
        issue which differ in the way the speculative execution
        can be exploited. Variant CVE-2017-5754 relies on the
        fact that, on impacted microprocessors, during
        speculative execution of instruction permission faults,
        exception generation triggered by a faulting access is
        suppressed until the retirement of the whole instruction
        block. In a combination with the fact that memory
        accesses may populate the cache even when the block is
        being dropped and never committed (executed), an
        unprivileged local attacker could use this flaw to read
        privileged (kernel space) memory by conducting targeted
        cache side-channel attacks. Note: CVE-2017-5754 affects
        Intel x86-64 microprocessors. AMD x86-64 microprocessors
        are not affected by this issue. (CVE-2017-5754)
    
      - It was found that the packet_set_ring() function of the
        Linux kernel's networking implementation did not
        properly validate certain block-size data. A local
        attacker with CAP_NET_RAW capability could use this flaw
        to trigger a buffer overflow resulting in a system crash
        or a privilege escalation. (CVE-2017-7308)
    
      - A use-after-free vulnerability was found in DCCP socket
        code affecting the Linux kernel since 2.6.16. This
        vulnerability could allow an attacker to their escalate
        privileges. (CVE-2017-8824)
    
      - The do_get_mempolicy() function in mm/mempolicy.c in the
        Linux kernel allows local users to hit a use-after-free
        bug via crafted system calls and thus cause a denial of
        service (DoS) or possibly have unspecified other impact.
        Due to the nature of the flaw, privilege escalation
        cannot be fully ruled out. (CVE-2018-10675)
    
      - A flaw was found in Linux kernel's KVM virtualization
        subsystem. The VMX code does not restore the GDT.LIMIT
        to the previous host value, but instead sets it to 64KB.
        With a corrupted GDT limit a host's userspace code has
        an ability to place malicious entries in the GDT,
        particularly to the per-cpu variables. An attacker can
        use this to escalate their privileges. (CVE-2018-10901)
    
      - An integer overflow flaw was found in the Linux kernel's
        create_elf_tables() function. An unprivileged local user
        with access to SUID (or otherwise privileged) binary
        could use this flaw to escalate their privileges on the
        system. (CVE-2018-14634)
    
      - An industry-wide issue was found in the way many modern
        microprocessor designs have implemented speculative
        execution of Load & Store instructions (a commonly used
        performance optimization). It relies on the presence of
        a precisely-defined instruction sequence in the
        privileged code as well as the fact that memory read
        from address to which a recent memory write has occurred
        may see an older value and subsequently cause an update
        into the microprocessor's data cache even for
        speculatively executed instructions that never actually
        commit (retire). As a result, an unprivileged attacker
        could use this flaw to read privileged memory by
        conducting targeted cache side-channel attacks.
        (CVE-2018-3639)
    
      - An industry-wide issue was found in the way many modern
        microprocessor designs have implemented speculative
        execution of instructions past bounds check. The flaw
        relies on the presence of a precisely-defined
        instruction sequence in the privileged code and the fact
        that memory writes occur to an address which depends on
        the untrusted value. Such writes cause an update into
        the microprocessor's data cache even for speculatively
        executed instructions that never actually commit
        (retire). As a result, an unprivileged attacker could
        use this flaw to influence speculative execution and/or
        read privileged memory by conducting targeted cache
        side-channel attacks. (CVE-2018-3693)
    
      - A flaw named SegmentSmack was found in the way the Linux
        kernel handled specially crafted TCP packets. A remote
        attacker could use this flaw to trigger time and
        calculation expensive calls to tcp_collapse_ofo_queue()
        and tcp_prune_ofo_queue() functions by sending specially
        modified packets within ongoing TCP sessions which could
        lead to a CPU saturation and hence a denial of service
        on the system. Maintaining the denial of service
        condition requires continuous two-way TCP sessions to a
        reachable open port, thus the attacks cannot be
        performed using spoofed IP addresses. (CVE-2018-5390)
    
      - A flaw named FragmentSmack was found in the way the
        Linux kernel handled reassembly of fragmented IPv4 and
        IPv6 packets. A remote attacker could use this flaw to
        trigger time and calculation expensive fragment
        reassembly algorithm by sending specially crafted
        packets which could lead to a CPU saturation and hence a
        denial of service on the system. (CVE-2018-5391)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0143");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for
    more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-9555");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'AF_PACKET packet_set_ring Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL MAIN 4.05")
      audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL MAIN 4.05": [
        "kernel-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-abi-whitelists-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-debug-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-debug-debuginfo-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-debug-devel-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-debuginfo-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-debuginfo-common-x86_64-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-devel-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-doc-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-firmware-2.6.32-642.13.1.el6.cgsl7763",
        "kernel-headers-2.6.32-642.13.1.el6.cgsl7763",
        "perf-2.6.32-642.13.1.el6.cgsl7763",
        "perf-debuginfo-2.6.32-642.13.1.el6.cgsl7763",
        "python-perf-2.6.32-642.13.1.el6.cgsl7763",
        "python-perf-debuginfo-2.6.32-642.13.1.el6.cgsl7763"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL20934447.NASL
    descriptionAn integer overflow flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id123136
    published2019-03-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123136
    titleF5 Networks BIG-IP : Linux kernel vulnerability (K20934447)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from F5 Networks BIG-IP Solution K20934447.
    #
    # The text description of this plugin is (C) F5 Networks.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123136);
      script_version("1.8");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2018-14634");
    
      script_name(english:"F5 Networks BIG-IP : Linux kernel vulnerability (K20934447)");
      script_summary(english:"Checks the BIG-IP version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote device is missing a vendor-supplied security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An integer overflow flaw was found in the Linux kernel's
    create_elf_tables() function. An unprivileged local user with access
    to SUID (or otherwise privileged) binary could use this flaw to
    escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x
    and 4.14.x are believed to be vulnerable. (CVE-2018-14634)
    
    Impact
    
    The default, standard, and recommended configuration for the BIG-IP
    configuration is to allow only root user access to the CLI. Therefore,
    local privilege escalations are mitigated by default. Any unprivileged
    local user may acquire elevated privileges."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://support.f5.com/csp/article/K20934447"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade to one of the non-vulnerable versions listed in the F5
    Solution K20934447."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"F5 Networks Local Security Checks");
    
      script_dependencies("f5_bigip_detect.nbin");
      script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
    
      exit(0);
    }
    
    
    include("f5_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    version = get_kb_item("Host/BIG-IP/version");
    if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
    if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
    if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
    
    sol = "K20934447";
    vmatrix = make_array();
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    # AFM
    vmatrix["AFM"] = make_array();
    vmatrix["AFM"]["affected"  ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.2.1-11.6.3");
    vmatrix["AFM"]["unaffected"] = make_list("15.0.0","14.1.0.6","14.0.1.1","13.1.1.5","12.1.5","11.6.4");
    
    # AM
    vmatrix["AM"] = make_array();
    vmatrix["AM"]["affected"  ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.2.1-11.6.3");
    vmatrix["AM"]["unaffected"] = make_list("15.0.0","14.1.0.6","14.0.1.1","13.1.1.5","12.1.5","11.6.4");
    
    # APM
    vmatrix["APM"] = make_array();
    vmatrix["APM"]["affected"  ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.2.1-11.6.3");
    vmatrix["APM"]["unaffected"] = make_list("15.0.0","14.1.0.6","14.0.1.1","13.1.1.5","12.1.5","11.6.4");
    
    # ASM
    vmatrix["ASM"] = make_array();
    vmatrix["ASM"]["affected"  ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.2.1-11.6.3");
    vmatrix["ASM"]["unaffected"] = make_list("15.0.0","14.1.0.6","14.0.1.1","13.1.1.5","12.1.5","11.6.4");
    
    # AVR
    vmatrix["AVR"] = make_array();
    vmatrix["AVR"]["affected"  ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.2.1-11.6.3");
    vmatrix["AVR"]["unaffected"] = make_list("15.0.0","14.1.0.6","14.0.1.1","13.1.1.5","12.1.5","11.6.4");
    
    # GTM
    vmatrix["GTM"] = make_array();
    vmatrix["GTM"]["affected"  ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.2.1-11.6.3");
    vmatrix["GTM"]["unaffected"] = make_list("15.0.0","14.1.0.6","14.0.1.1","13.1.1.5","12.1.5","11.6.4");
    
    # LC
    vmatrix["LC"] = make_array();
    vmatrix["LC"]["affected"  ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.2.1-11.6.3");
    vmatrix["LC"]["unaffected"] = make_list("15.0.0","14.1.0.6","14.0.1.1","13.1.1.5","12.1.5","11.6.4");
    
    # LTM
    vmatrix["LTM"] = make_array();
    vmatrix["LTM"]["affected"  ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.2.1-11.6.3");
    vmatrix["LTM"]["unaffected"] = make_list("15.0.0","14.1.0.6","14.0.1.1","13.1.1.5","12.1.5","11.6.4");
    
    # PEM
    vmatrix["PEM"] = make_array();
    vmatrix["PEM"]["affected"  ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.2.1-11.6.3");
    vmatrix["PEM"]["unaffected"] = make_list("15.0.0","14.1.0.6","14.0.1.1","13.1.1.5","12.1.5","11.6.4");
    
    # WAM
    vmatrix["WAM"] = make_array();
    vmatrix["WAM"]["affected"  ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.2.1-11.6.3");
    vmatrix["WAM"]["unaffected"] = make_list("15.0.0","14.1.0.6","14.0.1.1","13.1.1.5","12.1.5","11.6.4");
    
    
    if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
    {
      if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = bigip_get_tested_modules();
      audit_extra = "For BIG-IP module(s) " + tested + ",";
      if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
      else audit(AUDIT_HOST_NOT, "running any of the affected modules");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4234.NASL
    descriptionDescription of changes: [2.6.39-400.301.2.el6uek] - exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28710024] {CVE-2018-14634}
    last seen2020-06-01
    modified2020-06-02
    plugin id117849
    published2018-10-01
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117849
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4234)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2018-4234.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(117849);
      script_version("1.6");
      script_cvs_date("Date: 2019/09/27 13:00:39");
    
      script_cve_id("CVE-2018-14634");
    
      script_name(english:"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4234)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Description of changes:
    
    [2.6.39-400.301.2.el6uek]
    - exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook)  [Orabug: 
    28710024]  {CVE-2018-14634}"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2018-September/008099.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/09/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-14634");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2018-4234");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.6";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-2.6.39-400.301.2.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-2.6.39-400.301.2.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-devel-2.6.39-400.301.2.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-devel-2.6.39-400.301.2.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-doc-2.6.39-400.301.2.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-firmware-2.6.39-400.301.2.el6uek")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2908-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 kernel was updated receive various security and bugfixes. The following security bugs were fixed : CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912) CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095) CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001) CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322) CVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844) CVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863) CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could have used this to cause a system crash and a denial of service (bsc#1099845) CVE-2018-10882: A local user could have caused an out-of-bound write, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849) CVE-2018-10881: A local user could have caused an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864) CVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846) CVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811) CVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service or unspecified other impact by mounting and operating a crafted ext4 filesystem image (bsc#1099813) CVE-2018-10853: The KVM hypervisor did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could have used this flaw to potentially escalate privileges inside guest (bsc#1097104). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117824
    published2018-09-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117824
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:2908-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:2908-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(117824);
      script_version("1.5");
      script_cvs_date("Date: 2019/09/10 13:51:49");
    
      script_cve_id("CVE-2018-10853", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-10940", "CVE-2018-12896", "CVE-2018-13093", "CVE-2018-14617", "CVE-2018-14634", "CVE-2018-16276", "CVE-2018-16658", "CVE-2018-6554", "CVE-2018-6555");
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2908-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP1 kernel was updated receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2018-14634: Prevent integer overflow in create_elf_tables that
    allowed a local attacker to exploit this vulnerability via a SUID-root
    binary and obtain full root privileges (bsc#1108912)
    
    CVE-2018-14617: Prevent NULL pointer dereference and panic in
    hfsplus_lookup() when opening a file (that is purportedly a hard link)
    in an hfs+ filesystem that has malformed catalog data, and is mounted
    read-only without a metadata directory (bsc#1102870)
    
    CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in
    yurex_read allowed local attackers to use user access read/writes to
    crash the kernel or potentially escalate privileges (bsc#1106095)
    
    CVE-2018-12896: Prevent integer overflow in the POSIX timer code that
    was caused by the way the overrun accounting works. Depending on
    interval and expiry time values, the overrun can be larger than
    INT_MAX, but the accounting is int based. This basically made the
    accounting values, which are visible to user space via
    timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a
    local user to cause a denial of service (signed integer overflow) via
    crafted mmap, futex, timer_create, and timer_settime system calls
    (bnc#1099922)
    
    CVE-2018-13093: Prevent NULL pointer dereference and panic in
    lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a
    corrupted xfs image. This occured because of a lack of proper
    validation that cached inodes are free during allocation (bnc#1100001)
    
    CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local
    attackers to use a incorrect bounds check in the CDROM driver
    CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)
    
    CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status
    that could have been used by local attackers to read kernel memory
    (bnc#1107689)
    
    CVE-2018-6555: The irda_setsockopt function allowed local users to
    cause a denial of service (ias_object use-after-free and system crash)
    or possibly have unspecified other impact via an AF_IRDA socket
    (bnc#1106511)
    
    CVE-2018-6554: Prevent memory leak in the irda_bind function that
    allowed local users to cause a denial of service (memory consumption)
    by repeatedly binding an AF_IRDA socket (bnc#1106509)
    
    CVE-2018-10902: Protect against concurrent access to prevent double
    realloc (double free) in snd_rawmidi_input_params() and
    snd_rawmidi_output_status(). A malicious local attacker could have
    used this for privilege escalation (bnc#1105322)
    
    CVE-2018-10879: A local user could have caused a use-after-free in
    ext4_xattr_set_entry function and a denial of service or unspecified
    other impact by renaming a file in a crafted ext4 filesystem image
    (bsc#1099844)
    
    CVE-2018-10883: A local user could have caused an out-of-bounds write
    in jbd2_journal_dirty_metadata(), a denial of service, and a system
    crash by mounting and operating on a crafted ext4 filesystem image
    (bsc#1099863)
    
    CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4
    filesystem code when mounting and writing to a crafted ext4 image in
    ext4_update_inline_data(). An attacker could have used this to cause a
    system crash and a denial of service (bsc#1099845)
    
    CVE-2018-10882: A local user could have caused an out-of-bound write,
    a denial of service, and a system crash by unmounting a crafted ext4
    filesystem image (bsc#1099849)
    
    CVE-2018-10881: A local user could have caused an out-of-bound access
    in ext4_get_group_info function, a denial of service, and a system
    crash by mounting and operating on a crafted ext4 filesystem image
    (bsc#1099864)
    
    CVE-2018-10877: Prevent out-of-bound access in the
    ext4_ext_drop_refs() function when operating on a crafted ext4
    filesystem image (bsc#1099846)
    
    CVE-2018-10876: A use-after-free was possible in
    ext4_ext_remove_space() function when mounting and operating a crafted
    ext4 image (bsc#1099811)
    
    CVE-2018-10878: A local user could have caused an out-of-bounds write
    and a denial of service or unspecified other impact by mounting and
    operating a crafted ext4 filesystem image (bsc#1099813)
    
    CVE-2018-10853: The KVM hypervisor did not check current
    privilege(CPL) level while emulating unprivileged instructions. An
    unprivileged guest user/process could have used this flaw to
    potentially escalate privileges inside guest (bsc#1097104).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062604"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064233"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1065999"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1090534"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1090955"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1091171"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1092903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1096547"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1097104"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1097108"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099844"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099845"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099846"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099849"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099863"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099864"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099922"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1100001"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1102870"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1103445"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104319"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104495"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104818"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104906"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105100"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105322"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105323"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105396"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106095"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106369"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106509"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106511"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107689"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10853/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10876/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10877/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10878/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10879/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10880/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10881/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10882/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10883/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10902/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10940/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12896/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-13093/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-14617/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-14634/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16276/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16658/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-6554/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-6555/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20182908-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e50fcd04"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2018-2063=1
    
    SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch
    SUSE-SLE-Module-Public-Cloud-12-2018-2063=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/09/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-devel-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"s390x", reference:"kernel-default-man-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-debuginfo-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debuginfo-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debugsource-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-devel-3.12.74-60.64.104.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-syms-3.12.74-60.64.104.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4250.NASL
    descriptionDescription of changes: [2.6.39-400.302.2.el6uek] - Revert
    last seen2020-06-01
    modified2020-06-02
    plugin id118107
    published2018-10-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118107
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4250)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3591.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344) * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id118948
    published2018-11-14
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118948
    titleRHEL 7 : kernel (RHSA-2018:3591)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-2846.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id118018
    published2018-10-10
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118018
    titleCentOS 6 : kernel (CESA-2018:2846)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3586.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id119112
    published2018-11-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119112
    titleRHEL 6 : MRG (RHSA-2018:3586)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2748.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id117773
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117773
    titleRHEL 7 : kernel (RHSA-2018:2748)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0034_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIMIT_INFINITY, but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. (CVE-2017-1000365) - An integer overflow flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127202
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127202
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0034)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1087.NASL
    descriptionNOTE: CVE-2018-14634 was already fixed in the 4.14 kernel released with the Amazon Linux 2 LTS release. The advisory release date does not accurately reflect the date this was fixed. An integer overflow flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id118042
    published2018-10-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118042
    titleAmazon Linux 2 : kernel (ALAS-2018-1087)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-2748.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id117829
    published2018-10-01
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117829
    titleCentOS 7 : kernel (CESA-2018:2748)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1351.NASL
    descriptionAccording to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An integer overflow flaw was found in the Linux kernel
    last seen2020-03-19
    modified2018-10-26
    plugin id118439
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118439
    titleEulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1351)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2018-072.NASL
    descriptionAccording to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw was found in create_elf_tables(). An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. - The Linux kernel imposes a size limit on the memory needed to store the arguments and environment variables of a process, 1/4 of the maximum stack size (RLIMIT_STACK). However, the pointers to these data were not taken into account, which allowed attackers to bypass the limit and even exhaust the stack of the process. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id121097
    published2019-01-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121097
    titleVirtuozzo 7 : readykernel-patch (VZA-2018-072)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4230.NASL
    descriptionDescription of changes: [4.1.12-124.19.6.el7uek] - exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28709994] {CVE-2018-14634}
    last seen2020-06-01
    modified2020-06-02
    plugin id117847
    published2018-10-01
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117847
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4230)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4233.NASL
    descriptionDescription of changes: kernel-uek [3.8.13-118.24.3.el7uek] - exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28710010] {CVE-2018-14634}
    last seen2020-06-01
    modified2020-06-02
    plugin id117848
    published2018-10-01
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117848
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4233)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2763.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id117776
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117776
    titleRHEL 7 : kernel-rt (RHSA-2018:2763)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3171-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_82 fixes several issues. The following security issues were fixed : CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). CVE-2018-14634: An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable (bsc#1108963). CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack-based buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target
    last seen2020-06-01
    modified2020-06-02
    plugin id118173
    published2018-10-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118173
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:3171-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2907-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912). CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517) CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322). CVE-2018-14734: ucma_leave_multicast accessed a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bsc#1103119). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117823
    published2018-09-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117823
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2018:2907-1)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_SPACE_JSA10917_184R1.NASL
    descriptionAccording to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id121068
    published2019-01-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121068
    titleJuniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2879-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870). CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095). CVE-2018-15594: Ensure correct handling of indirect calls, to prevent attackers for conducting Spectre-v2 attacks against paravirtual guests (bsc#1105348). CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912) CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517) CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322) CVE-2018-14734: ucma_leave_multicast accessed a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bsc#1103119) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117820
    published2018-09-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117820
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2018:2879-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3643.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id119075
    published2018-11-21
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119075
    titleRHEL 6 : kernel (RHSA-2018:3643)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4245.NASL
    descriptionDescription of changes: kernel-uek [3.8.13-118.25.1.el7uek] - x86/spectre_v2: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id118055
    published2018-10-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118055
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4245) (Foreshadow)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1362.NASL
    descriptionAccording to the version of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Integer overflow in Linux
    last seen2020-05-06
    modified2018-11-07
    plugin id118756
    published2018-11-07
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118756
    titleEulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1362)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2924.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id118163
    published2018-10-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118163
    titleRHEL 6 : kernel (RHSA-2018:2924)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180925_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - kernel: Integer overflow in Linux
    last seen2020-03-18
    modified2018-09-27
    plugin id117787
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117787
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20180925)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-2846.NASL
    descriptionFrom Red Hat Security Advisory 2018:2846 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id118025
    published2018-10-10
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118025
    titleOracle Linux 6 : kernel (ELSA-2018-2846)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0261.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28709994] (CVE-2018-14634)
    last seen2020-06-01
    modified2020-06-02
    plugin id117846
    published2018-10-01
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117846
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0261)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1410.NASL
    descriptionAccording to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An integer overflow flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id119899
    published2018-12-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119899
    titleEulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2018-1410)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1513.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the
    last seen2020-03-19
    modified2019-05-15
    plugin id125101
    published2019-05-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125101
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1513)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3775-1.NASL
    descriptionIt was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. (CVE-2018-15594) It was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. (CVE-2018-15572) It was discovered that an integer overflow vulnerability existed in the Linux kernel when loading an executable to run. A local attacker could use this to gain administrative privileges. (CVE-2018-14634) It was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2018-14633) It was discovered that a memory leak existed in the IRDA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2018-6554) It was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117869
    published2018-10-02
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117869
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-3775-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2933.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id118165
    published2018-10-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118165
    titleRHEL 6 : kernel (RHSA-2018:2933)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1360.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in Linux
    last seen2020-05-06
    modified2018-11-06
    plugin id118743
    published2018-11-06
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118743
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1360)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1511.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls.(CVE-2018-1130) - An issue was discovered in the XFS filesystem in fs/xfs/xfs_icache.c in the Linux kernel. There is a NULL pointer dereference leading to a system panic in lookup_slow() on a NULL inode-i1/4zi_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during an allocation.(CVE-2018-13093) - An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. This can lead to a system crash and a denial of service.(CVE-2018-13094) - A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not.(CVE-2018-13405) - A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target
    last seen2020-03-19
    modified2019-05-13
    plugin id124833
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124833
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1511)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3540.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id118946
    published2018-11-14
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118946
    titleRHEL 7 : kernel (RHSA-2018:3540)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-2748.NASL
    descriptionFrom Red Hat Security Advisory 2018:2748 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id117765
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117765
    titleOracle Linux 7 : kernel (ELSA-2018-2748)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2925.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id118164
    published2018-10-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118164
    titleRHEL 6 : kernel (RHSA-2018:2925)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2019-013.NASL
    descriptionAccording to the versions of the OVMF / anaconda / anaconda-core / anaconda-dracut / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw was found in create_elf_tables(). An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. - It was discovered that a race condition between packet_do_bind() and packet_notifier() in the implementation of AF_PACKET could lead to use-after-free. An unprivileged user on the host or in a container could exploit this to crash the kernel or, potentially, to escalate their privileges in the system. - The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122611
    published2019-03-05
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122611
    titleVirtuozzo 7 : OVMF / anaconda / anaconda-core / anaconda-dracut / etc (VZA-2019-013)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0049_KERNEL-RT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver [firewire-net] in a fragment handling code in the Linux kernel. The vulnerability exists since firewire supported IPv4, i.e. since version 2.6.31 (year 2009) till version v4.9-rc4. A maliciously formed fragment with a respectively large datagram offset would cause a memcpy() past the datagram buffer, which would cause a system panic or possible arbitrary code execution. The flaw requires [firewire-net] module to be loaded and is remotely exploitable from connected firewire devices, but not over a local network. (CVE-2016-8633) - The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIMIT_INFINITY, but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. (CVE-2017-1000365) - A bug in the 32-bit compatibility layer of the ioctl handling code of the v4l2 video driver in the Linux kernel has been found. A memory protection mechanism ensuring that user-provided buffers always point to a userspace memory were disabled, allowing destination address to be in a kernel space. This flaw could be exploited by an attacker to overwrite a kernel memory from an unprivileged userspace process, leading to privilege escalation. (CVE-2017-13166) - The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id127233
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127233
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0049)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3590.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: out-of-bounds access in the show_timer function in kernel/time/ posix-timers.c (CVE-2017-18344) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id118947
    published2018-11-14
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118947
    titleRHEL 7 : kernel (RHSA-2018:3590)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3238-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_136 fixes several issues. The following security issues were fixed : CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). CVE-2018-14634: An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable (bsc#1108963). CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack-based buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target
    last seen2020-06-01
    modified2020-06-02
    plugin id118223
    published2018-10-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118223
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:3238-1)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2018-075.NASL
    descriptionAccording to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. - An integer overflow flaw was found in the Linux kernel
    last seen2020-03-17
    modified2019-01-11
    plugin id121098
    published2019-01-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121098
    titleVirtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-075)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2846.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: Integer overflow in Linux
    last seen2020-06-01
    modified2020-06-02
    plugin id118028
    published2018-10-10
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118028
    titleRHEL 6 : kernel (RHSA-2018:2846)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3083-1.NASL
    descriptionThe SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912) CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095) CVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922) CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001) CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903) CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689) CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) CVE-2018-10853: The KVM hypervisor did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could have used this flaw to potentially escalate privileges inside guest (bsc#1097104) CVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322). CVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844) CVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863) CVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could have used this to cause a system crash and a denial of service (bsc#1099845) CVE-2018-10882: A local user could have caused an out-of-bound write, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849) CVE-2018-10881: A local user could have caused an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864) CVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846) CVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811) CVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service or unspecified other impact by mounting and operating a crafted ext4 filesystem image (bsc#1099813) CVE-2018-17182: An issue was discovered in the Linux kernel The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118033
    published2018-10-10
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118033
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:3083-1)
  • NASL familyPalo Alto Local Security Checks
    NASL idPALO_ALTO_PAN-SA-2019-0006.NASL
    descriptionThe version of Palo Alto Networks PAN-OS running on the remote host is prior to 7.1.23 or 8.0.x prior to 8.0.16 or 8.1.x prior to 8.1.7. It is, therefore, affected by an integer overflow vulnerability exists in the Linux Kernel of PAN-OS. An authenticated, local attacker can exploit this, via execution of arbitrary code in chained attack. (CVE-2018-14634)
    last seen2020-06-01
    modified2020-06-02
    plugin id123079
    published2019-03-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123079
    titlePalo Alto Networks < 7.1.23 / 8.0.x < 8.0.16 / 8.1.x < 8.1.7 Integer Overflow Vulnerability (PAN-SA-2019-0006)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1368.NASL
    descriptionAccording to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An integer overflow flaw was found in the Linux kernel
    last seen2020-03-19
    modified2018-11-21
    plugin id119059
    published2018-11-21
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119059
    titleEulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1368)

Redhat

advisories
  • bugzilla
    id1624498
    titleCVE-2018-14634 kernel: Integer overflow in Linux's create_elf_tables function
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • commentkernel earlier than 0:3.10.0-862.14.4.el7 is currently running
          ovaloval:com.redhat.rhsa:tst:20182748031
        • commentkernel earlier than 0:3.10.0-862.14.4.el7 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20182748032
      • OR
        • AND
          • commentkernel-tools-libs-devel is earlier than 0:3.10.0-862.14.4.el7
            ovaloval:com.redhat.rhsa:tst:20182748001
          • commentkernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678022
        • AND
          • commentkernel-abi-whitelists is earlier than 0:3.10.0-862.14.4.el7
            ovaloval:com.redhat.rhsa:tst:20182748003
          • commentkernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131645022
        • AND
          • commentkernel-doc is earlier than 0:3.10.0-862.14.4.el7
            ovaloval:com.redhat.rhsa:tst:20182748005
          • commentkernel-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842002
        • AND
          • commentkernel-devel is earlier than 0:3.10.0-862.14.4.el7
            ovaloval:com.redhat.rhsa:tst:20182748007
          • commentkernel-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842016
        • AND
          • commentkernel-debug is earlier than 0:3.10.0-862.14.4.el7
            ovaloval:com.redhat.rhsa:tst:20182748009
          • commentkernel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842014
        • AND
          • commentkernel-debug-devel is earlier than 0:3.10.0-862.14.4.el7
            ovaloval:com.redhat.rhsa:tst:20182748011
          • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842008
        • AND
          • commentkernel-headers is earlier than 0:3.10.0-862.14.4.el7
            ovaloval:com.redhat.rhsa:tst:20182748013
          • commentkernel-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842010
        • AND
          • commentkernel-tools is earlier than 0:3.10.0-862.14.4.el7
            ovaloval:com.redhat.rhsa:tst:20182748015
          • commentkernel-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678012
        • AND
          • commentpython-perf is earlier than 0:3.10.0-862.14.4.el7
            ovaloval:com.redhat.rhsa:tst:20182748017
          • commentpython-perf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111530024
        • AND
          • commentkernel is earlier than 0:3.10.0-862.14.4.el7
            ovaloval:com.redhat.rhsa:tst:20182748019
          • commentkernel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842012
        • AND
          • commentkernel-tools-libs is earlier than 0:3.10.0-862.14.4.el7
            ovaloval:com.redhat.rhsa:tst:20182748021
          • commentkernel-tools-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678016
        • AND
          • commentperf is earlier than 0:3.10.0-862.14.4.el7
            ovaloval:com.redhat.rhsa:tst:20182748023
          • commentperf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842006
        • AND
          • commentkernel-bootwrapper is earlier than 0:3.10.0-862.14.4.el7
            ovaloval:com.redhat.rhsa:tst:20182748025
          • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842018
        • AND
          • commentkernel-kdump is earlier than 0:3.10.0-862.14.4.el7
            ovaloval:com.redhat.rhsa:tst:20182748027
          • commentkernel-kdump is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842020
        • AND
          • commentkernel-kdump-devel is earlier than 0:3.10.0-862.14.4.el7
            ovaloval:com.redhat.rhsa:tst:20182748029
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842022
    rhsa
    idRHSA-2018:2748
    released2018-09-25
    severityImportant
    titleRHSA-2018:2748: kernel security and bug fix update (Important)
  • bugzilla
    id1624498
    titleCVE-2018-14634 kernel: Integer overflow in Linux's create_elf_tables function
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentkernel-rt-doc is earlier than 0:3.10.0-862.14.4.rt56.821.el7
            ovaloval:com.redhat.rhsa:tst:20182763001
          • commentkernel-rt-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727002
        • AND
          • commentkernel-rt-trace is earlier than 0:3.10.0-862.14.4.rt56.821.el7
            ovaloval:com.redhat.rhsa:tst:20182763003
          • commentkernel-rt-trace is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727008
        • AND
          • commentkernel-rt-trace-devel is earlier than 0:3.10.0-862.14.4.rt56.821.el7
            ovaloval:com.redhat.rhsa:tst:20182763005
          • commentkernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727004
        • AND
          • commentkernel-rt-debug is earlier than 0:3.10.0-862.14.4.rt56.821.el7
            ovaloval:com.redhat.rhsa:tst:20182763007
          • commentkernel-rt-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727014
        • AND
          • commentkernel-rt-devel is earlier than 0:3.10.0-862.14.4.rt56.821.el7
            ovaloval:com.redhat.rhsa:tst:20182763009
          • commentkernel-rt-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727012
        • AND
          • commentkernel-rt is earlier than 0:3.10.0-862.14.4.rt56.821.el7
            ovaloval:com.redhat.rhsa:tst:20182763011
          • commentkernel-rt is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727006
        • AND
          • commentkernel-rt-debug-devel is earlier than 0:3.10.0-862.14.4.rt56.821.el7
            ovaloval:com.redhat.rhsa:tst:20182763013
          • commentkernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727010
        • AND
          • commentkernel-rt-kvm is earlier than 0:3.10.0-862.14.4.rt56.821.el7
            ovaloval:com.redhat.rhsa:tst:20182763015
          • commentkernel-rt-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212018
        • AND
          • commentkernel-rt-trace-kvm is earlier than 0:3.10.0-862.14.4.rt56.821.el7
            ovaloval:com.redhat.rhsa:tst:20182763017
          • commentkernel-rt-trace-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212016
        • AND
          • commentkernel-rt-debug-kvm is earlier than 0:3.10.0-862.14.4.rt56.821.el7
            ovaloval:com.redhat.rhsa:tst:20182763019
          • commentkernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212020
    rhsa
    idRHSA-2018:2763
    released2018-09-25
    severityImportant
    titleRHSA-2018:2763: kernel-rt security and bug fix update (Important)
  • rhsa
    idRHSA-2018:2846
  • rhsa
    idRHSA-2018:2924
  • rhsa
    idRHSA-2018:2925
  • rhsa
    idRHSA-2018:2933
  • rhsa
    idRHSA-2018:3540
  • rhsa
    idRHSA-2018:3586
  • rhsa
    idRHSA-2018:3590
  • rhsa
    idRHSA-2018:3591
  • rhsa
    idRHSA-2018:3643
rpms
  • kernel-0:3.10.0-862.14.4.el7
  • kernel-abi-whitelists-0:3.10.0-862.14.4.el7
  • kernel-bootwrapper-0:3.10.0-862.14.4.el7
  • kernel-debug-0:3.10.0-862.14.4.el7
  • kernel-debug-debuginfo-0:3.10.0-862.14.4.el7
  • kernel-debug-devel-0:3.10.0-862.14.4.el7
  • kernel-debuginfo-0:3.10.0-862.14.4.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-862.14.4.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-862.14.4.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-862.14.4.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-862.14.4.el7
  • kernel-devel-0:3.10.0-862.14.4.el7
  • kernel-doc-0:3.10.0-862.14.4.el7
  • kernel-headers-0:3.10.0-862.14.4.el7
  • kernel-kdump-0:3.10.0-862.14.4.el7
  • kernel-kdump-debuginfo-0:3.10.0-862.14.4.el7
  • kernel-kdump-devel-0:3.10.0-862.14.4.el7
  • kernel-tools-0:3.10.0-862.14.4.el7
  • kernel-tools-debuginfo-0:3.10.0-862.14.4.el7
  • kernel-tools-libs-0:3.10.0-862.14.4.el7
  • kernel-tools-libs-devel-0:3.10.0-862.14.4.el7
  • perf-0:3.10.0-862.14.4.el7
  • perf-debuginfo-0:3.10.0-862.14.4.el7
  • python-perf-0:3.10.0-862.14.4.el7
  • python-perf-debuginfo-0:3.10.0-862.14.4.el7
  • kernel-rt-0:3.10.0-862.14.4.rt56.821.el7
  • kernel-rt-debug-0:3.10.0-862.14.4.rt56.821.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-862.14.4.rt56.821.el7
  • kernel-rt-debug-devel-0:3.10.0-862.14.4.rt56.821.el7
  • kernel-rt-debug-kvm-0:3.10.0-862.14.4.rt56.821.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-862.14.4.rt56.821.el7
  • kernel-rt-debuginfo-0:3.10.0-862.14.4.rt56.821.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-862.14.4.rt56.821.el7
  • kernel-rt-devel-0:3.10.0-862.14.4.rt56.821.el7
  • kernel-rt-doc-0:3.10.0-862.14.4.rt56.821.el7
  • kernel-rt-kvm-0:3.10.0-862.14.4.rt56.821.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-862.14.4.rt56.821.el7
  • kernel-rt-trace-0:3.10.0-862.14.4.rt56.821.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-862.14.4.rt56.821.el7
  • kernel-rt-trace-devel-0:3.10.0-862.14.4.rt56.821.el7
  • kernel-rt-trace-kvm-0:3.10.0-862.14.4.rt56.821.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-862.14.4.rt56.821.el7
  • kernel-0:2.6.32-754.6.3.el6
  • kernel-abi-whitelists-0:2.6.32-754.6.3.el6
  • kernel-bootwrapper-0:2.6.32-754.6.3.el6
  • kernel-debug-0:2.6.32-754.6.3.el6
  • kernel-debug-debuginfo-0:2.6.32-754.6.3.el6
  • kernel-debug-devel-0:2.6.32-754.6.3.el6
  • kernel-debuginfo-0:2.6.32-754.6.3.el6
  • kernel-debuginfo-common-i686-0:2.6.32-754.6.3.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-754.6.3.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-754.6.3.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-754.6.3.el6
  • kernel-devel-0:2.6.32-754.6.3.el6
  • kernel-doc-0:2.6.32-754.6.3.el6
  • kernel-firmware-0:2.6.32-754.6.3.el6
  • kernel-headers-0:2.6.32-754.6.3.el6
  • kernel-kdump-0:2.6.32-754.6.3.el6
  • kernel-kdump-debuginfo-0:2.6.32-754.6.3.el6
  • kernel-kdump-devel-0:2.6.32-754.6.3.el6
  • perf-0:2.6.32-754.6.3.el6
  • perf-debuginfo-0:2.6.32-754.6.3.el6
  • python-perf-0:2.6.32-754.6.3.el6
  • python-perf-debuginfo-0:2.6.32-754.6.3.el6
  • kernel-0:2.6.32-504.76.2.el6
  • kernel-abi-whitelists-0:2.6.32-504.76.2.el6
  • kernel-debug-0:2.6.32-504.76.2.el6
  • kernel-debug-debuginfo-0:2.6.32-504.76.2.el6
  • kernel-debug-devel-0:2.6.32-504.76.2.el6
  • kernel-debuginfo-0:2.6.32-504.76.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-504.76.2.el6
  • kernel-devel-0:2.6.32-504.76.2.el6
  • kernel-doc-0:2.6.32-504.76.2.el6
  • kernel-firmware-0:2.6.32-504.76.2.el6
  • kernel-headers-0:2.6.32-504.76.2.el6
  • perf-0:2.6.32-504.76.2.el6
  • perf-debuginfo-0:2.6.32-504.76.2.el6
  • python-perf-0:2.6.32-504.76.2.el6
  • python-perf-debuginfo-0:2.6.32-504.76.2.el6
  • kernel-0:2.6.32-573.65.2.el6
  • kernel-abi-whitelists-0:2.6.32-573.65.2.el6
  • kernel-bootwrapper-0:2.6.32-573.65.2.el6
  • kernel-debug-0:2.6.32-573.65.2.el6
  • kernel-debug-debuginfo-0:2.6.32-573.65.2.el6
  • kernel-debug-devel-0:2.6.32-573.65.2.el6
  • kernel-debuginfo-0:2.6.32-573.65.2.el6
  • kernel-debuginfo-common-i686-0:2.6.32-573.65.2.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-573.65.2.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-573.65.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-573.65.2.el6
  • kernel-devel-0:2.6.32-573.65.2.el6
  • kernel-doc-0:2.6.32-573.65.2.el6
  • kernel-firmware-0:2.6.32-573.65.2.el6
  • kernel-headers-0:2.6.32-573.65.2.el6
  • kernel-kdump-0:2.6.32-573.65.2.el6
  • kernel-kdump-debuginfo-0:2.6.32-573.65.2.el6
  • kernel-kdump-devel-0:2.6.32-573.65.2.el6
  • perf-0:2.6.32-573.65.2.el6
  • perf-debuginfo-0:2.6.32-573.65.2.el6
  • python-perf-0:2.6.32-573.65.2.el6
  • python-perf-debuginfo-0:2.6.32-573.65.2.el6
  • kernel-0:2.6.32-431.93.2.el6
  • kernel-abi-whitelists-0:2.6.32-431.93.2.el6
  • kernel-debug-0:2.6.32-431.93.2.el6
  • kernel-debug-debuginfo-0:2.6.32-431.93.2.el6
  • kernel-debug-devel-0:2.6.32-431.93.2.el6
  • kernel-debuginfo-0:2.6.32-431.93.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-431.93.2.el6
  • kernel-devel-0:2.6.32-431.93.2.el6
  • kernel-doc-0:2.6.32-431.93.2.el6
  • kernel-firmware-0:2.6.32-431.93.2.el6
  • kernel-headers-0:2.6.32-431.93.2.el6
  • perf-0:2.6.32-431.93.2.el6
  • perf-debuginfo-0:2.6.32-431.93.2.el6
  • python-perf-0:2.6.32-431.93.2.el6
  • python-perf-debuginfo-0:2.6.32-431.93.2.el6
  • kernel-0:3.10.0-693.43.1.el7
  • kernel-abi-whitelists-0:3.10.0-693.43.1.el7
  • kernel-bootwrapper-0:3.10.0-693.43.1.el7
  • kernel-debug-0:3.10.0-693.43.1.el7
  • kernel-debug-debuginfo-0:3.10.0-693.43.1.el7
  • kernel-debug-devel-0:3.10.0-693.43.1.el7
  • kernel-debuginfo-0:3.10.0-693.43.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-693.43.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-693.43.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-693.43.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-693.43.1.el7
  • kernel-devel-0:3.10.0-693.43.1.el7
  • kernel-doc-0:3.10.0-693.43.1.el7
  • kernel-headers-0:3.10.0-693.43.1.el7
  • kernel-kdump-0:3.10.0-693.43.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-693.43.1.el7
  • kernel-kdump-devel-0:3.10.0-693.43.1.el7
  • kernel-tools-0:3.10.0-693.43.1.el7
  • kernel-tools-debuginfo-0:3.10.0-693.43.1.el7
  • kernel-tools-libs-0:3.10.0-693.43.1.el7
  • kernel-tools-libs-devel-0:3.10.0-693.43.1.el7
  • perf-0:3.10.0-693.43.1.el7
  • perf-debuginfo-0:3.10.0-693.43.1.el7
  • python-perf-0:3.10.0-693.43.1.el7
  • python-perf-debuginfo-0:3.10.0-693.43.1.el7
  • kernel-rt-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-debug-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-debug-devel-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-debuginfo-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-devel-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-doc-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-firmware-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-trace-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-trace-devel-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-vanilla-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-693.43.1.rt56.630.el6rt
  • kernel-0:3.10.0-327.76.1.el7
  • kernel-abi-whitelists-0:3.10.0-327.76.1.el7
  • kernel-debug-0:3.10.0-327.76.1.el7
  • kernel-debug-debuginfo-0:3.10.0-327.76.1.el7
  • kernel-debug-devel-0:3.10.0-327.76.1.el7
  • kernel-debuginfo-0:3.10.0-327.76.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-327.76.1.el7
  • kernel-devel-0:3.10.0-327.76.1.el7
  • kernel-doc-0:3.10.0-327.76.1.el7
  • kernel-headers-0:3.10.0-327.76.1.el7
  • kernel-tools-0:3.10.0-327.76.1.el7
  • kernel-tools-debuginfo-0:3.10.0-327.76.1.el7
  • kernel-tools-libs-0:3.10.0-327.76.1.el7
  • kernel-tools-libs-devel-0:3.10.0-327.76.1.el7
  • perf-0:3.10.0-327.76.1.el7
  • perf-debuginfo-0:3.10.0-327.76.1.el7
  • python-perf-0:3.10.0-327.76.1.el7
  • python-perf-debuginfo-0:3.10.0-327.76.1.el7
  • kernel-0:3.10.0-514.61.1.el7
  • kernel-abi-whitelists-0:3.10.0-514.61.1.el7
  • kernel-bootwrapper-0:3.10.0-514.61.1.el7
  • kernel-debug-0:3.10.0-514.61.1.el7
  • kernel-debug-debuginfo-0:3.10.0-514.61.1.el7
  • kernel-debug-devel-0:3.10.0-514.61.1.el7
  • kernel-debuginfo-0:3.10.0-514.61.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-514.61.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-514.61.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-514.61.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-514.61.1.el7
  • kernel-devel-0:3.10.0-514.61.1.el7
  • kernel-doc-0:3.10.0-514.61.1.el7
  • kernel-headers-0:3.10.0-514.61.1.el7
  • kernel-kdump-0:3.10.0-514.61.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-514.61.1.el7
  • kernel-kdump-devel-0:3.10.0-514.61.1.el7
  • kernel-tools-0:3.10.0-514.61.1.el7
  • kernel-tools-debuginfo-0:3.10.0-514.61.1.el7
  • kernel-tools-libs-0:3.10.0-514.61.1.el7
  • kernel-tools-libs-devel-0:3.10.0-514.61.1.el7
  • perf-0:3.10.0-514.61.1.el7
  • perf-debuginfo-0:3.10.0-514.61.1.el7
  • python-perf-0:3.10.0-514.61.1.el7
  • python-perf-debuginfo-0:3.10.0-514.61.1.el7
  • kernel-0:2.6.32-358.94.1.el6
  • kernel-debug-0:2.6.32-358.94.1.el6
  • kernel-debug-debuginfo-0:2.6.32-358.94.1.el6
  • kernel-debug-devel-0:2.6.32-358.94.1.el6
  • kernel-debuginfo-0:2.6.32-358.94.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.94.1.el6
  • kernel-devel-0:2.6.32-358.94.1.el6
  • kernel-doc-0:2.6.32-358.94.1.el6
  • kernel-firmware-0:2.6.32-358.94.1.el6
  • kernel-headers-0:2.6.32-358.94.1.el6
  • perf-0:2.6.32-358.94.1.el6
  • perf-debuginfo-0:2.6.32-358.94.1.el6
  • python-perf-0:2.6.32-358.94.1.el6
  • python-perf-debuginfo-0:2.6.32-358.94.1.el6

The Hacker News

idTHN:E895DCB05CD71F3E251E0F953DC4C77F
last seen2018-09-27
modified2018-09-27
published2018-09-26
reporterThe Hacker News
sourcehttps://thehackernews.com/2018/09/linux-kernel-vulnerability.html
titleNew Linux Kernel Bug Affects Red Hat, CentOS, and Debian Distributions