Vulnerabilities > CVE-2018-18397 - Incorrect Authorization vulnerability in multiple products

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
local
low complexity
linux
redhat
canonical
CWE-863
nessus
NVD
Published: 2018-12-12
Updated: 2020-08-24

Summary

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.

Vulnerable Configurations

Part Description Count
OS
Linux
3013
OS
Redhat
10
OS
Canonical
4
Application
Redhat
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0831.NASL
    descriptionAn update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * kernel: lack of check for mmap minimum address in expand_downwards in mm/ mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms (CVE-2019-9213) * kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ ucma.c (CVE-2018-14734) * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) * kernel: TLB flush happens too late on mremap (CVE-2018-18281) * kernel: Type confusion in drivers/tty/n_tty.c allows for a denial of service (CVE-2018-18386) * kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397) * kernel: Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053) * kernel: NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Failed to boot with ftrace=function in kvm with 2vcpu (BZ#1501024) * [ALT-7.5][x86_64] perf test 63 - inet_pton fails on x86_64 (BZ#1518836) * BUG: potential out-of-bounds string access when forcing a SELinux label on a file (BZ#1595706) * stack out-of-bounds in smb{2,3}_create_lease_buf() on SMB2/SMB3 mounts (BZ# 1598757) * [ALT-7.6][KVM][PANIC] ltp/lite proc01 - Unable to handle kernel paging request at virtual address ffff7fe000200018 (BZ#1623193) * Kernel lock up due to read/write lock (BZ#1636261) * [RHEL-ALT] Fix potential Spectre v1 in tty code (BZ#1639679) * [Huawei AArch64 7.6 Bug] HNS3: Vlan on HNS3 NIC cannot communicate (BZ# 1639713) * [RHEL7.6-ALT][AWS] backport
    last seen2020-06-01
    modified2020-06-02
    plugin id124257
    published2019-04-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124257
    titleRHEL 7 : kernel-alt (RHSA-2019:0831)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2019:0831. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(124257);
  script_version("1.7");
  script_cvs_date("Date: 2020/01/24");

  script_cve_id("CVE-2018-13053", "CVE-2018-13094", "CVE-2018-14734", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-18386", "CVE-2018-18397", "CVE-2019-9213");
  script_xref(name:"RHSA", value:"2019:0831");

  script_name(english:"RHEL 7 : kernel-alt (RHSA-2019:0831)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update for kernel-alt is now available for Red Hat Enterprise Linux
7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es) :

* kernel: lack of check for mmap minimum address in expand_downwards
in mm/ mmap.c leads to NULL pointer dereferences exploit on non-SMAP
platforms (CVE-2019-9213)

* kernel: use-after-free in ucma_leave_multicast in
drivers/infiniband/core/ ucma.c (CVE-2018-14734)

* kernel: Unprivileged users able to inspect kernel stacks of
arbitrary tasks (CVE-2018-17972)

* kernel: TLB flush happens too late on mremap (CVE-2018-18281)

* kernel: Type confusion in drivers/tty/n_tty.c allows for a denial of
service (CVE-2018-18386)

* kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397)

* kernel: Integer overflow in the alarm_timer_nsleep function
(CVE-2018-13053)

* kernel: NULL pointer dereference in xfs_da_shrink_inode function
(CVE-2018-13094)

For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section.

Bug Fix(es) :

* Failed to boot with ftrace=function in kvm with 2vcpu (BZ#1501024)

* [ALT-7.5][x86_64] perf test 63 - inet_pton fails on x86_64
(BZ#1518836)

* BUG: potential out-of-bounds string access when forcing a SELinux
label on a file (BZ#1595706)

* stack out-of-bounds in smb{2,3}_create_lease_buf() on SMB2/SMB3
mounts (BZ# 1598757)

* [ALT-7.6][KVM][PANIC] ltp/lite proc01 - Unable to handle kernel
paging request at virtual address ffff7fe000200018 (BZ#1623193)

* Kernel lock up due to read/write lock (BZ#1636261)

* [RHEL-ALT] Fix potential Spectre v1 in tty code (BZ#1639679)

* [Huawei AArch64 7.6 Bug] HNS3: Vlan on HNS3 NIC cannot communicate
(BZ# 1639713)

* [RHEL7.6-ALT][AWS] backport 'nvme: update timeout module parameter
type' (BZ#1654958)

* ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm
(BZ#1663565)

* RHEL-Alt-7.6 - kernel: zcrypt: fix specification exception on z196
at ap probe (BZ#1670018)

* [Huawei AArch64 7.6 Bug] Flock over NFSv3 failed (BZ#1670650)

* [Huawei AArch64 7.6/7.6-z Bug] HNS3: if a single transmit
packet(skb) has more than 8 frags, will cause the NIC to be
unavailable (BZ#1677643)

* krb5{,i,p} doesn't work with older enctypes on aarch64 (BZ#1678922)

Users of kernel are advised to upgrade to these updated packages,
which fix these bugs."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2019:0831"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2018-13053"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2018-13094"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2018-14734"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2018-17972"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2018-18281"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2018-18386"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2018-18397"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-9213"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/04/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2018-13053", "CVE-2018-13094", "CVE-2018-14734", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-18386", "CVE-2018-18397", "CVE-2019-9213");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2019:0831");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2019:0831";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-4.14.0-115.7.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", reference:"kernel-abi-whitelists-4.14.0-115.7.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-4.14.0-115.7.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-debuginfo-4.14.0-115.7.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-devel-4.14.0-115.7.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-4.14.0-115.7.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-4.14.0-115.7.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-devel-4.14.0-115.7.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", reference:"kernel-doc-4.14.0-115.7.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-headers-4.14.0-115.7.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-4.14.0-115.7.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-debuginfo-4.14.0-115.7.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-devel-4.14.0-115.7.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-4.14.0-115.7.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-debuginfo-4.14.0-115.7.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-4.14.0-115.7.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-debuginfo-4.14.0-115.7.1.el7a")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
  }
}
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3903-2.NASL
    descriptionUSN-3903-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service (host system crash) or possibly execute arbitrary code in the host kernel. (CVE-2018-16880) Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. (CVE-2018-18397) Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. (CVE-2019-6133). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122669
    published2019-03-07
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122669
    titleUbuntu 18.04 LTS : linux-hwe, linux-azure vulnerabilities (USN-3903-2)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3903-2. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(122669);
  script_version("1.4");
  script_cvs_date("Date: 2019/09/18 12:31:49");

  script_cve_id("CVE-2018-16880", "CVE-2018-18397", "CVE-2019-6133");
  script_xref(name:"USN", value:"3903-2");

  script_name(english:"Ubuntu 18.04 LTS : linux-hwe, linux-azure vulnerabilities (USN-3903-2)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"USN-3903-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS.

Jason Wang discovered that the vhost net driver in the Linux kernel
contained an out of bounds write vulnerability. An attacker in a guest
virtual machine could use this to cause a denial of service (host
system crash) or possibly execute arbitrary code in the host kernel.
(CVE-2018-16880)

Jann Horn discovered that the userfaultd implementation in the Linux
kernel did not properly restrict access to certain ioctls. A local
attacker could use this possibly to modify files. (CVE-2018-18397)

Jann Horn discovered a race condition in the fork() system call in the
Linux kernel. A local attacker could use this to gain access to
services that cache authorizations. (CVE-2019-6133).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/3903-2/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-snapdragon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/07");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2018-16880", "CVE-2018-18397", "CVE-2019-6133");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3903-2");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.18.0-1013-azure", pkgver:"4.18.0-1013.13~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.18.0-16-generic", pkgver:"4.18.0-16.17~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.18.0-16-generic-lpae", pkgver:"4.18.0-16.17~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.18.0-16-lowlatency", pkgver:"4.18.0-16.17~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.18.0-16-snapdragon", pkgver:"4.18.0-16.17~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-azure", pkgver:"4.18.0.1013.12")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-generic-hwe-18.04", pkgver:"4.18.0.16.66")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-generic-lpae-hwe-18.04", pkgver:"4.18.0.16.66")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-lowlatency-hwe-18.04", pkgver:"4.18.0.16.66")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-snapdragon-hwe-18.04", pkgver:"4.18.0.16.66")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.18-azure / linux-image-4.18-generic / etc");
}
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-65.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841). - CVE-2018-14625: An attacker might have bene able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). - CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bsc#1120743). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). - CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656). - CVE-2018-12232: In net/socket.c there was a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat
    last seen2020-03-18
    modified2019-01-22
    plugin id121289
    published2019-01-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121289
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-65)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-65.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(121289);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");

  script_cve_id("CVE-2013-2547", "CVE-2018-12232", "CVE-2018-14625", "CVE-2018-16862", "CVE-2018-16884", "CVE-2018-18397", "CVE-2018-19407", "CVE-2018-19824", "CVE-2018-19854", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-9568");

  script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2019-65)");
  script_summary(english:"Check for the openSUSE-2019-65 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The openSUSE Leap 15.0 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed :

  - CVE-2018-19407: The vcpu_scan_ioapic function in
    arch/x86/kvm/x86.c allowed local users to cause a denial
    of service (NULL pointer dereference and BUG) via
    crafted system calls that reach a situation where ioapic
    is uninitialized (bnc#1116841).

  - CVE-2018-14625: An attacker might have bene able to have
    an uncontrolled read to kernel-memory from within a vm
    guest. A race condition between connect() and close()
    function may allow an attacker using the AF_VSOCK
    protocol to gather a 4 byte information leak or possibly
    intercept or corrupt AF_VSOCK messages destined to other
    clients (bnc#1106615).

  - CVE-2018-19985: The function hso_probe read if_num from
    the USB device (as an u8) and used it without a length
    check to index an array, resulting in an OOB memory read
    in hso_probe or hso_get_config_data that could be used
    by local attackers (bsc#1120743).

  - CVE-2018-16884: NFS41+ shares mounted in different
    network namespaces at the same time can make
    bc_svc_process() use wrong back-channel IDs and cause a
    use-after-free vulnerability. Thus a malicious container
    user can cause a host kernel memory corruption and a
    system panic. Due to the nature of the flaw, privilege
    escalation cannot be fully ruled out (bnc#1119946).

  - CVE-2018-20169: The USB subsystem mishandled size checks
    during the reading of an extra descriptor, related to
    __usb_get_extra_descriptor in drivers/usb/core/usb.c
    (bnc#1119714).

  - CVE-2018-18397: The userfaultfd implementation
    mishandled access control for certain UFFDIO_ ioctl
    calls, as demonstrated by allowing local users to write
    data into holes in a tmpfs file (if the user has
    read-only access to that file, and that file contains
    holes), related to fs/userfaultfd.c and mm/userfaultfd.c
    (bnc#1117656).

  - CVE-2018-12232: In net/socket.c there was a race
    condition between fchownat and close in cases where they
    target the same socket file descriptor, related to the
    sock_close and sockfs_setattr functions. fchownat did
    not increment the file descriptor reference count, which
    allowed close to set the socket to NULL during
    fchownat's execution, leading to a NULL pointer
    dereference and system crash (bnc#1097593).

  - CVE-2018-9568: In sk_clone_lock of sock.c, there is a
    possible memory corruption due to type confusion. This
    could lead to local escalation of privilege with no
    additional execution privileges needed. User interaction
    is not needed for exploitation. (bnc#1118319).

  - CVE-2018-16862: A security flaw was found in the way
    that the cleancache subsystem clears an inode after the
    final file truncation (removal). The new file created
    with the same inode may contain leftover pages from
    cleancache and the old file data instead of the new one
    (bnc#1117186).

  - CVE-2018-19854: An issue was discovered in the
    crypto_report_one() and related functions in
    crypto/crypto_user.c (the crypto user configuration API)
    do not fully initialize structures that are copied to
    userspace, potentially leaking sensitive memory to user
    programs. NOTE: this is a CVE-2013-2547 regression but
    with easier exploitability because the attacker did not
    need a capability (however, the system must have the
    CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).

  - CVE-2018-19824: A local user could exploit a
    use-after-free in the ALSA driver by supplying a
    malicious USB Sound device (with zero interfaces) that
    is mishandled in usb_audio_probe in sound/usb/card.c
    (bnc#1118152).

The following non-security bugs were fixed :

  - ACPI / CPPC: Check for valid PCC subspace only if PCC is
    used (bsc#1117115).

  - ACPI / CPPC: Update all pr_(debug/err) messages to log
    the susbspace id (bsc#1117115).

  - aio: fix spectre gadget in lookup_ioctx (bsc#1120594).

  - alsa: cs46xx: Potential NULL dereference in probe
    (bsc#1051510).

  - alsa: emu10k1: Fix potential Spectre v1 vulnerabilities
    (bsc#1051510).

  - alsa: emux: Fix potential Spectre v1 vulnerabilities
    (bsc#1051510).

  - alsa: fireface: fix for state to fetch PCM frames
    (bsc#1051510).

  - alsa: fireface: fix reference to wrong register for
    clock configuration (bsc#1051510).

  - alsa: firewire-lib: fix wrong assignment for
    'out_packet_without_header' tracepoint (bsc#1051510).

  - alsa: firewire-lib: fix wrong handling payload_length as
    payload_quadlet (bsc#1051510).

  - alsa: firewire-lib: use the same print format for
    'without_header' tracepoints (bsc#1051510).

  - alsa: hda: add mute LED support for HP EliteBook 840 G4
    (bsc#1051510).

  - alsa: hda: Add support for AMD Stoney Ridge
    (bsc#1051510).

  - alsa: hda/ca0132 - make pci_iounmap() call conditional
    (bsc#1051510).

  - alsa: hda: fix front speakers on Huawei MBXP
    (bsc#1051510).

  - alsa: hda/realtek - Add support for Acer Aspire C24-860
    headset mic (bsc#1051510).

  - alsa: hda/realtek - Add unplug function into unplug
    state of Headset Mode for ALC225 (bsc#1051510).

  - alsa: hda/realtek: ALC286 mic and headset-mode fixups
    for Acer Aspire U27-880 (bsc#1051510).

  - alsa: hda/realtek: ALC294 mic and headset-mode fixups
    for ASUS X542UN (bsc#1051510).

  - alsa: hda/realtek - Disable headset Mic VREF for headset
    mode of ALC225 (bsc#1051510).

  - alsa: hda/realtek: Enable audio jacks of ASUS UX391UA
    with ALC294 (bsc#1051510).

  - alsa: hda/realtek: Enable audio jacks of ASUS
    UX433FN/UX333FA with ALC294 (bsc#1051510).

  - alsa: hda/realtek: Enable audio jacks of ASUS UX533FD
    with ALC294 (bsc#1051510).

  - alsa: hda/realtek: Enable the headset mic auto detection
    for ASUS laptops (bsc#1051510).

  - alsa: hda/realtek - Fixed headphone issue for ALC700
    (bsc#1051510).

  - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton
    Z4660G (bsc#1051510).

  - alsa: hda/realtek: Fix mic issue on Acer AIO Veriton
    Z4860G/Z6860G (bsc#1051510).

  - alsa: hda/realtek - Fix speaker output regression on
    Thinkpad T570 (bsc#1051510).

  - alsa: hda/realtek - Fix the mute LED regresion on Lenovo
    X1 Carbon (bsc#1051510).

  - alsa: hda/realtek - Support Dell headset mode for New
    AIO platform (bsc#1051510).

  - alsa: hda/tegra: clear pending irq handlers
    (bsc#1051510).

  - alsa: pcm: Call snd_pcm_unlink() conditionally at
    closing (bsc#1051510).

  - alsa: pcm: Fix interval evaluation with openmin/max
    (bsc#1051510).

  - alsa: pcm: Fix potential Spectre v1 vulnerability
    (bsc#1051510).

  - alsa: pcm: Fix starvation on down_write_nonblock()
    (bsc#1051510).

  - alsa: rme9652: Fix potential Spectre v1 vulnerability
    (bsc#1051510).

  - alsa: trident: Suppress gcc string warning
    (bsc#1051510).

  - alsa: usb-audio: Add SMSL D1 to quirks for native DSD
    support (bsc#1051510).

  - alsa: usb-audio: Add support for Encore mDSD USB DAC
    (bsc#1051510).

  - alsa: usb-audio: Avoid access before bLength check in
    build_audio_procunit() (bsc#1051510).

  - alsa: usb-audio: Fix an out-of-bound read in
    create_composite_quirks (bsc#1051510).

  - alsa: x86: Fix runtime PM for hdmi-lpe-audio
    (bsc#1051510).

  - apparmor: do not try to replace stale label in ptrace
    access check (git-fixes).

  - apparmor: do not try to replace stale label in ptraceme
    check (git-fixes).

  - apparmor: Fix uninitialized value in aa_split_fqname
    (git-fixes).

  - arm64: Add work around for Arm Cortex-A55 Erratum
    1024718 (bsc#1120612).

  - arm64: atomics: Remove '&' from '+&' asm constraint in
    lse atomics (bsc#1120613).

  - arm64: cpu_errata: include required headers
    (bsc#1120615).

  - arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing
    (bsc#1120633).

  - arm64: Fix /proc/iomem for reserved but not memory
    regions (bsc#1120632).

  - arm64: lse: Add early clobbers to some input/output asm
    operands (bsc#1120614).

  - arm64: lse: remove -fcall-used-x0 flag (bsc#1120618).

  - arm64: mm: always enable CONFIG_HOLES_IN_ZONE
    (bsc#1120617).

  - arm64/numa: Report correct memblock range for the dummy
    node (bsc#1120620).

  - arm64/numa: Unify common error path in numa_init()
    (bsc#1120621).

  - arm64: remove no-op -p linker flag (bsc#1120616).

  - ASoC: dapm: Recalculate audio map forcely when card
    instantiated (bsc#1051510).

  - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0
    quirk for Chromebook Clapper (bsc#1051510).

  - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0
    quirk for Chromebook Gnawty (bsc#1051510).

  - ASoC: intel: mrfld: fix uninitialized variable access
    (bsc#1051510).

  - ASoC: omap-abe-twl6040: Fix missing audio card caused by
    deferred probing (bsc#1051510).

  - ASoC: omap-dmic: Add pm_qos handling to avoid overruns
    with CPU_IDLE (bsc#1051510).

  - ASoC: omap-mcbsp: Fix latency value calculation for
    pm_qos (bsc#1051510).

  - ASoC: omap-mcpdm: Add pm_qos handling to avoid
    under/overruns with CPU_IDLE (bsc#1051510).

  - ASoC: rsnd: fixup clock start checker (bsc#1051510).

  - ASoC: wm_adsp: Fix dma-unsafe read of scratch registers
    (bsc#1051510).

  - ath10k: do not assume this is a PCI dev in generic code
    (bsc#1051510).

  - ath6kl: Only use match sets when firmware supports it
    (bsc#1051510).

  - b43: Fix error in cordic routine (bsc#1051510).

  - bcache: fix miss key refill->end in writeback
    (Git-fixes).

  - bcache: trace missed reading by cache_missed
    (Git-fixes).

  - blk-mq: remove synchronize_rcu() from
    blk_mq_del_queue_tag_set() (Git-fixes).

  - block: allow max_discard_segments to be stacked
    (Git-fixes).

  - block: blk_init_allocated_queue() set q->fq as NULL in
    the fail case (Git-fixes).

  - block: really disable runtime-pm for blk-mq (Git-fixes).

  - block: reset bi_iter.bi_done after splitting bio
    (Git-fixes).

  - block/swim: Fix array bounds check (Git-fixes).

  - bnxt_en: do not try to offload VLAN 'modify' action
    (bsc#1050242 ).

  - bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG
    request (bsc#1086282).

  - bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ).

  - bnxt_en: get the reduced max_irqs by the ones used by
    RDMA (bsc#1050242).

  - bpf: fix check of allowed specifiers in bpf_trace_printk
    (bsc#1083647).

  - bpf: use per htab salt for bucket hash (git-fixes).

  - btrfs: Always try all copies when reading extent buffers
    (git-fixes).

  - btrfs: delete dead code in btrfs_orphan_add()
    (bsc#1111469).

  - btrfs: delete dead code in btrfs_orphan_commit_root()
    (bsc#1111469).

  - btrfs: do not BUG_ON() in btrfs_truncate_inode_items()
    (bsc#1111469).

  - btrfs: do not check inode's runtime flags under
    root->orphan_lock (bsc#1111469).

  - btrfs: do not return ino to ino cache if inode item
    removal fails (bsc#1111469).

  - btrfs: fix ENOSPC caused by orphan items reservations
    (bsc#1111469).

  - btrfs: Fix error handling in
    btrfs_cleanup_ordered_extents (git-fixes).

  - btrfs: fix error handling in btrfs_truncate()
    (bsc#1111469).

  - btrfs: fix error handling in
    btrfs_truncate_inode_items() (bsc#1111469).

  - btrfs: fix fsync of files with multiple hard links in
    new directories (1120173).

  - btrfs: Fix memory barriers usage with device stats
    counters (git-fixes).

  - btrfs: fix use-after-free on root->orphan_block_rsv
    (bsc#1111469).

  - btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM
    (bsc#1111469).

  - btrfs: get rid of unused orphan infrastructure
    (bsc#1111469).

  - btrfs: move btrfs_truncate_block out of trans handle
    (bsc#1111469).

  - btrfs: qgroup: Dirty all qgroups before rescan
    (bsc#1120036).

  - btrfs: refactor btrfs_evict_inode() reserve refill dance
    (bsc#1111469).

  - btrfs: renumber BTRFS_INODE_ runtime flags and switch to
    enums (bsc#1111469).

  - btrfs: reserve space for O_TMPFILE orphan item deletion
    (bsc#1111469).

  - btrfs: run delayed items before dropping the snapshot
    (bsc#1121263, bsc#1111188).

  - btrfs: stop creating orphan items for truncate
    (bsc#1111469).

  - btrfs: tree-checker: Do not check max block group size
    as current max chunk size limit is unreliable (fixes for
    bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,
    bsc#1102875).

  - btrfs: update stale comments referencing vmtruncate()
    (bsc#1111469).

  - can: flexcan: flexcan_irq(): fix indention
    (bsc#1051510).

  - cdrom: do not attempt to fiddle with cdo->capability
    (bsc#1051510).

  - ceph: do not update importing cap's mseq when handing
    cap export (bsc#1121273).

  - char_dev: extend dynamic allocation of majors into a
    higher range (bsc#1121058).

  - char_dev: Fix off-by-one bugs in find_dynamic_major()
    (bsc#1121058).

  - clk: mmp: Off by one in mmp_clk_add() (bsc#1051510).

  - clk: mvebu: Off by one bugs in cp110_of_clk_get()
    (bsc#1051510).

  - compiler-gcc.h: Add __attribute__((gnu_inline)) to all
    inline declarations (git-fixes).

  - config: arm64: enable erratum 1024718

  - cpufeature: avoid warning when compiling with clang
    (Git-fixes).

  - cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC
    (bsc#1117115).

  - cpufreq: CPPC: fix build in absence of v3 support
    (bsc#1117115).

  - cpupower: remove stringop-truncation waring (git-fixes).

  - crypto: bcm - fix normal/non key hash algorithm failure
    (bsc#1051510).

  - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command ().

  - crypto: ccp - Add GET_ID SEV command ().

  - crypto: ccp - Add psp enabled message when
    initialization succeeds ().

  - crypto: ccp - Add support for new CCP/PSP device ID ().

  - crypto: ccp - Allow SEV firmware to be chosen based on
    Family and Model ().

  - crypto: ccp - Fix static checker warning ().

  - crypto: ccp - Remove unused #defines ().

  - crypto: ccp - Support register differences between PSP
    devices ().

  - dasd: fix deadlock in dasd_times_out (bsc#1121477,
    LTC#174111).

  - dax: Check page->mapping isn't NULL (bsc#1120054).

  - dax: Do not access a freed inode (bsc#1120055).

  - device property: Define type of PROPERTY_ENRTY_*()
    macros (bsc#1051510).

  - device property: fix fwnode_graph_get_next_endpoint()
    documentation (bsc#1051510).

  - disable stringop truncation warnings for now
    (git-fixes).

  - dm: allocate struct mapped_device with kvzalloc
    (Git-fixes).

  - dm cache: destroy migration_cache if cache target
    registration failed (Git-fixes).

  - dm cache: fix resize crash if user does not reload cache
    table (Git-fixes).

  - dm cache metadata: ignore hints array being too small
    during resize (Git-fixes).

  - dm cache metadata: save in-core policy_hint_size to
    on-disk superblock (Git-fixes).

  - dm cache metadata: set dirty on all cache blocks after a
    crash (Git-fixes).

  - dm cache: only allow a single io_mode cache feature to
    be requested (Git-fixes).

  - dm crypt: do not decrease device limits (Git-fixes).

  - dm: fix report zone remapping to account for partition
    offset (Git-fixes).

  - dm integrity: change 'suspending' variable from bool to
    int (Git-fixes).

  - dm ioctl: harden copy_params()'s copy_from_user() from
    malicious users (Git-fixes).

  - dm linear: eliminate linear_end_io call if
    CONFIG_DM_ZONED disabled (Git-fixes).

  - dm linear: fix linear_end_io conditional definition
    (Git-fixes).

  - dm thin: handle running out of data space vs concurrent
    discard (Git-fixes).

  - dm thin metadata: remove needless work from
    __commit_transaction (Git-fixes).

  - dm thin: stop no_space_timeout worker when switching to
    write-mode (Git-fixes).

  - dm writecache: fix a crash due to reading past end of
    dirty_bitmap (Git-fixes).

  - dm writecache: report start_sector in status line
    (Git-fixes).

  - dm zoned: fix metadata block ref counting (Git-fixes).

  - dm zoned: fix various dmz_get_mblock() issues
    (Git-fixes).

  - doc/README.SUSE: correct GIT url No more gitorious,
    github we use.

  - drivers/net/usb: add device id for TP-LINK UE300 USB 3.0
    Ethernet (bsc#1119749).

  - drivers/net/usb/r8152: remove the unneeded variable
    'ret' in rtl8152_system_suspend (bsc#1119749).

  - drm/amdgpu/gmc8: update MC firmware for polaris
    (bsc#1113722)

  - drm/amdgpu: update mc firmware image for polaris12
    variants (bsc#1113722)

  - drm/amdgpu: update SMC firmware image for polaris10
    variants (bsc#1113722)

  - drm/i915/execlists: Apply a full mb before execution for
    Braswell (bsc#1113722)

  - drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722)

  - drm/nouveau/kms: Fix memory leak in nv50_mstm_del()
    (bsc#1113722)

  - drm: rcar-du: Fix external clock error checks
    (bsc#1113722)

  - drm: rcar-du: Fix vblank initialization (bsc#1113722)

  - drm/rockchip: psr: do not dereference encoder before it
    is null (bsc#1113722)

  - drm: set is_master to 0 upon drm_new_set_master()
    failure (bsc#1113722)

  - drm/vc4: Set ->is_yuv to false when num_planes == 1
    (bsc#1113722)

  - drm/vc4: ->x_scaling[1] should never be set to
    VC4_SCALING_NONE (bsc#1113722)

  - dt-bindings: add compatible string for Allwinner V3s SoC
    (git-fixes).

  - dt-bindings: arm: Document SoC compatible value for
    Armadillo-800 EVA (git-fixes).

  - dt-bindings: clock: add rk3399 DDR3 standard speed bins
    (git-fixes).

  - dt-bindings: clock: mediatek: add binding for
    fixed-factor clock axisel_d4 (git-fixes).

  - dt-bindings: mfd: axp20x: Add AXP806 to supported list
    of chips (git-fixes).

  - dt-bindings: net: Remove duplicate NSP Ethernet MAC
    binding document (git-fixes).

  - dt-bindings: panel: lvds: Fix path to display timing
    bindings (git-fixes).

  - dt-bindings: phy: sun4i-usb-phy: Add property
    descriptions for H3 (git-fixes).

  - dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop
    description (git-fixes).

  - dt-bindings: rcar-dmac: Document missing error interrupt
    (git-fixes).

  - edac, (i7core,sb,skx)_edac: Fix uncorrected error
    counting (bsc#1114279).

  - edac, skx_edac: Fix logical channel intermediate
    decoding (bsc#1114279).

  - efi: Move some sysfs files to be read-only by root
    (bsc#1051510).

  - ethernet: fman: fix wrong of_node_put() in probe
    function (bsc#1119017).

  - exportfs: fix 'passing zero to ERR_PTR()' warning
    (bsc#1118773).

  - ext2: fix potential use after free (bsc#1118775).

  - ext4: avoid possible double brelse() in add_new_gdb() on
    error path (bsc#1118760).

  - ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604).

  - ext4: fix possible use after free in ext4_quota_enable
    (bsc#1120602).

  - ext4: missing unlock/put_page() in
    ext4_try_to_write_inline_data() (bsc#1120603).

  - extable: Consolidate *kernel_text_address() functions
    (bsc#1120092).

  - extable: Enable RCU if it is not watching in
    kernel_text_address() (bsc#1120092).

  - fbdev: fbcon: Fix unregister crash when more than one
    framebuffer (bsc#1113722)

  - fbdev: fbmem: behave better with small rotated displays
    and many CPUs (bsc#1113722)

  - firmware: add firmware_request_nowarn() - load firmware
    without warnings ().

  - Fix the breakage of KMP build on x86_64 (bsc#1121017)

  - fscache: Fix race in fscache_op_complete() due to split
    atomic_sub & read (Git-fixes).

  - fscache: Pass the correct cancelled indications to
    fscache_op_complete() (Git-fixes).

  - fs: fix lost error code in dio_complete (bsc#1118762).

  - fs/xfs: Use %pS printk format for direct addresses
    (git-fixes).

  - fuse: fix blocked_waitq wakeup (git-fixes).

  - fuse: fix leaked notify reply (git-fixes).

  - fuse: fix possibly missed wake-up after abort
    (git-fixes).

  - fuse: Fix use-after-free in fuse_dev_do_read()
    (git-fixes).

  - fuse: Fix use-after-free in fuse_dev_do_write()
    (git-fixes).

  - fuse: fix use-after-free in fuse_direct_IO()
    (git-fixes).

  - fuse: set FR_SENT while locked (git-fixes).

  - gcc-plugins: Add include required by GCC release 8
    (git-fixes).

  - gcc-plugins: Use dynamic initializers (git-fixes).

  - gfs2: Do not leave s_fs_info pointing to freed memory in
    init_sbd (bsc#1118769).

  - gfs2: Fix loop in gfs2_rbm_find (bsc#1120601).

  - gfs2: Get rid of potential double-freeing in
    gfs2_create_inode (bsc#1120600).

  - gfs2_meta: ->mount() can get NULL dev_name
    (bsc#1118768).

  - gfs2: Put bitmap buffers in put_super (bsc#1118772).

  - git_sort.py: Remove non-existent remote tj/libata

  - gpio: davinci: Remove unused member of
    davinci_gpio_controller (git-fixes).

  - gpiolib-acpi: Only defer request_irq for GpioInt ACPI
    event handlers (bsc#1051510).

  - gpiolib: Fix return value of gpio_to_desc() stub if
    !GPIOLIB (bsc#1051510).

  - gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
    (bsc#1051510).

  - gpio: mvebu: only fail on missing clk if pwm is actually
    to be used (bsc#1051510).

  - HID: Add quirk for Primax PIXART OEM mice (bsc#1119410).

  - HID: input: Ignore battery reported by Symbol DS4308
    (bsc#1051510).

  - HID: multitouch: Add pointstick support for Cirque
    Touchpad (bsc#1051510).

  - hwpoison, memory_hotplug: allow hwpoisoned pages to be
    offlined (bnc#1116336).

  - i2c: axxia: properly handle master timeout
    (bsc#1051510).

  - i2c: scmi: Fix probe error on devices with an empty
    SMB0001 ACPI device node (bsc#1051510).

  - ib/hfi1: Add mtu check for operational data VLs
    (bsc#1060463 ).

  - ibmvnic: Convert reset work item mutex to spin lock ().

  - ibmvnic: Fix non-atomic memory allocation in IRQ context
    ().

  - ib/rxe: support for 802.1q VLAN on the listener
    (bsc#1082387).

  - ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510).

  - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON()
    on problem (bsc#1051510).

  - ieee802154: at86rf230: use __func__ macro for debug
    messages (bsc#1051510).

  - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on
    problem (bsc#1051510).

  - Include modules.fips in kernel-binary as well as
    kernel-binary-base ().

  - initramfs: fix initramfs rebuilds w/ compression after
    disabling (git-fixes).

  - input: add official Raspberry Pi's touchscreen driver
    ().

  - input: cros_ec_keyb - fix button/switch capability
    reports (bsc#1051510).

  - input: elan_i2c - add ACPI ID for Lenovo IdeaPad
    330-15ARR (bsc#1051510).

  - input: elan_i2c - add ELAN0620 to the ACPI table
    (bsc#1051510).

  - input: elan_i2c - add support for ELAN0621 touchpad
    (bsc#1051510).

  - input: hyper-v - fix wakeup from suspend-to-idle
    (bsc#1051510).

  - input: matrix_keypad - check for errors from
    of_get_named_gpio() (bsc#1051510).

  - input: nomadik-ske-keypad - fix a loop timeout test
    (bsc#1051510).

  - input: omap-keypad - fix keyboard debounce configuration
    (bsc#1051510).

  - input: synaptics - add PNP ID for ThinkPad P50 to SMBus
    (bsc#1051510).

  - input: synaptics - enable SMBus for HP 15-ay000
    (bsc#1051510).

  - input: xpad - quirk all PDP Xbox One gamepads
    (bsc#1051510).

  - integrity/security: fix digsig.c build error with header
    file (bsc#1051510).

  - intel_th: msu: Fix an off-by-one in attribute store
    (bsc#1051510).

  - iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).

  - iommu/vt-d: Handle domain agaw being less than iommu
    agaw (bsc#1106105).

  - iwlwifi: add new cards for 9560, 9462, 9461 and killer
    series (bsc#1051510).

  - iwlwifi: fix LED command capability bit (bsc#1119086).

  - iwlwifi: nvm: get num of hw addresses from firmware
    (bsc#1119086).

  - iwlwifi: pcie: do not reset TXQ write pointer
    (bsc#1051510).

  - jffs2: free jffs2_sb_info through jffs2_kill_sb()
    (bsc#1118767).

  - jump_label: Split out code under the hotplug lock
    (bsc#1106913).

  - kabi: hwpoison, memory_hotplug: allow hwpoisoned pages
    to be offlined (bnc#1116336).

  - kabi protect hnae_ae_ops (bsc#1104353).

  - kbuild: allow to use GCC toolchain not in Clang search
    path (git-fixes).

  - kbuild: fix linker feature test macros when cross
    compiling with Clang (git-fixes).

  - kbuild: make missing $DEPMOD a Warning instead of an
    Error (git-fixes).

  - kbuild: rpm-pkg: keep spec file until make mrproper
    (git-fixes).

  - kbuild: suppress packed-not-aligned warning for default
    setting only (git-fixes).

  - kbuild: verify that $DEPMOD is installed (git-fixes).

  - kernfs: Replace strncpy with memcpy (bsc#1120053).

  - keys: Fix the use of the C++ keyword 'private' in
    uapi/linux/keyctl.h (Git-fixes).

  - kobject: Replace strncpy with memcpy (git-fixes).

  - kprobes: Make list and blacklist root user read only
    (git-fixes).

  - kvm: PPC: Book3S PR: Enable use on POWER9 inside
    HPT-mode guests (bsc#1118484).

  - kvm: svm: Ensure an IBPB on all affected CPUs when
    freeing a vmcb (bsc#1114279).

  - libata: whitelist all SAMSUNG MZ7KM* solid-state disks
    (bsc#1051510).

  - libceph: fall back to sendmsg for slab pages
    (bsc#1118316).

  - libnvdimm, pfn: Pad pfn namespaces relative to other
    regions (bsc#1118962).

  - lib/raid6: Fix arm64 test build (bsc#1051510).

  - lib/ubsan.c: do not mark
    __ubsan_handle_builtin_unreachable as noreturn
    (bsc#1051510).

  - Limit max FW API version for QCA9377 (bsc#1121714,
    bsc#1121715).

  - linux/bitmap.h: fix type of nbits in
    bitmap_shift_right() (bsc#1051510).

  - locking/barriers: Convert users of
    lockless_dereference() to READ_ONCE() (Git-fixes).

  - locking/static_keys: Improve uninitialized key warning
    (bsc#1106913).

  - mac80211: Clear beacon_int in ieee80211_do_stop
    (bsc#1051510).

  - mac80211: fix reordering of buffered broadcast packets
    (bsc#1051510).

  - mac80211_hwsim: fix module init error paths for netlink
    (bsc#1051510).

  - mac80211_hwsim: Timer should be initialized before
    device registered (bsc#1051510).

  - mac80211: ignore NullFunc frames in the duplicate
    detection (bsc#1051510).

  - mac80211: ignore tx status for PS stations in
    ieee80211_tx_status_ext (bsc#1051510).

  - Mark HI and TASKLET softirq synchronous (git-fixes).

  - media: em28xx: Fix use-after-free when disconnecting
    (bsc#1051510).

  - media: em28xx: make v4l2-compliance happier by starting
    sequence on zero (bsc#1051510).

  - media: omap3isp: Unregister media device as first
    (bsc#1051510).

  - mmc: bcm2835: reset host on timeout (bsc#1051510).

  - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI
    support (bsc#1051510).

  - mmc: core: Reset HPI enabled state during re-init and in
    case of errors (bsc#1051510).

  - mmc: core: Use a minimum 1600ms timeout when enabling
    CACHE ctrl (bsc#1051510).

  - mmc: dw_mmc-bluefield: Add driver extension
    (bsc#1118752).

  - mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752).

  - MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310
    (bsc#1051510).

  - mmc: omap_hsmmc: fix DMA API warning (bsc#1051510).

  - mmc: sdhci: fix the timeout check window for clock and
    reset (bsc#1051510).

  - mm: do not miss the last page because of round-off error
    (bnc#1118798).

  - mm: do not warn about large allocations for slab (git
    fixes (slab)).

  - mm/huge_memory.c: reorder operations in
    __split_huge_page_tail() (VM Functionality bsc#1119962).

  - mm: hugetlb: yield when prepping struct pages (git fixes
    (memory initialisation)).

  - mm: lower the printk loglevel for __dump_page messages
    (generic hotplug debugability).

  - mm, memory_hotplug: be more verbose for memory offline
    failures (generic hotplug debugability).

  - mm, memory_hotplug: drop pointless block alignment
    checks from __offline_pages (generic hotplug
    debugability).

  - mm, memory_hotplug: print reason for the offlining
    failure (generic hotplug debugability).

  - mm: migration: fix migration of huge PMD shared pages
    (bnc#1086423).

  - mm: only report isolation failures when offlining memory
    (generic hotplug debugability).

  - mm: print more information about mapping in __dump_page
    (generic hotplug debugability).

  - mm: put_and_wait_on_page_locked() while page is migrated
    (bnc#1109272).

  - mm: sections are not offlined during memory hotremove
    (bnc#1119968).

  - mm: shmem.c: Correctly annotate new inodes for lockdep
    (Git fixes: shmem).

  - mm/vmstat.c: fix NUMA statistics updates (git fixes).

  - Move dell_rbu fix to sorted section (bsc#1087978).

  - mtd: cfi: convert inline functions to macros
    (git-fixes).

  - mtd: Fix comparison in map_word_andequal() (git-fixes).

  - namei: allow restricted O_CREAT of FIFOs and regular
    files (bsc#1118766).

  - nbd: do not allow invalid blocksize settings
    (Git-fixes).

  - net: bgmac: Fix endian access in
    bgmac_dma_tx_ring_free() (bsc#1051510).

  - net: dsa: mv88e6xxx: Fix binding documentation for MDIO
    busses (git-fixes).

  - net: dsa: qca8k: Add QCA8334 binding documentation
    (git-fixes).

  - net: ena: fix crash during ena_remove() (bsc#1111696
    bsc#1117561).

  - net: ena: update driver version from 2.0.1 to 2.0.2
    (bsc#1111696 bsc#1117561).

  - net: hns3: Add nic state check before calling
    netif_tx_wake_queue (bsc#1104353).

  - net: hns3: Add support for
    hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353).

  - net: hns3: bugfix for buffer not free problem during
    resetting (bsc#1104353).

  - net: hns3: bugfix for handling mailbox while the command
    queue reinitialized (bsc#1104353).

  - net: hns3: bugfix for hclge_mdio_write and
    hclge_mdio_read (bsc#1104353).

  - net: hns3: bugfix for is_valid_csq_clean_head()
    (bsc#1104353 ).

  - net: hns3: bugfix for reporting unknown vector0
    interrupt repeatly problem (bsc#1104353).

  - net: hns3: bugfix for rtnl_lock's range in the
    hclgevf_reset() (bsc#1104353).

  - net: hns3: bugfix for the initialization of command
    queue's spin lock (bsc#1104353).

  - net: hns3: Check hdev state when getting link status
    (bsc#1104353).

  - net: hns3: Clear client pointer when initialize client
    failed or unintialize finished (bsc#1104353).

  - net: hns3: Fix cmdq registers initialization issue for
    vf (bsc#1104353).

  - net: hns3: Fix error of checking used vlan id
    (bsc#1104353 ).

  - net: hns3: Fix ets validate issue (bsc#1104353).

  - net: hns3: Fix for netdev not up problem when setting
    mtu (bsc#1104353).

  - net: hns3: Fix for out-of-bounds access when setting pfc
    back pressure (bsc#1104353).

  - net: hns3: Fix for packet buffer setting bug
    (bsc#1104353 ).

  - net: hns3: Fix for rx vlan id handle to support Rev 0x21
    hardware (bsc#1104353).

  - net: hns3: Fix for setting speed for phy failed problem
    (bsc#1104353).

  - net: hns3: Fix for vf vlan delete failed problem
    (bsc#1104353 ).

  - net: hns3: Fix loss of coal configuration while doing
    reset (bsc#1104353).

  - net: hns3: Fix parameter type for q_id in
    hclge_tm_q_to_qs_map_cfg() (bsc#1104353).

  - net: hns3: Fix ping exited problem when doing lp
    selftest (bsc#1104353).

  - net: hns3: Preserve vlan 0 in hardware table
    (bsc#1104353 ).

  - net: hns3: remove unnecessary queue reset in the
    hns3_uninit_all_ring() (bsc#1104353).

  - net: hns3: Set STATE_DOWN bit of hdev state when
    stopping net (bsc#1104353).

  - net/mlx4_core: Correctly set PFC param if global pause
    is turned off (bsc#1046299).

  - net: usb: r8152: constify usb_device_id (bsc#1119749).

  - net: usb: r8152: use irqsave() in USB's complete
    callback (bsc#1119749).

  - nospec: Allow index argument to have const-qualified
    type (git-fixes)

  - nospec: Kill array_index_nospec_mask_check()
    (git-fixes).

  - nvme-fc: resolve io failures during connect
    (bsc#1116803).

  - nvme-multipath: zero out ANA log buffer (bsc#1105168).

  - nvme: validate controller state before rescheduling keep
    alive (bsc#1103257).

  - objtool: Detect RIP-relative switch table references
    (bsc#1058115).

  - objtool: Detect RIP-relative switch table references,
    part 2 (bsc#1058115).

  - objtool: Fix another switch table detection issue
    (bsc#1058115).

  - objtool: Fix double-free in .cold detection error path
    (bsc#1058115).

  - objtool: Fix GCC 8 cold subfunction detection for
    aliased functions (bsc#1058115).

  - objtool: Fix 'noreturn' detection for recursive sibling
    calls (bsc#1058115).

  - objtool: Fix segfault in .cold detection with
    -ffunction-sections (bsc#1058115).

  - objtool: Support GCC 8's cold subfunctions
    (bsc#1058115).

  - objtool: Support GCC 8 switch tables (bsc#1058115).

  - panic: avoid deadlocks in re-entrant console drivers
    (bsc#1088386).

  - PCI: Add ACS quirk for Ampere root ports (bsc#1120058).

  - PCI: Add ACS quirk for APM X-Gene devices (bsc#1120058).

  - PCI: Convert device-specific ACS quirks from NULL
    termination to ARRAY_SIZE (bsc#1120058).

  - PCI: Delay after FLR of Intel DC P3700 NVMe
    (bsc#1120058).

  - PCI: Disable Samsung SM961/PM961 NVMe before FLR
    (bsc#1120058).

  - PCI: Export pcie_has_flr() (bsc#1120058).

  - PCI: iproc: Activate PAXC bridge quirk for more devices
    (bsc#1120058).

  - PCI: Mark Ceton InfiniTV4 INTx masking as broken
    (bsc#1120058).

  - PCI: Mark fall-through switch cases before enabling
    -Wimplicit-fallthrough (bsc#1120058).

  - PCI: Mark Intel XXV710 NIC INTx masking as broken
    (bsc#1120058).

  - perf tools: Fix tracing_path_mount proper path
    (git-fixes).

  - platform-msi: Free descriptors in
    platform_msi_domain_free() (bsc#1051510).

  - powerpc/64s: consolidate MCE counter increment
    (bsc#1094244).

  - powerpc/64s/radix: Fix process table entry cache
    invalidation (bsc#1055186, git-fixes).

  - powerpc/boot: Expose Kconfig symbols to wrapper
    (bsc#1065729).

  - powerpc/boot: Fix build failures with -j 1
    (bsc#1065729).

  - powerpc/pkeys: Fix handling of pkey state across fork()
    (bsc#1078248, git-fixes).

  - powerpc/powernv: Fix save/restore of SPRG3 on entry/exit
    from stop (idle) (bsc#1055121).

  - powerpc/pseries: Track LMB nid instead of using device
    tree (bsc#1108270).

  - powerpc/traps: restore recoverability of machine_check
    interrupts (bsc#1094244).

  - power: supply: olpc_battery: correct the temperature
    units (bsc#1051510).

  - ptrace: Remove unused ptrace_may_access_sched() and
    MODE_IBRS (bsc#1106913).

  - qed: Add driver support for 20G link speed
    (bsc#1110558).

  - qed: Add support for virtual link (bsc#1111795).

  - qede: Add driver support for 20G link speed
    (bsc#1110558).

  - r8152: add byte_enable for ocp_read_word function
    (bsc#1119749).

  - r8152: add Linksys USB3GIGV1 id (bsc#1119749).

  - r8152: add r8153_phy_status function (bsc#1119749).

  - r8152: adjust lpm settings for RTL8153 (bsc#1119749).

  - r8152: adjust rtl8153_runtime_enable function
    (bsc#1119749).

  - r8152: adjust the settings about MAC clock speed down
    for RTL8153 (bsc#1119749).

  - r8152: adjust U2P3 for RTL8153 (bsc#1119749).

  - r8152: avoid rx queue more than 1000 packets
    (bsc#1119749).

  - r8152: check if disabling ALDPS is finished
    (bsc#1119749).

  - r8152: correct the definition (bsc#1119749).

  - r8152: disable RX aggregation on Dell TB16 dock
    (bsc#1119749).

  - r8152: disable RX aggregation on new Dell TB16 dock
    (bsc#1119749).

  - r8152: fix wrong checksum status for received IPv4
    packets (bsc#1119749).

  - r8152: move calling delay_autosuspend function
    (bsc#1119749).

  - r8152: move the default coalesce setting for RTL8153
    (bsc#1119749).

  - r8152: move the initialization to reset_resume function
    (bsc#1119749).

  - r8152: move the setting of rx aggregation (bsc#1119749).

  - r8152: replace napi_complete with napi_complete_done
    (bsc#1119749).

  - r8152: set rx mode early when linking on (bsc#1119749).

  - r8152: split rtl8152_resume function (bsc#1119749).

  - r8152: support new chip 8050 (bsc#1119749).

  - r8152: support RTL8153B (bsc#1119749).

  - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit
    (Git-fixes).

  - rcu: Allow for page faults in NMI handlers
    (bsc#1120092).

  - rdma/bnxt_re: Add missing spin lock initialization
    (bsc#1050244 ).

  - rdma/bnxt_re: Avoid accessing the device structure after
    it is freed (bsc#1050244).

  - rdma/bnxt_re: Avoid NULL check after accessing the
    pointer (bsc#1086283).

  - rdma/bnxt_re: Fix system hang when registration with L2
    driver fails (bsc#1086283).

  - rdma/hns: Bugfix pbl configuration for rereg mr
    (bsc#1104427 ).

  - rdma_rxe: make rxe work over 802.1q VLAN devices
    (bsc#1082387).

  - reset: remove remaining WARN_ON() in <linux/reset.h>
    (Git-fixes).

  - Revert commit ef9209b642f 'staging: rtl8723bs: Fix
    indenting errors and an off-by-one mistake in
    core/rtw_mlme_ext.c' (bsc#1051510).

  - Revert 'iommu/io-pgtable-arm: Check for v7s-incapable
    systems' (bsc#1106105).

  - Revert 'PCI/ASPM: Do not initialize link state when
    aspm_disabled is set' (bsc#1051510).

  - Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs'
    (bsc#1119322).

  - ring-buffer: Allow for rescheduling when removing pages
    (bsc#1120238).

  - ring-buffer: Do no reuse reader page if still in use
    (bsc#1120096).

  - ring-buffer: Mask out the info bits when returning
    buffer page length (bsc#1120094).

  - rtc: hctosys: Add missing range error reporting
    (bsc#1051510).

  - rtc: m41t80: Correct alarm month range with RTC reads
    (bsc#1051510).

  - rtc: pcf2127: fix a kmemleak caused in
    pcf2127_i2c_gather_write (bsc#1051510).

  - rtc: snvs: Add timeouts to avoid kernel lockups
    (bsc#1051510).

  - rtl8xxxu: Fix missing break in switch (bsc#1051510).

  - s390/dasd: simplify locking in dasd_times_out
    (bsc#1104967,).

  - s390/kdump: Fix elfcorehdr size calculation
    (bsc#1117953, LTC#171112).

  - s390/kdump: Make elfcorehdr size calculation ABI
    compliant (bsc#1117953, LTC#171112).

  - s390/qeth: fix length check in SNMP processing
    (bsc#1117953, LTC#173657).

  - s390/qeth: remove outdated portname debug msg
    (bsc#1117953, LTC#172960).

  - s390/qeth: sanitize strings in debug messages
    (bsc#1117953, LTC#172960).

  - sbitmap: fix race in wait batch accounting (Git-fixes).

  - sched/core: Fix cpu.max vs. cpuhotplug deadlock
    (bsc#1106913).

  - sched/fair: Fix infinite loop in
    update_blocked_averages() by reverting a9e7f6544b9c (Git
    fixes (scheduler)).

  - sched/smt: Expose sched_smt_present static key
    (bsc#1106913).

  - sched/smt: Make sched_smt_present track topology
    (bsc#1106913).

  - sched, tracing: Fix trace_sched_pi_setprio() for
    deboosting (bsc#1120228).

  - scripts/git-pre-commit: make executable.

  - scripts/git_sort/git_sort.py: change SCSI git repos to
    make series sorting more failsafe.

  - scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215).

  - scsi: lpfc: Correct code setting non existent bits in
    sli4 ABORT WQE (bsc#1118215).

  - scsi: lpfc: Correct topology type reporting on G7
    adapters (bsc#1118215).

  - scsi: lpfc: Defer LS_ACC to FLOGI on point to point
    logins (bsc#1118215).

  - scsi: lpfc: Enable Management features for IF_TYPE=6
    (bsc#1119322).

  - scsi: lpfc: Fix a duplicate 0711 log message number
    (bsc#1118215).

  - scsi: lpfc: fix block guard enablement on SLI3 adapters
    (bsc#1079935).

  - scsi: lpfc: Fix dif and first burst use in write
    commands (bsc#1118215).

  - scsi: lpfc: Fix discovery failures during port failovers
    with lots of vports (bsc#1118215).

  - scsi: lpfc: Fix driver release of fw-logging buffers
    (bsc#1118215).

  - scsi: lpfc: Fix kernel Oops due to null pring pointers
    (bsc#1118215).

  - scsi: lpfc: Fix panic when FW-log buffsize is not
    initialized (bsc#1118215).

  - scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215).

  - scsi: lpfc: refactor mailbox structure context fields
    (bsc#1118215).

  - scsi: lpfc: rport port swap discovery issue
    (bsc#1118215).

  - scsi: lpfc: update driver version to 12.0.0.9
    (bsc#1118215).

  - scsi: lpfc: update manufacturer attribute to reflect
    Broadcom (bsc#1118215).

  - scsi: target: add emulate_pr backstore attr to toggle PR
    support (bsc#1091405).

  - scsi: target: drop unused pi_prot_format attribute
    storage (bsc#1091405).

  - scsi: zfcp: fix posting too many status read buffers
    leading to adapter shutdown (bsc#1121483, LTC#174588).

  - skd: Avoid that module unloading triggers a
    use-after-free (Git-fixes).

  - skd: Submit requests to firmware before triggering the
    doorbell (Git-fixes).

  - soc: bcm2835: sync firmware properties with downstream
    ()

  - spi: bcm2835: Avoid finishing transfer prematurely in
    IRQ mode (bsc#1051510).

  - spi: bcm2835: Fix book-keeping of DMA termination
    (bsc#1051510).

  - spi: bcm2835: Fix race on DMA termination (bsc#1051510).

  - spi: bcm2835: Unbreak the build of esoteric configs
    (bsc#1051510).

  - splice: do not read more than available pipe space
    (bsc#1119212).

  - staging: bcm2835-camera: Abort probe if there is no
    camera (bsc#1051510).

  - staging: rtl8712: Fix possible buffer overrun
    (bsc#1051510).

  - staging: rtl8723bs: Add missing return for
    cfg80211_rtw_get_station (bsc#1051510).

  - staging: rts5208: fix gcc-8 logic error warning
    (bsc#1051510).

  - staging: wilc1000: fix missing read_write setting when
    reading data (bsc#1051510).

  - Stop building F2FS (boo#1109665) As per the information
    in the bugzilla issue f2fs is no longer supported on
    opensuse distributions.

  - supported.conf: add raspberrypi-ts driver

  - supported.conf: whitelist bluefield eMMC driver

  - target/iscsi: avoid NULL dereference in CHAP auth error
    path (bsc#1117165).

  - target: se_dev_attrib.emulate_pr ABI stability
    (bsc#1091405).

  - team: no need to do team_notify_peers or
    team_mcast_rejoin when disabling port (bsc#1051510).

  - termios, tty/tty_baudrate.c: fix buffer overrun
    (bsc#1051510).

  - test_hexdump: use memcpy instead of strncpy
    (bsc#1051510).

  - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with
    a negative offset (bsc#1051510).

  - tools: hv: fcopy: set 'error' in case an unknown
    operation was requested (git-fixes).

  - tools: hv: include string.h in hv_fcopy_daemon
    (git-fixes).

  - tools/power/cpupower: fix compilation with STATIC=true
    (git-fixes).

  - tools/power turbostat: fix possible sprintf buffer
    overflow (git-fixes).

  - tracing/blktrace: Fix to allow setting same value
    (Git-fixes).

  - tracing: Fix bad use of igrab in trace_uprobe.c
    (bsc#1120046).

  - tracing: Fix crash when freeing instances with event
    triggers (bsc#1120230).

  - tracing: Fix crash when it fails to alloc ring buffer
    (bsc#1120097).

  - tracing: Fix double free of event_trigger_data
    (bsc#1120234).

  - tracing: Fix missing return symbol in function_graph
    output (bsc#1120232).

  - tracing: Fix possible double free in
    event_enable_trigger_func() (bsc#1120235).

  - tracing: Fix possible double free on failure of
    allocating trace buffer (bsc#1120214).

  - tracing: Fix regex_match_front() to not over compare the
    test string (bsc#1120223).

  - tracing: Fix trace_pipe behavior for instance traces
    (bsc#1120088).

  - tracing: Remove RCU work arounds from stack tracer
    (bsc#1120092).

  - tracing/samples: Fix creation and deletion of
    simple_thread_fn creation (git-fixes).

  - tty: Do not return -EAGAIN in blocking read
    (bsc#1116040).

  - tty: do not set TTY_IO_ERROR flag if console port
    (bsc#1051510).

  - tty: serial: 8250_mtk: always resume the device in probe
    (bsc#1051510).

  - ubifs: Handle re-linking of inodes correctly while
    recovery (bsc#1120598).

  - udf: Allow mounting volumes with incorrect
    identification strings (bsc#1118774).

  - unifdef: use memcpy instead of strncpy (bsc#1051510).

  - usb: appledisplay: Add 27' Apple Cinema Display
    (bsc#1051510).

  - usb: core: quirks: add RESET_RESUME quirk for Cherry
    G230 Stream series (bsc#1051510).

  - usb: dwc2: host: use hrtimer for NAK retries
    (git-fixes).

  - usb: hso: Fix OOB memory access in
    hso_probe/hso_get_config_data (bsc#1051510).

  - usbip: vhci_hcd: check rhport before using in
    vhci_hub_control() (bsc#1090888).

  - usb: omap_udc: fix crashes on probe error and module
    removal (bsc#1051510).

  - usb: omap_udc: fix omap_udc_start() on 15xx machines
    (bsc#1051510).

  - usb: omap_udc: fix USB gadget functionality on Palm
    Tungsten E (bsc#1051510).

  - usb: omap_udc: use devm_request_irq() (bsc#1051510).

  - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair
    device (bsc#1051510).

  - usb: serial: option: add Fibocom NL668 series
    (bsc#1051510).

  - usb: serial: option: add GosunCn ZTE WeLink ME3630
    (bsc#1051510).

  - usb: serial: option: add HP lt4132 (bsc#1051510).

  - usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM
    mode) (bsc#1051510).

  - usb: serial: option: add Telit LN940 series
    (bsc#1051510).

  - usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in
    vhci_hub_control() (bsc#1106110).

  - usb: usb-storage: Add new IDs to ums-realtek
    (bsc#1051510).

  - usb: xhci: fix uninitialized completion when USB3 port
    got wrong status (bsc#1051510).

  - usb: xhci: Prevent bus suspend if a port connect change
    or polling state is detected (bsc#1051510).

  - userfaultfd: clear the vma->vm_userfaultfd_ctx if
    UFFD_EVENT_FORK fails (bsc#1118761).

  - userfaultfd: remove uffd flags from vma->vm_flags if
    UFFD_EVENT_FORK fails (bsc#1118809).

  - v9fs_dir_readdir: fix double-free on p9stat_read error
    (bsc#1118771).

  - watchdog/core: Add missing prototypes for weak functions
    (git-fixes).

  - wireless: airo: potential buffer overflow in sprintf()
    (bsc#1051510).

  - wlcore: Fix the return value in case of error in
    'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510).

  - x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913).

  - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
    (bsc#1106913).

  - x86/bugs: Switch the selection of mitigation from CPU
    vendor to CPU features (bsc#1106913).

  - x86/decoder: Fix and update the opcodes map
    (bsc#1058115).

  - x86/kabi: Fix cpu_tlbstate issue (bsc#1106913).

  - x86/l1tf: Show actual SMT state (bsc#1106913).

  - x86/MCE/AMD: Fix the thresholding machinery
    initialization order (bsc#1114279).

  - x86/mm: Fix decoy address handling vs 32-bit builds
    (bsc#1120606).

  - x86/PCI: Add additional VMD device root ports to VMD AER
    quirk (bsc#1120058).

  - x86/PCI: Add 'pci=big_root_window' option for AMD 64-bit
    windows (bsc#1120058).

  - x86/PCI: Apply VMD's AERSID fixup generically
    (bsc#1120058).

  - x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect
    (bsc#1120058).

  - x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models
    00-1f, 30-3f, 60-7f) (bsc#1120058).

  - x86/PCI: Enable AMD 64-bit window on resume
    (bsc#1120058).

  - x86/PCI: Fix infinite loop in search for 64bit BAR
    placement (bsc#1120058).

  - x86/PCI: Move and shrink AMD 64-bit window to avoid
    conflict (bsc#1120058).

  - x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058).

  - x86/PCI: Only enable a 64bit BAR on single-socket AMD
    Family 15h (bsc#1120058).

  - x86/PCI: Use is_vmd() rather than relying on the domain
    number (bsc#1120058).

  - x86/process: Consolidate and simplify switch_to_xtra()
    code (bsc#1106913).

  - x86/pti: Document fix wrong index (git-fixes).

  - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler
    support (bsc#1106913).

  - x86/retpoline: Remove minimal retpoline support
    (bsc#1106913).

  - x86/speculataion: Mark command line parser data
    __initdata (bsc#1106913).

  - x86/speculation: Add command line control for indirect
    branch speculation (bsc#1106913).

  - x86/speculation: Add prctl() control for indirect branch
    speculation (bsc#1106913).

  - x86/speculation: Add seccomp Spectre v2 user space
    protection mode (bsc#1106913).

  - x86/speculation: Apply IBPB more strictly to avoid
    cross-process data leak (bsc#1106913).

  - x86/speculation: Avoid __switch_to_xtra() calls
    (bsc#1106913).

  - x86/speculation: Clean up spectre_v2_parse_cmdline()
    (bsc#1106913).

  - x86/speculation: Disable STIBP when enhanced IBRS is in
    use (bsc#1106913).

  - x86/speculation: Enable cross-hyperthread spectre v2
    STIBP mitigation (bsc#1106913).

  - x86/speculation: Enable prctl mode for spectre_v2_user
    (bsc#1106913).

  - x86/speculation/l1tf: Drop the swap storage limit
    restriction when l1tf=off (bnc#1114871).

  - x86/speculation: Mark string arrays const correctly
    (bsc#1106913).

  - x86/speculation: Move STIPB/IBPB string conditionals out
    of cpu_show_common() (bsc#1106913).

  - x86/speculation: Prepare arch_smt_update() for PRCTL
    mode (bsc#1106913).

  - x86/speculation: Prepare for conditional IBPB in
    switch_mm() (bsc#1106913).

  - x86/speculation: Prepare for per task indirect branch
    speculation control (bsc#1106913).

  - x86/speculation: Prevent stale SPEC_CTRL msr content
    (bsc#1106913).

  - x86/speculation: Propagate information about RSB filling
    mitigation to sysfs (bsc#1106913).

  - x86/speculation: Provide IBPB always command line
    options (bsc#1106913).

  - x86/speculation: Remove unnecessary ret variable in
    cpu_show_common() (bsc#1106913).

  - x86/speculation: Rename SSBD update functions
    (bsc#1106913).

  - x86/speculation: Reorder the spec_v2 code (bsc#1106913).

  - x86/speculation: Reorganize speculation control MSRs
    update (bsc#1106913).

  - x86/speculation: Rework SMT state change (bsc#1106913).

  - x86/speculation: Split out TIF update (bsc#1106913).

  - x86/speculation: Unify conditional spectre v2 print
    functions (bsc#1106913).

  - x86/speculation: Update the TIF_SSBD comment
    (bsc#1106913).

  - xen/netfront: tolerate frags with no data (bnc#1119804).

  - xen/x86: add diagnostic printout to xen_mc_flush() in
    case of error (bnc#1116183).

  - xfs: Align compat attrlist_by_handle with native
    implementation (git-fixes).

  - xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat
    (git-fixes).

  - xfs: xfs_buf: drop useless LIST_HEAD (git-fixes).

  - xhci: Add quirk to workaround the errata seen on Cavium
    Thunder-X2 Soc (bsc#1117162).

  - xhci: Do not prevent USB2 bus suspend in state check
    intended for USB3 only (bsc#1051510).

  - xhci: Prevent U1/U2 link pm states if exit latency is
    too long (bsc#1051510).

  - xfs: fix quotacheck dquot id overflow infinite loop
    (bsc#1121621)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1024718"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1046299"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050242"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050244"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055121"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055186"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1058115"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1060463"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1078248"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1079935"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082387"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086282"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086283"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086423"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087978"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088386"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090888"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1091405"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094244"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097593"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102875"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102877"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102879"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102882"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102896"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103257"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104353"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104967"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1105168"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106105"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106110"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106615"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106913"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108270"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109272"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109665"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110558"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111188"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111469"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111696"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111795"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114871"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1116040"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1116183"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1116336"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1116803"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1116841"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117115"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117162"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117165"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117186"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117561"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117656"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117953"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118152"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118215"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118316"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118319"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118428"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118484"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118752"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118760"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118761"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118762"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118766"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118767"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118768"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118769"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118771"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118772"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118773"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118774"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118775"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118798"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118809"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118962"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119017"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119086"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119212"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119322"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119410"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119714"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119749"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119804"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119946"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119962"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119968"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120036"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120046"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120053"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120054"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120055"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120058"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120088"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120092"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120094"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120096"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120097"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120173"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120214"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120223"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120228"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120230"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120232"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120234"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120235"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120238"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120594"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120598"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120600"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120601"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120602"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120603"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120604"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120606"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120612"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120613"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120614"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120615"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120616"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120617"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120618"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120620"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120621"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120632"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120633"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120743"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121017"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121058"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121263"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121273"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121477"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121483"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121621"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121714"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121715"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected the Linux Kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-9568");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/22");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-base-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-base-debuginfo-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-debuginfo-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-debugsource-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-devel-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-devel-debuginfo-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-base-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-base-debuginfo-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-debuginfo-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-debugsource-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-devel-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-devel-debuginfo-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-devel-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-docs-html-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-base-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-debugsource-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-devel-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-macros-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-build-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-build-debugsource-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-qa-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-source-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-source-vanilla-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-syms-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-base-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-debuginfo-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-debugsource-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-devel-4.12.14-lp150.12.45.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.45.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc");
}
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4541.NASL
    descriptionDescription of changes: [4.14.35-1844.2.5.el7uek] - x86/apic: Switch all APICs to Fixed delivery mode (Thomas Gleixner) [Orabug: 29262403] [4.14.35-1844.2.4.el7uek] - x86/platform/UV: Add check of TSC state set by UV BIOS (<A HREF=
    last seen2020-06-01
    modified2020-06-02
    plugin id122141
    published2019-02-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122141
    titleOracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4541)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2019-4541.
#

include("compat.inc");

if (description)
{
  script_id(122141);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/17");

  script_cve_id("CVE-2018-13053", "CVE-2018-16882", "CVE-2018-17972", "CVE-2018-18397", "CVE-2019-5489");
  script_xref(name:"IAVA", value:"2020-A-0325");

  script_name(english:"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4541)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Description of changes:

[4.14.35-1844.2.5.el7uek]
- x86/apic: Switch all APICs to Fixed delivery mode (Thomas Gleixner) 
[Orabug: 29262403]

[4.14.35-1844.2.4.el7uek]
- x86/platform/UV: Add check of TSC state set by UV BIOS 
(<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>mike.travis at hpe.com</A>) [Orabug: 29205471] - x86/tsc: Provide a means to 
disable TSC ART (<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>mike.travis at hpe.com</A>) [Orabug: 29205471] - x86/tsc: 
Drastically reduce the number of firmware bug warnings 
(<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>mike.travis at hpe.com</A>) [Orabug: 29205471] - x86/tsc: Skip TSC test and 
error messages if already unstable (<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>mike.travis at hpe.com</A>) [Orabug: 
29205471] - x86/tsc: Add option that TSC on Socket 0 being non-zero is 
valid (<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>mike.travis at hpe.com</A>) [Orabug: 29205471] - scsi: lpfc: Enable 
Management features for IF_TYPE=6 (James Smart) [Orabug: 29248376]

[4.14.35-1844.2.3.el7uek]
- RDS: Heap OOB write in rds_message_alloc_sgs() (Mohamed Ghannam) 
[Orabug: 28983233] - proc: restrict kernel stack dumps to root (Jann 
Horn) [Orabug: 29114876] {CVE-2018-17972}
- rds: congestion updates can be missed when kernel low on memory 
(Mukesh Kacker) [Orabug: 29200902] - x86/retpoline: Make 
CONFIG_RETPOLINE depend on compiler support (Zhenzhong Duan) [Orabug: 
29211613] - xen-netback: wake up xenvif_dealloc_kthread when it should 
stop (Dongli Zhang) [Orabug: 29237355] - xen/blkback: rework 
validate_io_op() (Dongli Zhang) [Orabug: 29237430] - xen/blkback: 
optimize validate_io_op() to filter BLKIF_OP_RESERVED_1 operation 
(Dongli Zhang) [Orabug: 29237430] - xen/blkback: do not BUG() for 
invalid blkif_request from frontend (Dongli Zhang) [Orabug: 29237430] - 
net/rds: WARNING: at net/rds/recv.c:222 rds_recv_hs_exthdrs+0xf8/0x1e0 
(Venkat Venkatsubra) [Orabug: 29248238] - kvm: x86: Add AMD's EX_CFG to 
the list of ignored MSRs (Eduardo Habkost) [Orabug: 29254549] - 
alarmtimer: Prevent overflow for relative nanosleep (Thomas Gleixner) 
[Orabug: 29269148] {CVE-2018-13053}

[4.14.35-1844.2.2.el7uek]
- genirq/affinity: Don't return with empty affinity masks on error 
(Thomas Gleixner) [Orabug: 29209330] - x86/apic/x2apic: set affinity of 
a single interrupt to one cpu (Jianchao Wang) [Orabug: 29201434] - 
uek-rpm: Update x86_64 config options (Victor Erminpour) [Orabug: 
29129556] - net: rds: fix excess initialization of the recv SGEs (Zhu 
Yanjun) [Orabug: 29004501] - nvme-pci: fix memory leak on probe failure 
(Keith Busch) [Orabug: 29214245] - nvme-pci: limit max IO size and 
segments to avoid high order allocations (Jens Axboe) [Orabug: 29214245] 
- arm64, dtrace: add non-virtual clocksources to fbt blacklist (Nick 
Alcock) [Orabug: 29220926] - net/rds: ib: Fix endless RNR Retries caused 
by memory allocation failures (Venkat Venkatsubra) [Orabug: 29222874] - 
x86/speculation: simplify IBRS firmware control (Alexandre Chartre) 
[Orabug: 29225114] - x86/speculation: use jump label instead of 
alternative to control IBRS firmware (Alexandre Chartre) [Orabug: 
29225114] - x86/speculation: fix and simplify IBPB control (Alexandre 
Chartre) [Orabug: 29225114] - x86/speculation: use jump label instead of 
alternative to control IBPB (Alexandre Chartre) [Orabug: 29225114] - 
x86/speculation: move ANNOTATE_* macros to a new header file (Alexandre 
Chartre) [Orabug: 29225114] - be2net: Update the driver version to 
12.0.0.0 (Suresh Reddy) [Orabug: 29228473] - be2net: Handle transmit 
completion errors in Lancer (Suresh Reddy) [Orabug: 29228473] - be2net: 
Fix HW stall issue in Lancer (Suresh Reddy) [Orabug: 29228473] - 
x86/platform/UV: Fix GAM MMR references in the UV x2apic code (Mike 
Travis) [Orabug: 29205471] - x86/platform/UV: Fix GAM MMR changes in 
UV4A (Mike Travis) [Orabug: 29205471] - x86/platform/UV: Add references 
to access fixed UV4A HUB MMRs (Mike Travis) [Orabug: 29205471] - 
x86/platform/UV: Fix UV4A support on new Intel Processors (Mike Travis) 
[Orabug: 29205471] - x86/platform/UV: Update uv_mmrs.h to prepare for 
UV4A fixes (Mike Travis) [Orabug: 29205471]

[4.14.35-1844.2.1.el7uek]
- rds: Incorrect rds-info send and retransmission message output 
(Ka-Cheong Poon) [Orabug: 29024033] - mlx4_core: Disable P_Key Violation 
Traps (H&aring kon Bugge) [Orabug: 28861014] - rds: ib: Use a delay when 
reconnecting to the very same IP address (H&aring kon Bugge) [Orabug: 
29161391] - KVM: Fix UAF in nested posted interrupt processing (Cfir 
Cohen) [Orabug: 29172125] {CVE-2018-16882}
- x86/alternative: check int3 breakpoint physical addresses (Alexandre 
Chartre) [Orabug: 29178334] - Change mincore() to count 'mapped' pages 
rather than 'cached' pages (Linus Torvalds) [Orabug: 29187408] 
{CVE-2019-5489}
- net/rds: RDS connection does not reconnect after CQ access violation 
error (Venkat Venkatsubra) [Orabug: 29180514]

[4.14.35-1844.2.0.el7uek]
- userfaultfd: check VM_MAYWRITE was set after verifying the uffd is 
registered (Andrea Arcangeli) [Orabug: 29163742] {CVE-2018-18397}
- userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas 
(Andrea Arcangeli) [Orabug: 29163742] {CVE-2018-18397}
- ocfs2: don't clear bh uptodate for block read (Junxiao Bi) [Orabug: 
29159655] - ocfs2: clear journal dirty flag after shutdown journal 
(Junxiao Bi) [Orabug: 29154599] - ocfs2: fix panic due to unrecovered 
local alloc (Junxiao Bi) [Orabug: 29154599]"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2019-February/008486.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected unbreakable enterprise kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/02/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/13");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
include("ksplice.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2018-13053", "CVE-2018-16882", "CVE-2018-17972", "CVE-2018-18397", "CVE-2019-5489");  
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2019-4541");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

kernel_major_minor = get_kb_item("Host/uname/major_minor");
if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
expected_kernel_major_minor = "4.14";
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);

flag = 0;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-4.14.35-1844.2.5.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-4.14.35-1844.2.5.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-devel-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-devel-4.14.35-1844.2.5.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-devel-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-devel-4.14.35-1844.2.5.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-doc-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-doc-4.14.35-1844.2.5.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-tools-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-tools-4.14.35-1844.2.5.el7uek")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
}
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0070_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression. (CVE-2015-8830) - A weakness was found in the Linux ASLR implementation. Any user able to running 32-bit applications in a x86 machine can disable ASLR by setting the RLIMIT_STACK resource to unlimited. (CVE-2016-3672) - The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2016-7913) - Use-after-free vulnerability in the snd_pcm_info() function in the ALSA subsystem in the Linux kernel allows attackers to induce a kernel memory corruption and possibly crash or lock up a system. Due to the nature of the flaw, a privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-0861) - A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (>1024) index value. (CVE-2017-1000252) - Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in DoS. (CVE-2017-1000407) - A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space. (CVE-2017-1000410) - A race condition was found in the Linux kernel before version 4.11-rc1 in
    last seen2020-06-01
    modified2020-06-02
    plugin id127272
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127272
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0070)
    code
    #
# (C) Tenable Network Security, Inc.
#

# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2019-0070. The text
# itself is copyright (C) ZTE, Inc.

include("compat.inc");

if (description)
{
  script_id(127272);
  script_version("1.2");
  script_cvs_date("Date: 2019/09/24 11:01:33");

  script_cve_id(
    "CVE-2015-8830",
    "CVE-2016-3672",
    "CVE-2016-7913",
    "CVE-2017-0861",
    "CVE-2017-9725",
    "CVE-2017-10661",
    "CVE-2017-12154",
    "CVE-2017-12190",
    "CVE-2017-13305",
    "CVE-2017-15129",
    "CVE-2017-15265",
    "CVE-2017-15274",
    "CVE-2017-17448",
    "CVE-2017-17449",
    "CVE-2017-17558",
    "CVE-2017-17805",
    "CVE-2017-18017",
    "CVE-2017-18203",
    "CVE-2017-18208",
    "CVE-2017-1000252",
    "CVE-2017-1000407",
    "CVE-2017-1000410",
    "CVE-2018-1120",
    "CVE-2018-1130",
    "CVE-2018-3646",
    "CVE-2018-5344",
    "CVE-2018-5750",
    "CVE-2018-5803",
    "CVE-2018-5848",
    "CVE-2018-7566",
    "CVE-2018-9568",
    "CVE-2018-17972",
    "CVE-2018-18397",
    "CVE-2018-18690",
    "CVE-2018-1000004",
    "CVE-2018-1000026"
  );
  script_bugtraq_id(102329);

  script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0070)");

  script_set_attribute(attribute:"synopsis", value:
"The remote machine is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by
multiple vulnerabilities:

  - Integer overflow in the aio_setup_single_vector function
    in fs/aio.c in the Linux kernel 4.0 allows local users
    to cause a denial of service or possibly have
    unspecified other impact via a large AIO iovec. NOTE:
    this vulnerability exists because of a CVE-2012-6701
    regression. (CVE-2015-8830)

  - A weakness was found in the Linux ASLR implementation.
    Any user able to running 32-bit applications in a x86
    machine can disable ASLR by setting the RLIMIT_STACK
    resource to unlimited. (CVE-2016-3672)

  - The xc2028_set_config function in
    drivers/media/tuners/tuner-xc2028.c in the Linux kernel
    before 4.6 allows local users to gain privileges or
    cause a denial of service (use-after-free) via vectors
    involving omission of the firmware name from a certain
    data structure. Due to the nature of the flaw, privilege
    escalation cannot be fully ruled out, although we
    believe it is unlikely. (CVE-2016-7913)

  - Use-after-free vulnerability in the snd_pcm_info()
    function in the ALSA subsystem in the Linux kernel
    allows attackers to induce a kernel memory corruption
    and possibly crash or lock up a system. Due to the
    nature of the flaw, a privilege escalation cannot be
    fully ruled out, although we believe it is unlikely.
    (CVE-2017-0861)

  - A reachable assertion failure flaw was found in the
    Linux kernel built with KVM virtualisation(CONFIG_KVM)
    support with Virtual Function I/O feature (CONFIG_VFIO)
    enabled. This failure could occur if a malicious guest
    device sent a virtual interrupt (guest IRQ) with a
    larger (>1024) index value. (CVE-2017-1000252)

  - Linux kernel Virtualization Module (CONFIG_KVM) for the
    Intel processor family (CONFIG_KVM_INTEL) is vulnerable
    to a DoS issue. It could occur if a guest was to flood
    the I/O port 0x80 with write requests. A guest user
    could use this flaw to crash the host kernel resulting
    in DoS. (CVE-2017-1000407)

  - A flaw was found in the processing of incoming L2CAP
    bluetooth commands. Uninitialized stack variables can be
    sent to an attacker leaking data in kernel address
    space. (CVE-2017-1000410)

  - A race condition was found in the Linux kernel before
    version 4.11-rc1 in 'fs/timerfd.c' file which allows a
    local user to cause a kernel list corruption or use-
    after-free via simultaneous operations with a file
    descriptor which leverage improper 'might_cancel'
    queuing. An unprivileged local user could use this flaw
    to cause a denial of service of the system. Due to the
    nature of the flaw, privilege escalation cannot be fully
    ruled out, although we believe it is unlikely.
    (CVE-2017-10661)

  - Linux kernel built with the KVM visualization support
    (CONFIG_KVM), with nested visualization (nVMX) feature
    enabled (nested=1), is vulnerable to a crash due to
    disabled external interrupts. As L2 guest could access
    (r/w) hardware CR8 register of the host(L0). In a nested
    visualization setup, L2 guest user could use this flaw
    to potentially crash the host(L0) resulting in DoS.
    (CVE-2017-12154)

  - It was found that in the Linux kernel through v4.14-rc5,
    bio_map_user_iov() and bio_unmap_user() in 'block/bio.c'
    do unbalanced pages refcounting if IO vector has small
    consecutive buffers belonging to the same page.
    bio_add_pc_page() merges them into one, but the page
    reference is never dropped, causing a memory leak and
    possible system lockup due to out-of-memory condition.
    (CVE-2017-12190)

  - A flaw was found in the Linux kernel's implementation of
    valid_master_desc() in which a memory buffer would be
    compared to a userspace value with an incorrect size of
    comparison. By bruteforcing the comparison, an attacker
    could determine what was in memory after the description
    and possibly obtain sensitive information from kernel
    memory. (CVE-2017-13305)

  - A use-after-free vulnerability was found in a network
    namespaces code affecting the Linux kernel since
    v4.0-rc1 through v4.15-rc5. The function
    get_net_ns_by_id() does not check for the net::count
    value after it has found a peer network in netns_ids idr
    which could lead to double free and memory corruption.
    This vulnerability could allow an unprivileged local
    user to induce kernel memory corruption on the system,
    leading to a crash. Due to the nature of the flaw,
    privilege escalation cannot be fully ruled out, although
    it is thought to be unlikely. (CVE-2017-15129)

  - A use-after-free vulnerability was found when issuing an
    ioctl to a sound device. This could allow a user to
    exploit a race condition and create memory corruption or
    possibly privilege escalation. (CVE-2017-15265)

  - A flaw was found in the implementation of associative
    arrays where the add_key systemcall and KEYCTL_UPDATE
    operations allowed for a NULL payload with a nonzero
    length. When accessing the payload within this length
    parameters value, an unprivileged user could trivially
    cause a NULL pointer dereference (kernel oops).
    (CVE-2017-15274)

  - The net/netfilter/nfnetlink_cthelper.c function in the
    Linux kernel through 4.14.4 does not require the
    CAP_NET_ADMIN capability for new, get, and del
    operations. This allows local users to bypass intended
    access restrictions because the nfnl_cthelper_list data
    structure is shared across all net namespaces.
    (CVE-2017-17448)

  - The __netlink_deliver_tap_skb function in
    net/netlink/af_netlink.c in the Linux kernel, through
    4.14.4, does not restrict observations of Netlink
    messages to a single net namespace, when CONFIG_NLMON is
    enabled. This allows local users to obtain sensitive
    information by leveraging the CAP_NET_ADMIN capability
    to sniff an nlmon interface for all Netlink activity on
    the system. (CVE-2017-17449)

  - The usb_destroy_configuration() function, in
    'drivers/usb/core/config.c' in the USB core subsystem,
    in the Linux kernel through 4.14.5 does not consider the
    maximum number of configurations and interfaces before
    attempting to release resources. This allows local users
    to cause a denial of service, due to out-of-bounds write
    access, or possibly have unspecified other impact via a
    crafted USB device. Due to the nature of the flaw,
    privilege escalation cannot be fully ruled out, although
    we believe it is unlikely. (CVE-2017-17558)

  - The Salsa20 encryption algorithm in the Linux kernel,
    before 4.14.8, does not correctly handle zero-length
    inputs. This allows a local attacker the ability to use
    the AF_ALG-based skcipher interface to cause a denial of
    service (uninitialized-memory free and kernel crash) or
    have an unspecified other impact by executing a crafted
    sequence of system calls that use the blkcipher_walk
    API. Both the generic implementation
    (crypto/salsa20_generic.c) and x86 implementation
    (arch/x86/crypto/salsa20_glue.c) of Salsa20 are
    vulnerable. (CVE-2017-17805)

  - The tcpmss_mangle_packet function in
    net/netfilter/xt_TCPMSS.c in the Linux kernel before
    4.11, and 4.9.x before 4.9.36, allows remote attackers
    to cause a denial of service (use-after-free and memory
    corruption) or possibly have unspecified other impact by
    leveraging the presence of xt_TCPMSS in an iptables
    action. Due to the nature of the flaw, privilege
    escalation cannot be fully ruled out, although we
    believe it is unlikely. (CVE-2017-18017)

  - The Linux kernel, before version 4.14.3, is vulnerable
    to a denial of service in
    drivers/md/dm.c:dm_get_from_kobject() which can be
    caused by local users leveraging a race condition with
    __dm_destroy() during creation and removal of DM
    devices. Only privileged local users (with CAP_SYS_ADMIN
    capability) can directly perform the ioctl operations
    for dm device creation and removal and this would
    typically be outside the direct control of the
    unprivileged attacker. (CVE-2017-18203)

  - The madvise_willneed function in the Linux kernel allows
    local users to cause a denial of service (infinite loop)
    by triggering use of MADVISE_WILLNEED for a DAX mapping.
    (CVE-2017-18208)

  - A flaw was found where the kernel truncated the value
    used to indicate the size of a buffer which it would
    later become zero using an untruncated value. This can
    corrupt memory outside of the original allocation.
    (CVE-2017-9725)

  - In the Linux kernel versions 4.12, 3.10, 2.6, and
    possibly earlier, a race condition vulnerability exists
    in the sound system allowing for a potential deadlock
    and memory corruption due to use-after-free condition
    and thus denial of service. Due to the nature of the
    flaw, privilege escalation cannot be fully ruled out,
    although we believe it is unlikely. (CVE-2018-1000004)

  - Improper validation in the bnx2x network card driver of
    the Linux kernel version 4.15 can allow for denial of
    service (DoS) attacks via a packet with a gso_size
    larger than ~9700 bytes. Untrusted guest VMs can exploit
    this vulnerability in the host machine, causing a crash
    in the network card. (CVE-2018-1000026)

  - By mmap()ing a FUSE-backed file onto a process's memory
    containing command line arguments (or environment
    strings), an attacker can cause utilities from psutils
    or procps (such as ps, w) or any other program which
    makes a read() call to the /proc//cmdline (or
    /proc//environ) files to block indefinitely (denial
    of service) or for some controlled time (as a
    synchronization primitive for other attacks).
    (CVE-2018-1120)

  - A null pointer dereference in dccp_write_xmit() function
    in net/dccp/output.c in the Linux kernel allows a local
    user to cause a denial of service by a number of certain
    crafted system calls. (CVE-2018-1130)

  - An issue was discovered in the proc_pid_stack function
    in fs/proc/base.c in the Linux kernel. An attacker with
    a local account can trick the stack unwinder code to
    leak stack contents to userspace. The fix allows only
    root to inspect the kernel stack of an arbitrary task.
    (CVE-2018-17972)

  - A flaw was found in the Linux kernel with files on tmpfs
    and hugetlbfs. An attacker is able to bypass file
    permissions on filesystems mounted with tmpfs/hugetlbs
    to modify a file and possibly disrupt normal system
    behavior. At this time there is an understanding there
    is no crash or privilege escalation but the impact of
    modifications on these filesystems of files in
    production systems may have adverse affects.
    (CVE-2018-18397)

  - In the Linux kernel before 4.17, a local attacker able
    to set attributes on an xfs filesystem could make this
    filesystem non-operational until the next mount by
    triggering an unchecked error condition during an xfs
    attribute change, because xfs_attr_shortform_addname in
    fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE
    operations with conversion of an attr from short to long
    form. (CVE-2018-18690)

  - Modern operating systems implement virtualization of
    physical memory to efficiently use available system
    resources and provide inter-domain protection through
    access control and isolation. The L1TF issue was found
    in the way the x86 microprocessor designs have
    implemented speculative execution of instructions (a
    commonly used performance optimization) in combination
    with handling of page-faults caused by terminated
    virtual to physical address resolving process. As a
    result, an unprivileged attacker could use this flaw to
    read privileged memory of the kernel or other processes
    and/or cross guest/host boundaries to read host memory
    by conducting targeted cache side-channel attacks.
    (CVE-2018-3646)

  - A flaw was found in the Linux kernel's handling of
    loopback devices. An attacker, who has permissions to
    setup loopback disks, may create a denial of service or
    other unspecified actions. (CVE-2018-5344)

  - The acpi_smbus_hc_add function in drivers/acpi/sbshc.c
    in the Linux kernel, through 4.14.15, allows local users
    to obtain sensitive address information by reading dmesg
    data from an SBS HC printk call. (CVE-2018-5750)

  - An error in the _sctp_make_chunk() function
    (net/sctp/sm_make_chunk.c) when handling SCTP, packet
    length can be exploited by a malicious local user to
    cause a kernel crash and a DoS. (CVE-2018-5803)

  - In the function wmi_set_ie() in the Linux kernel the
    length validation code does not handle unsigned integer
    overflow properly. As a result, a large value of the
    ie_len argument can cause a buffer overflow and thus a
    memory corruption leading to a system crash or other or
    unspecified impact. Due to the nature of the flaw,
    privilege escalation cannot be fully ruled out, although
    we believe it is unlikely. (CVE-2018-5848)

  - ALSA sequencer core initializes the event pool on demand
    by invoking snd_seq_pool_init() when the first write
    happens and the pool is empty. A user can reset the pool
    size manually via ioctl concurrently, and this may lead
    to UAF or out-of-bound access. (CVE-2018-7566)

  - A possible memory corruption due to a type confusion was
    found in the Linux kernel in the sk_clone_lock()
    function in the net/core/sock.c. The possibility of
    local escalation of privileges cannot be fully ruled out
    for a local unprivileged attacker. (CVE-2018-9568)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0070");
  script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for
more information.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-18017");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"NewStart CGSL Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/ZTE-CGSL/release");
if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");

if (release !~ "CGSL CORE 5.04" &&
    release !~ "CGSL MAIN 5.04")
  audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');

if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);

flag = 0;

pkgs = {
  "CGSL CORE 5.04": [
    "kernel-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "kernel-core-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "perf-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "python-perf-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite",
    "python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.322.gc3912fd.lite"
  ],
  "CGSL MAIN 5.04": [
    "kernel-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9",
    "kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9",
    "kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9",
    "kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9",
    "kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9",
    "kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9",
    "kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9",
    "kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9",
    "kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9",
    "kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9",
    "kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9",
    "kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9",
    "kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9",
    "kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9",
    "perf-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9",
    "perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9",
    "python-perf-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9",
    "python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.12.319.g46331d9"
  ]
};
pkg_list = pkgs[release];

foreach (pkg in pkg_list)
  if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-0163.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : These updated kernel packages include also numerous bug fixes and enhancements. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/ articles/3827321
    last seen2020-06-01
    modified2020-06-02
    plugin id121547
    published2019-02-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121547
    titleCentOS 7 : kernel (CESA-2019:0163)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2019:0163 and 
# CentOS Errata and Security Advisory 2019:0163 respectively.
#

include("compat.inc");

if (description)
{
  script_id(121547);
  script_version("1.4");
  script_cvs_date("Date: 2019/12/31");

  script_cve_id("CVE-2018-18397", "CVE-2018-18559");
  script_xref(name:"RHSA", value:"2019:0163");

  script_name(english:"CentOS 7 : kernel (CESA-2019:0163)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es) :

* kernel: Use-after-free due to race condition in AF_PACKET
implementation (CVE-2018-18559)

* kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397)

For more details about the security issue(s), including the impact, a
CVSS score, and other related information, refer to the CVE page(s)
listed in the References section.

Bug Fix(es) :

These updated kernel packages include also numerous bug fixes and
enhancements. Space precludes documenting all of the bug fixes in this
advisory. See the descriptions in the related Knowledge Article:
https://access.redhat.com/ articles/3827321"
  );
  # https://lists.centos.org/pipermail/centos-announce/2019-February/023149.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?05b5afeb"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-18559");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bpftool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/02/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bpftool-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-devel-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-doc-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-headers-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perf-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-perf-3.10.0-957.5.1.el7")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0224-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. This update brings following features : Support for Enhanced-IBRS on new Intel CPUs (fate#326564) The following security bugs were fixed: CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat
    last seen2020-03-18
    modified2019-02-04
    plugin id121571
    published2019-02-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121571
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0224-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:0224-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(121571);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20");

  script_cve_id("CVE-2013-2547", "CVE-2018-10940", "CVE-2018-12232", "CVE-2018-14625", "CVE-2018-16658", "CVE-2018-16862", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-18397", "CVE-2018-18710", "CVE-2018-19407", "CVE-2018-19824", "CVE-2018-19854", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-9568");
  script_bugtraq_id(58382);

  script_name(english:"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0224-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 15 kernel was updated to receive various
security and bugfixes.

This update brings following features :

Support for Enhanced-IBRS on new Intel CPUs (fate#326564)

The following security bugs were fixed: CVE-2018-9568: In
sk_clone_lock of sock.c, there is a possible memory corruption due to
type confusion. This could lead to local escalation of privilege with
no additional execution privileges needed. User interaction is not
needed for exploitation. (bnc#1118319).

CVE-2018-12232: In net/socket.c there is a race condition between
fchownat and close in cases where they target the same socket file
descriptor, related to the sock_close and sockfs_setattr functions.
fchownat did not increment the file descriptor reference count, which
allowed close to set the socket to NULL during fchownat's execution,
leading to a NULL pointer dereference and system crash (bnc#1097593).

CVE-2018-14625: A flaw was found where an attacker may be able to have
an uncontrolled read to kernel-memory from within a vm guest. A race
condition between connect() and close() function may allow an attacker
using the AF_VSOCK protocol to gather a 4 byte information leak or
possibly intercept or corrupt AF_VSOCK messages destined to other
clients (bnc#1106615).

CVE-2018-16862: A security flaw was found in the way that the
cleancache subsystem clears an inode after the final file truncation
(removal). The new file created with the same inode may contain
leftover pages from cleancache and the old file data instead of the
new one (bnc#1117186).

CVE-2018-16884: NFS41+ shares mounted in different network namespaces
at the same time can make bc_svc_process() use wrong back-channel IDs
and cause a use-after-free vulnerability. Thus a malicious container
user can cause a host kernel memory corruption and a system panic. Due
to the nature of the flaw, privilege escalation cannot be fully ruled
out (bnc#1119946).

CVE-2018-18281: The mremap() syscall performs TLB flushes after
dropping pagetable locks. If a syscall such as ftruncate() removes
entries from the pagetables of a task that is in the middle of
mremap(), a stale TLB entry can remain for a short time that permits
access to a physical page after it has been released back to the page
allocator and reused. (bnc#1113769).

CVE-2018-18397: The userfaultfd implementation mishandled access
control for certain UFFDIO_ ioctl calls, as demonstrated by allowing
local users to write data into holes in a tmpfs file (if the user has
read-only access to that file, and that file contains holes), related
to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).

CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in
drivers/cdrom/cdrom.c could be used by local attackers to read kernel
memory because a cast from unsigned long to int interferes with bounds
checking. This is similar to CVE-2018-10940 and CVE-2018-16658
(bnc#1113751).

CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c
allowed local users to cause a denial of service (NULL pointer
dereference and BUG) via crafted system calls that reach a situation
where ioapic is uninitialized (bnc#1116841).

CVE-2018-19824: A local user could exploit a use-after-free in the
ALSA driver by supplying a malicious USB Sound device (with zero
interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c
(bnc#1118152).

CVE-2018-19854: An issue was discovered in the crypto_report_one() and
related functions in crypto/crypto_user.c (the crypto user
configuration API) do not fully initialize structures that are copied
to userspace, potentially leaking sensitive memory to user programs.
NOTE: this is a CVE-2013-2547 regression but with easier
exploitability because the attacker did not need a capability
(however, the system must have the CONFIG_CRYPTO_USER kconfig option)
(bnc#1118428).

CVE-2018-19985: The function hso_probe read if_num from the USB device
(as an u8) and used it without a length check to index an array,
resulting in an OOB memory read in hso_probe or hso_get_config_data
that could be used by local attackers (bnc#1120743).

CVE-2018-20169: The USB subsystem mishandled size checks during the
reading of an extra descriptor, related to __usb_get_extra_descriptor
in drivers/usb/core/usb.c (bnc#1119714).

The update package also includes non-security fixes. See advisory for
details.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1024718"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1046299"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1050242"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1050244"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1051510"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1055120"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1055121"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1055186"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1058115"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1060463"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1061840"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1065729"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1068273"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1078248"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1079935"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1082387"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1082555"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1082653"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1083647"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1085535"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1086196"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1086282"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1086283"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1086423"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1087978"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1088386"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1089350"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1090888"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1091405"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1091800"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1094244"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1097593"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1097755"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1100132"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1102875"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1102877"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1102879"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1102882"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1102896"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1103257"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1103356"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1103925"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104124"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104353"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104824"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104967"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105168"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1105428"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106105"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106110"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106237"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106240"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106615"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106913"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1107256"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1107385"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1107866"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1108270"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1108468"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1109272"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1109772"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1109806"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1110006"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1110558"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1110998"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1111040"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1111062"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1111174"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1111183"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1111188"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1111469"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1111696"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1111795"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1111809"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1111921"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1112878"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1112963"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1113295"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1113408"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1113412"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1113501"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1113667"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1113677"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1113722"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1113751"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1113769"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1113780"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1113972"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114015"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114178"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114279"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114385"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114576"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114577"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114578"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114579"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114580"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114581"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114582"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114583"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114584"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114585"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114839"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114871"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1115074"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1115269"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1115431"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1115433"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1115440"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1115567"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1115709"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1115976"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116040"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116183"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116336"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116692"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116693"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116698"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116699"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116700"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116701"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116803"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116841"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116862"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116863"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116876"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116877"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116878"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116891"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116895"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116899"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116950"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117115"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117162"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117165"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117168"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117172"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117174"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117181"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117184"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117186"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117188"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117189"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117349"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117561"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117656"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117788"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117789"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117790"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117791"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117792"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117794"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117795"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117796"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117798"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117799"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117801"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117802"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117803"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117804"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117805"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117806"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117807"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117808"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117815"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117816"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117817"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117818"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117819"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117820"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117821"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117822"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117953"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118102"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118136"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118137"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118140"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118152"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118215"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118316"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118319"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118428"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118484"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118505"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118752"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118760"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118761"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118762"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118766"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118767"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118768"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118769"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118771"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118772"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118773"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118774"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118775"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118798"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118809"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118962"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1119017"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1119086"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1119212"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1119322"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1119410"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1119714"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1119749"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1119804"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1119946"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1119962"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1119968"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120036"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120046"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120053"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120054"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120055"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120058"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120088"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120092"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120094"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120096"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120097"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120173"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120214"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120223"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120228"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120230"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120232"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120234"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120235"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120238"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120594"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120598"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120600"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120601"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120602"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120603"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120604"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120606"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120612"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120613"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120614"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120615"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120616"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120617"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120618"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120620"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120621"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120632"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120633"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120743"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120954"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1121017"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1121058"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1121263"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1121273"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1121477"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1121483"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1121599"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1121621"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1121714"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1121715"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1121973"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-12232/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-14625/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-16862/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-16884/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-18281/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-18397/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-18710/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-19407/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-19824/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-19854/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-19985/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-20169/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-9568/"
  );
  # https://www.suse.com/support/update/announcement/2019/suse-su-20190224-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?967f2743"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 15:zypper in -t patch
SUSE-SLE-Product-WE-15-2019-224=1

SUSE Linux Enterprise Module for Open Buildservice Development Tools
15:zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-2019-224=1

SUSE Linux Enterprise Module for Live Patching 15:zypper in -t patch
SUSE-SLE-Module-Live-Patching-15-2019-224=1

SUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch
SUSE-SLE-Module-Legacy-15-2019-224=1

SUSE Linux Enterprise Module for Development Tools 15:zypper in -t
patch SUSE-SLE-Module-Development-Tools-15-2019-224=1

SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-2019-224=1

SUSE Linux Enterprise High Availability 15:zypper in -t patch
SUSE-SLE-Product-HA-15-2019-224=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-9568");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-qa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/02/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-default-man-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-base-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-base-debuginfo-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-qa-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kselftests-kmp-default-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kselftests-kmp-default-debuginfo-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"reiserfs-kmp-default-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"reiserfs-kmp-default-debuginfo-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-build-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-build-debugsource-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-syms-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-base-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-base-debuginfo-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-debuginfo-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-debugsource-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-base-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-devel-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-devel-debuginfo-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-default-man-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-base-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-base-debuginfo-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debugsource-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-qa-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kselftests-kmp-default-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kselftests-kmp-default-debuginfo-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-build-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-build-debugsource-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-syms-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-base-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-base-debuginfo-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-debuginfo-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-debugsource-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-base-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debugsource-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-devel-4.12.14-25.28.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-devel-debuginfo-4.12.14-25.28.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190129_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) - kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397) Bug Fix(es) : See the descriptions in the related Knowledge Article :
    last seen2020-03-18
    modified2019-01-30
    plugin id121456
    published2019-01-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121456
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20190129)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(121456);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");

  script_cve_id("CVE-2018-18397", "CVE-2018-18559");

  script_name(english:"Scientific Linux Security Update : kernel on SL7.x x86_64 (20190129)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Security Fix(es) :

  - kernel: Use-after-free due to race condition in
    AF_PACKET implementation (CVE-2018-18559)

  - kernel: userfaultfd bypasses tmpfs file permissions
    (CVE-2018-18397)

Bug Fix(es) :

See the descriptions in the related Knowledge Article :"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1901&L=SCIENTIFIC-LINUX-ERRATA&P=9416
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?39692c42"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bpftool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/01/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/30");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bpftool-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", reference:"kernel-abi-whitelists-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", reference:"kernel-doc-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-3.10.0-957.5.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-957.5.1.el7")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc");
}
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3901-1.NASL
    descriptionJann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. (CVE-2018-18397) It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-19854) Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. (CVE-2019-6133). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122646
    published2019-03-06
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122646
    titleUbuntu 18.04 LTS : linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2 vulnerabilities (USN-3901-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0163.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : These updated kernel packages include also numerous bug fixes and enhancements. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/ articles/3827321
    last seen2020-06-01
    modified2020-06-02
    plugin id121449
    published2019-01-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121449
    titleRHEL 7 : kernel (RHSA-2019:0163)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0196-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319). CVE-2018-12232: In net/socket.c in the there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat
    last seen2020-03-18
    modified2019-01-30
    plugin id121466
    published2019-01-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121466
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0196-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3901-2.NASL
    descriptionUSN-3901-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. (CVE-2018-18397) It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-19854) Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. (CVE-2019-6133). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122647
    published2019-03-06
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122647
    titleUbuntu 14.04 LTS / 16.04 LTS : linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities (USN-3901-2)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0163.NASL
    descriptionFrom Red Hat Security Advisory 2019:0163 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : These updated kernel packages include also numerous bug fixes and enhancements. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/ articles/3827321
    last seen2020-06-01
    modified2020-06-02
    plugin id121496
    published2019-01-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121496
    titleOracle Linux 7 : kernel (ELSA-2019-0163)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4528.NASL
    descriptionDescription of changes: [4.1.12-124.24.5.el7uek] - rds: congestion updates can be missed when kernel low on memory (Mukesh Kacker) [Orabug: 28425811] - net/rds: ib: Fix endless RNR Retries caused by memory allocation failures (Venkat Venkatsubra) [Orabug: 28127993] - net: rds: fix excess initialization of the recv SGEs (Zhu Yanjun) [Orabug: 29004503] - xhci: fix usb2 resume timing and races. (Mathias Nyman) [Orabug: 29028940] - xhci: Fix a race in usb2 LPM resume, blocking U3 for usb2 devices (Mathias Nyman) [Orabug: 29028940] - userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [Orabug: 29163750] {CVE-2018-18397} - userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [Orabug: 29163750] {CVE-2018-18397} - x86/apic/x2apic: set affinity of a single interrupt to one cpu (Jianchao Wang) [Orabug: 29196396] - xen/blkback: rework validate_io_op() (Dongli Zhang) [Orabug: 29199843] - xen/blkback: optimize validate_io_op() to filter BLKIF_OP_RESERVED_1 operation (Dongli Zhang) [Orabug: 29199843] - xen/blkback: do not BUG() for invalid blkif_request from frontend (Dongli Zhang) [Orabug: 29199843] - net/rds: WARNING: at net/rds/recv.c:222 rds_recv_hs_exthdrs+0xf8/0x1e0 (Venkat Venkatsubra) [Orabug: 29201779] - xen-netback: wake up xenvif_dealloc_kthread when it should stop (Dongli Zhang) [Orabug: 29217927] - Revert
    last seen2020-03-18
    modified2019-02-04
    plugin id121566
    published2019-02-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121566
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4528)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0324.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * The timeout handling in the libfc.ko kernel module did not work correctly. This was happening during certain steps of the Fibre Channel login procedure, when the timeout handling was not synchronized with the state of a partially offloaded Fibre Channel over Ethernet (FCoE) in the lower-level driver. Consequently, the offloaded FCoE state was incorrect, which led to I/O timeout errors until the SCSI error recovery issued a host reset. This update fixes the bug by improving the libfc.ko error handling during the fabric login. As a result, the fabric login errors are addressed in time, without the I/O timeouts in the described scenario. (BZ#1655042) * Symmetric Multi-Processing (SMP) or Non-Uniform Memory Access (NUMA) systems in some cases experienced deadlocks during a task migration and task wakeup operations. Consequently, the systems terminated unexpectedly with the following message : NMI watchdog: Watchdog detected hard LOCKUP on This update fixes the bug by queueing the stopper thread to run after locks are released. As a result, the deadlocks and the system crashes no longer occur in the described scenario. (BZ#1667326) Users of kernel are advised to upgrade to these updated packages, which fix these bugs.
    last seen2020-06-01
    modified2020-06-02
    plugin id122142
    published2019-02-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122142
    titleRHEL 7 : kernel (RHSA-2019:0324)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1531.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call.(CVE-2013-4343i1/4%0 - It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks.(CVE-2016-7042i1/4%0 - A flaw was found in the Linux kernel that fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode. This allows local users to cause a denial of service by modifying a certain e_cpos field.(CVE-2017-18224i1/4%0 - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-9075i1/4%0 - In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel, up to and including 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412i1/4%0 - A race condition flaw was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-05-14
    plugin id124984
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124984
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1531)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2019-0002.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - rds: congestion updates can be missed when kernel low on memory (Mukesh Kacker) [Orabug: 28425811] - net/rds: ib: Fix endless RNR Retries caused by memory allocation failures (Venkat Venkatsubra) [Orabug: 28127993] - net: rds: fix excess initialization of the recv SGEs (Zhu Yanjun) [Orabug: 29004503] - xhci: fix usb2 resume timing and races. (Mathias Nyman) [Orabug: 29028940] - xhci: Fix a race in usb2 LPM resume, blocking U3 for usb2 devices (Mathias Nyman) [Orabug: 29028940] - userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [Orabug: 29163750] (CVE-2018-18397) - userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [Orabug: 29163750] (CVE-2018-18397) - x86/apic/x2apic: set affinity of a single interrupt to one cpu (Jianchao Wang) [Orabug: 29196396] - xen/blkback: rework validate_io_op (Dongli Zhang) [Orabug: 29199843] - xen/blkback: optimize validate_io_op to filter BLKIF_OP_RESERVED_1 operation (Dongli Zhang) [Orabug: 29199843] - xen/blkback: do not BUG for invalid blkif_request from frontend (Dongli Zhang) [Orabug: 29199843] - net/rds: WARNING: at net/rds/recv.c:222 rds_recv_hs_exthdrs+0xf8/0x1e0 (Venkat Venkatsubra) [Orabug: 29201779] - xen-netback: wake up xenvif_dealloc_kthread when it should stop (Dongli Zhang) [Orabug: 29217927] - Revert
    last seen2020-03-18
    modified2019-02-06
    plugin id121605
    published2019-02-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121605
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0002)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0222-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic was uninitialized (bnc#1116841). CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946). CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714). CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1118319). CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186). CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615). CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743). CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat
    last seen2020-03-18
    modified2019-02-04
    plugin id121569
    published2019-02-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121569
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:0222-1) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0202.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * When applying two instances of the kprobe debugging mechanism to the same function, one of the kprobes in some cases failed, depending on the kernel address space layout. Consequently, a kprobe registration error occurred. This update fixes the bug in the kprobes registration code to properly detect and handle ftrace-based kprobes. As a result, both kprobes now apply successfully in the described scenario. (BZ#1647815) * Under heavy mad packet load, the SELinux checks in the mad packet queries for InfiniBand (IB) fabrics significantly increased the mad packet execution time. Consequently, if a single machine was executing a large perfquery to the IB switches of a High Performance (HPC) fabric, mad_rpc timeouts occurred, and the query failed even with SELinux disabled. This update eliminates the SELinux checks when SELinux is disabled. As a result, the mad packet queries through perfquery now have their original run times when SELinux is disabled. (BZ#1648810) * Previously, a file-system shutdown process caused by an I/O error could race against a running fstrim process to acquire a xfs buffer lock. Consequently, the file-system shutdown process never completed due to a deadlock and the file-system became unresponsive, unable to be unmounted. This update fixes the lock ordering so that the deadlock no longer occurs and the file-system shutdown process now completes in the described scenario. (BZ#1657142)
    last seen2020-06-01
    modified2020-06-02
    plugin id121453
    published2019-01-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121453
    titleRHEL 7 : kernel (RHSA-2019:0202)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1076.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial of service.(CVE-2018-14641) - A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system.(CVE-2018-5391) - The resv_map_release function in mm/hugetlb.c in the Linux kernel, through 4.15.7, allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. (CVE-2018-7740) - A use-after-free vulnerability was found in the way the Linux kernel
    last seen2020-05-06
    modified2019-03-08
    plugin id122699
    published2019-03-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122699
    titleEulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1076)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3903-1.NASL
    descriptionJason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service (host system crash) or possibly execute arbitrary code in the host kernel. (CVE-2018-16880) Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. (CVE-2018-18397) Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. (CVE-2019-6133). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122668
    published2019-03-07
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122668
    titleUbuntu 18.10 : linux, linux-azure, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3903-1)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2019-006.NASL
    descriptionAccording to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - A flaw was found in the implementation of userfaultfd. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behaviour. At this time there is an understanding there is no crash or priviledge escalation but the impact of modifications on these filesystems of files in production systems may have adverse affects. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133451
    published2020-02-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133451
    titleVirtuozzo 7 : readykernel-patch (VZA-2019-006)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0074_KERNEL-RT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression. (CVE-2015-8830) - A weakness was found in the Linux ASLR implementation. Any user able to running 32-bit applications in a x86 machine can disable ASLR by setting the RLIMIT_STACK resource to unlimited. (CVE-2016-3672) - The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2016-7913) - Use-after-free vulnerability in the snd_pcm_info() function in the ALSA subsystem in the Linux kernel allows attackers to induce a kernel memory corruption and possibly crash or lock up a system. Due to the nature of the flaw, a privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-0861) - A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (>1024) index value. (CVE-2017-1000252) - Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in DoS. (CVE-2017-1000407) - A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space. (CVE-2017-1000410) - A race condition was found in the Linux kernel before version 4.11-rc1 in
    last seen2020-06-01
    modified2020-06-02
    plugin id127281
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127281
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0074)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/150748/GS20181212044456.txt
idPACKETSTORM:150748
last seen2018-12-12
published2018-12-12
reporterJann Horn
sourcehttps://packetstormsecurity.com/files/150748/Linux-userfaultfd-tmpfs-File-Permission-Bypass.html
titleLinux userfaultfd tmpfs File Permission Bypass

Redhat

advisories
  • rhsa
    idRHBA-2019:0327
  • rhsa
    idRHSA-2019:0163
  • rhsa
    idRHSA-2019:0202
  • rhsa
    idRHSA-2019:0324
  • rhsa
    idRHSA-2019:0831
rpms
  • bpftool-0:3.10.0-957.5.1.el7
  • kernel-0:3.10.0-957.5.1.el7
  • kernel-abi-whitelists-0:3.10.0-957.5.1.el7
  • kernel-bootwrapper-0:3.10.0-957.5.1.el7
  • kernel-debug-0:3.10.0-957.5.1.el7
  • kernel-debug-debuginfo-0:3.10.0-957.5.1.el7
  • kernel-debug-devel-0:3.10.0-957.5.1.el7
  • kernel-debuginfo-0:3.10.0-957.5.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-957.5.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-957.5.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-957.5.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-957.5.1.el7
  • kernel-devel-0:3.10.0-957.5.1.el7
  • kernel-doc-0:3.10.0-957.5.1.el7
  • kernel-headers-0:3.10.0-957.5.1.el7
  • kernel-kdump-0:3.10.0-957.5.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-957.5.1.el7
  • kernel-kdump-devel-0:3.10.0-957.5.1.el7
  • kernel-tools-0:3.10.0-957.5.1.el7
  • kernel-tools-debuginfo-0:3.10.0-957.5.1.el7
  • kernel-tools-libs-0:3.10.0-957.5.1.el7
  • kernel-tools-libs-devel-0:3.10.0-957.5.1.el7
  • perf-0:3.10.0-957.5.1.el7
  • perf-debuginfo-0:3.10.0-957.5.1.el7
  • python-perf-0:3.10.0-957.5.1.el7
  • python-perf-debuginfo-0:3.10.0-957.5.1.el7
  • kernel-0:3.10.0-862.27.1.el7
  • kernel-abi-whitelists-0:3.10.0-862.27.1.el7
  • kernel-bootwrapper-0:3.10.0-862.27.1.el7
  • kernel-debug-0:3.10.0-862.27.1.el7
  • kernel-debug-debuginfo-0:3.10.0-862.27.1.el7
  • kernel-debug-devel-0:3.10.0-862.27.1.el7
  • kernel-debuginfo-0:3.10.0-862.27.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-862.27.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-862.27.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-862.27.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-862.27.1.el7
  • kernel-devel-0:3.10.0-862.27.1.el7
  • kernel-doc-0:3.10.0-862.27.1.el7
  • kernel-headers-0:3.10.0-862.27.1.el7
  • kernel-kdump-0:3.10.0-862.27.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-862.27.1.el7
  • kernel-kdump-devel-0:3.10.0-862.27.1.el7
  • kernel-tools-0:3.10.0-862.27.1.el7
  • kernel-tools-debuginfo-0:3.10.0-862.27.1.el7
  • kernel-tools-libs-0:3.10.0-862.27.1.el7
  • kernel-tools-libs-devel-0:3.10.0-862.27.1.el7
  • perf-0:3.10.0-862.27.1.el7
  • perf-debuginfo-0:3.10.0-862.27.1.el7
  • python-perf-0:3.10.0-862.27.1.el7
  • python-perf-debuginfo-0:3.10.0-862.27.1.el7
  • kernel-0:3.10.0-693.44.1.el7
  • kernel-abi-whitelists-0:3.10.0-693.44.1.el7
  • kernel-bootwrapper-0:3.10.0-693.44.1.el7
  • kernel-debug-0:3.10.0-693.44.1.el7
  • kernel-debug-debuginfo-0:3.10.0-693.44.1.el7
  • kernel-debug-devel-0:3.10.0-693.44.1.el7
  • kernel-debuginfo-0:3.10.0-693.44.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-693.44.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-693.44.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-693.44.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-693.44.1.el7
  • kernel-devel-0:3.10.0-693.44.1.el7
  • kernel-doc-0:3.10.0-693.44.1.el7
  • kernel-headers-0:3.10.0-693.44.1.el7
  • kernel-kdump-0:3.10.0-693.44.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-693.44.1.el7
  • kernel-kdump-devel-0:3.10.0-693.44.1.el7
  • kernel-tools-0:3.10.0-693.44.1.el7
  • kernel-tools-debuginfo-0:3.10.0-693.44.1.el7
  • kernel-tools-libs-0:3.10.0-693.44.1.el7
  • kernel-tools-libs-devel-0:3.10.0-693.44.1.el7
  • perf-0:3.10.0-693.44.1.el7
  • perf-debuginfo-0:3.10.0-693.44.1.el7
  • python-perf-0:3.10.0-693.44.1.el7
  • python-perf-debuginfo-0:3.10.0-693.44.1.el7
  • kernel-0:4.14.0-115.7.1.el7a
  • kernel-abi-whitelists-0:4.14.0-115.7.1.el7a
  • kernel-bootwrapper-0:4.14.0-115.7.1.el7a
  • kernel-debug-0:4.14.0-115.7.1.el7a
  • kernel-debug-debuginfo-0:4.14.0-115.7.1.el7a
  • kernel-debug-devel-0:4.14.0-115.7.1.el7a
  • kernel-debuginfo-0:4.14.0-115.7.1.el7a
  • kernel-debuginfo-common-aarch64-0:4.14.0-115.7.1.el7a
  • kernel-debuginfo-common-ppc64le-0:4.14.0-115.7.1.el7a
  • kernel-debuginfo-common-s390x-0:4.14.0-115.7.1.el7a
  • kernel-devel-0:4.14.0-115.7.1.el7a
  • kernel-doc-0:4.14.0-115.7.1.el7a
  • kernel-headers-0:4.14.0-115.7.1.el7a
  • kernel-kdump-0:4.14.0-115.7.1.el7a
  • kernel-kdump-debuginfo-0:4.14.0-115.7.1.el7a
  • kernel-kdump-devel-0:4.14.0-115.7.1.el7a
  • kernel-tools-0:4.14.0-115.7.1.el7a
  • kernel-tools-debuginfo-0:4.14.0-115.7.1.el7a
  • kernel-tools-libs-0:4.14.0-115.7.1.el7a
  • kernel-tools-libs-devel-0:4.14.0-115.7.1.el7a
  • perf-0:4.14.0-115.7.1.el7a
  • perf-debuginfo-0:4.14.0-115.7.1.el7a
  • python-perf-0:4.14.0-115.7.1.el7a
  • python-perf-debuginfo-0:4.14.0-115.7.1.el7a

References