Vulnerabilities > CVE-2018-18445 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linux
canonical
redhat
CWE-125
nessus

Summary

In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.

Vulnerable Configurations

Part Description Count
OS
Linux
170
OS
Canonical
4
OS
Redhat
7

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3835-1.NASL
    descriptionJann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281) It was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445) Daniel Dadap discovered that the module loading implementation in the Linux kernel did not properly enforce signed module loading when booted with UEFI Secure Boot in some situations. A local privileged attacker could use this to execute untrusted code in the kernel. (CVE-2018-18653) Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. (CVE-2018-18955) Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information (protected file names). (CVE-2018-6559). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119338
    published2018-12-04
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119338
    titleUbuntu 18.10 : linux, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3835-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3835-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119338);
      script_version("1.5");
      script_cvs_date("Date: 2019/09/18 12:31:49");
    
      script_cve_id("CVE-2018-17972", "CVE-2018-18281", "CVE-2018-18445", "CVE-2018-18653", "CVE-2018-18955", "CVE-2018-6559");
      script_xref(name:"USN", value:"3835-1");
    
      script_name(english:"Ubuntu 18.10 : linux, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3835-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Jann Horn discovered that the procfs file system implementation in the
    Linux kernel did not properly restrict the ability to inspect the
    kernel stack of an arbitrary task. A local attacker could use this to
    expose sensitive information. (CVE-2018-17972)
    
    Jann Horn discovered that the mremap() system call in the Linux kernel
    did not properly flush the TLB when completing, potentially leaving
    access to a physical page after it has been released to the page
    allocator. A local attacker could use this to cause a denial of
    service (system crash), expose sensitive information, or possibly
    execute arbitrary code. (CVE-2018-18281)
    
    It was discovered that the BPF verifier in the Linux kernel did not
    correctly compute numeric bounds in some situations. A local attacker
    could use this to cause a denial of service (system crash) or possibly
    execute arbitrary code. (CVE-2018-18445)
    
    Daniel Dadap discovered that the module loading implementation in the
    Linux kernel did not properly enforce signed module loading when
    booted with UEFI Secure Boot in some situations. A local privileged
    attacker could use this to execute untrusted code in the kernel.
    (CVE-2018-18653)
    
    Jann Horn discovered that the Linux kernel mishandles mapping UID or
    GID ranges inside nested user namespaces in some situations. A local
    attacker could use this to bypass access controls on resources outside
    the namespace. (CVE-2018-18955)
    
    Philipp Wendler discovered that the overlayfs implementation in the
    Linux kernel did not properly verify the directory contents
    permissions from within a unprivileged user namespace. A local
    attacker could use this to expose sensitive information (protected
    file names). (CVE-2018-6559).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3835-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Nested User Namespace idmap Limit Local Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-snapdragon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(18\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-17972", "CVE-2018-18281", "CVE-2018-18445", "CVE-2018-18653", "CVE-2018-18955", "CVE-2018-6559");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3835-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"18.10", pkgname:"linux-image-4.18.0-1004-gcp", pkgver:"4.18.0-1004.5")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"linux-image-4.18.0-1005-kvm", pkgver:"4.18.0-1005.5")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"linux-image-4.18.0-1007-raspi2", pkgver:"4.18.0-1007.9")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"linux-image-4.18.0-12-generic", pkgver:"4.18.0-12.13")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"linux-image-4.18.0-12-generic-lpae", pkgver:"4.18.0-12.13")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"linux-image-4.18.0-12-lowlatency", pkgver:"4.18.0-12.13")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"linux-image-4.18.0-12-snapdragon", pkgver:"4.18.0-12.13")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"linux-image-gcp", pkgver:"4.18.0.1004.4")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"linux-image-generic", pkgver:"4.18.0.12.13")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"linux-image-generic-lpae", pkgver:"4.18.0.12.13")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"linux-image-gke", pkgver:"4.18.0.1004.4")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"linux-image-kvm", pkgver:"4.18.0.1005.5")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"linux-image-lowlatency", pkgver:"4.18.0.12.13")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"linux-image-raspi2", pkgver:"4.18.0.1007.4")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"linux-image-snapdragon", pkgver:"4.18.0.12.13")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.18-gcp / linux-image-4.18-generic / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3847-3.NASL
    descriptionUSN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902) It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896) Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734) It was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16276) It was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445) Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690) It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-27
    modified2018-12-21
    plugin id119829
    published2018-12-21
    reporterUbuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119829
    titleUbuntu 14.04 LTS : linux-azure vulnerabilities (USN-3847-3)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3847-3. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119829);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/26");
    
      script_cve_id("CVE-2018-10902", "CVE-2018-12896", "CVE-2018-14734", "CVE-2018-16276", "CVE-2018-18445", "CVE-2018-18690", "CVE-2018-18710");
      script_xref(name:"USN", value:"3847-3");
    
      script_name(english:"Ubuntu 14.04 LTS : linux-azure vulnerabilities (USN-3847-3)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
    LTS. This update provides the corresponding updates for the Linux
    kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS.
    
    It was discovered that a race condition existed in the raw MIDI driver
    for the Linux kernel, leading to a double free vulnerability. A local
    attacker could use this to cause a denial of service (system crash) or
    possibly execute arbitrary code. (CVE-2018-10902)
    
    It was discovered that an integer overrun vulnerability existed in the
    POSIX timers implementation in the Linux kernel. A local attacker
    could use this to cause a denial of service. (CVE-2018-12896)
    
    Noam Rathaus discovered that a use-after-free vulnerability existed in
    the Infiniband implementation in the Linux kernel. An attacker could
    use this to cause a denial of service (system crash). (CVE-2018-14734)
    
    It was discovered that the YUREX USB device driver for the Linux
    kernel did not properly restrict user space reads or writes. A
    physically proximate attacker could use this to cause a denial of
    service (system crash) or possibly execute arbitrary code.
    (CVE-2018-16276)
    
    It was discovered that the BPF verifier in the Linux kernel did not
    correctly compute numeric bounds in some situations. A local attacker
    could use this to cause a denial of service (system crash) or possibly
    execute arbitrary code. (CVE-2018-18445)
    
    Kanda Motohiro discovered that writing extended attributes to an XFS
    file system in the Linux kernel in certain situations could cause an
    error condition to occur. A local attacker could use this to cause a
    denial of service. (CVE-2018-18690)
    
    It was discovered that an integer overflow vulnerability existed in
    the CDROM driver of the Linux kernel. A local attacker could use this
    to expose sensitive information (kernel memory). (CVE-2018-18710).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3847-3/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-4.15-azure and / or linux-image-azure
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-10902", "CVE-2018-12896", "CVE-2018-14734", "CVE-2018-16276", "CVE-2018-18445", "CVE-2018-18690", "CVE-2018-18710");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3847-3");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.15.0-1036-azure", pkgver:"4.15.0-1036.38~14.04.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-azure", pkgver:"4.15.0.1036.23")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.15-azure / linux-image-azure");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0512.NASL
    descriptionFrom Red Hat Security Advisory 2019:0512 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) * kernel: Faulty computation of numberic bounds in the BPF verifier (CVE-2018-18445) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) and Enhancement(s) : * kernel fuse invalidates cached attributes during reads (BZ#1657921) * [NetApp-FC-NVMe] RHEL7.6: nvme reset gets hung indefinitely (BZ#1659937) * Memory reclaim deadlock calling __sock_create() after memalloc_noio_save() (BZ#1660392) * hardened usercopy is causing crash (BZ#1660815) * Backport: xfrm: policy: init locks early (BZ#1660887) * AWS m5 instance type loses NVMe mounted volumes [was: Unable to Mount StatefulSet PV in AWS EBS] (BZ#1661947) * RHEL 7.6 running on a VirtualBox guest with a GUI has a mouse problem (BZ# 1662848) * Kernel bug report in cgroups on heavily contested 3.10 node (BZ#1663114) * [PCIe] SHPC probe crash on Non-ACPI/Non-SHPC ports (BZ#1663241) * [Cavium 7.7 Feat] qla2xxx: Update to latest upstream. (BZ#1663508) * Regression in lpfc and the CNE1000 (BE2 FCoE) adapters that no longer initialize (BZ#1664067) * [csiostor] call trace after command: modprobe csiostor (BZ#1665370) * libceph: fall back to sendmsg for slab pages (BZ#1665814) * Deadlock between stop_one_cpu_nowait() and stop_two_cpus() (BZ#1667328) * Soft lockups occur when the sd driver passes a device size of 1 sector to string_get_size() (BZ#1667989) * [RHEL7.7] BUG: unable to handle kernel paging request at ffffffffffffffff (BZ#1668208) * RHEL7.6 - powerpc/pseries: Disable CPU hotplug across migrations / powerpc/ rtas: Fix a potential race between CPU-Offline & Migration (LPM) (BZ# 1669044) * blk-mq: fix corruption with direct issue (BZ#1670511) * [RHEL7][patch] iscsi driver can block reboot/shutdown (BZ#1670680) * [DELL EMC 7.6 BUG] Unable to create-namespace over Dell NVDIMM-N (BZ# 1671743) * efi_bgrt_init fails to ioremap error during boot (BZ#1671745) * Unable to mount a share on kernel- 3.10.0-957.el7. The share can be mounted on kernel-3.10.0-862.14.4.el7 (BZ#1672448) * System crash with RIP nfs_readpage_async+0x43 -- BUG: unable to handle kernel NULL pointer dereference (BZ#1672510) Users of kernel are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.
    last seen2020-06-01
    modified2020-06-02
    plugin id122864
    published2019-03-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122864
    titleOracle Linux 7 : kernel (ELSA-2019-0512)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2019:0512 and 
    # Oracle Linux Security Advisory ELSA-2019-0512 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122864);
      script_version("1.7");
      script_cvs_date("Date: 2020/02/05");
    
      script_cve_id("CVE-2018-17972", "CVE-2018-18445", "CVE-2018-9568");
      script_xref(name:"RHSA", value:"2019:0512");
    
      script_name(english:"Oracle Linux 7 : kernel (ELSA-2019-0512)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2019:0512 :
    
    An update for kernel is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * kernel: Memory corruption due to incorrect socket cloning
    (CVE-2018-9568)
    
    * kernel: Unprivileged users able to inspect kernel stacks of
    arbitrary tasks (CVE-2018-17972)
    
    * kernel: Faulty computation of numberic bounds in the BPF verifier
    (CVE-2018-18445)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section.
    
    Bug Fix(es) and Enhancement(s) :
    
    * kernel fuse invalidates cached attributes during reads (BZ#1657921)
    
    * [NetApp-FC-NVMe] RHEL7.6: nvme reset gets hung indefinitely
    (BZ#1659937)
    
    * Memory reclaim deadlock calling __sock_create() after
    memalloc_noio_save() (BZ#1660392)
    
    * hardened usercopy is causing crash (BZ#1660815)
    
    * Backport: xfrm: policy: init locks early (BZ#1660887)
    
    * AWS m5 instance type loses NVMe mounted volumes [was: Unable to
    Mount StatefulSet PV in AWS EBS] (BZ#1661947)
    
    * RHEL 7.6 running on a VirtualBox guest with a GUI has a mouse
    problem (BZ# 1662848)
    
    * Kernel bug report in cgroups on heavily contested 3.10 node
    (BZ#1663114)
    
    * [PCIe] SHPC probe crash on Non-ACPI/Non-SHPC ports (BZ#1663241)
    
    * [Cavium 7.7 Feat] qla2xxx: Update to latest upstream. (BZ#1663508)
    
    * Regression in lpfc and the CNE1000 (BE2 FCoE) adapters that no
    longer initialize (BZ#1664067)
    
    * [csiostor] call trace after command: modprobe csiostor (BZ#1665370)
    
    * libceph: fall back to sendmsg for slab pages (BZ#1665814)
    
    * Deadlock between stop_one_cpu_nowait() and stop_two_cpus()
    (BZ#1667328)
    
    * Soft lockups occur when the sd driver passes a device size of 1
    sector to string_get_size() (BZ#1667989)
    
    * [RHEL7.7] BUG: unable to handle kernel paging request at
    ffffffffffffffff (BZ#1668208)
    
    * RHEL7.6 - powerpc/pseries: Disable CPU hotplug across migrations /
    powerpc/ rtas: Fix a potential race between CPU-Offline & Migration
    (LPM) (BZ# 1669044)
    
    * blk-mq: fix corruption with direct issue (BZ#1670511)
    
    * [RHEL7][patch] iscsi driver can block reboot/shutdown (BZ#1670680)
    
    * [DELL EMC 7.6 BUG] Unable to create-namespace over Dell NVDIMM-N
    (BZ# 1671743)
    
    * efi_bgrt_init fails to ioremap error during boot (BZ#1671745)
    
    * Unable to mount a share on kernel- 3.10.0-957.el7. The share can be
    mounted on kernel-3.10.0-862.14.4.el7 (BZ#1672448)
    
    * System crash with RIP nfs_readpage_async+0x43 -- BUG: unable to
    handle kernel NULL pointer dereference (BZ#1672510)
    
    Users of kernel are advised to upgrade to these updated packages,
    which fix these bugs and add this enhancement."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2019-March/008553.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bpftool");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-17972", "CVE-2018-18445", "CVE-2018-9568");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2019-0512");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "3.10";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bpftool-3.10.0-957.10.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-3.10.0-957.10.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-abi-whitelists-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-957.10.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-debug-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-957.10.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-debug-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-957.10.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-957.10.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-doc-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-doc-3.10.0-957.10.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-headers-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-957.10.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-957.10.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-957.10.1.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-957.10.1.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"perf-3.10.0-957.10.1.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"python-perf-3.10.0-957.10.1.el7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3934-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). CVE-2017-18224: fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119286
    published2018-11-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119286
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:3934-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:3934-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119286);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/18");
    
      script_cve_id("CVE-2017-16533", "CVE-2017-18224", "CVE-2018-10940", "CVE-2018-16658", "CVE-2018-18386", "CVE-2018-18445", "CVE-2018-18710");
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3934-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to
    receive various security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in
    drivers/cdrom/cdrom.c could be used by local attackers to read kernel
    memory because a cast from unsigned long to int interferes with bounds
    checking. This is similar to CVE-2018-10940 and CVE-2018-16658
    (bnc#1113751).
    
    CVE-2018-18445: Faulty computation of numeric bounds in the BPF
    verifier permits out-of-bounds memory accesses because
    adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit
    right shifts (bnc#1112372).
    
    CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are
    able to access pseudo terminals) to hang/block further usage of any
    pseudo terminal devices due to an EXTPROC versus ICANON confusion in
    TIOCINQ (bnc#1094825).
    
    CVE-2017-18224: fs/ocfs2/aops.c omits use of a semaphore and
    consequently has a race condition for access to the extent tree during
    read operations in DIRECT mode, which allowed local users to cause a
    denial of service (BUG) by modifying a certain e_cpos field
    (bnc#1084831).
    
    CVE-2017-16533: The usbhid_parse function in
    drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of
    service (out-of-bounds read and system crash) or possibly have
    unspecified other impact via a crafted USB device (bnc#1066674).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055120"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061840"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066674"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1067906"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1076830"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1079524"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1084760"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1084831"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086196"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1091800"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1094825"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1095805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1100132"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1101138"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1103356"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1103543"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1103925"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104124"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104731"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105025"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105428"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105536"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106110"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106237"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106240"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106287"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106359"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108377"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108468"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108870"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109330"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109772"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109784"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109818"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109907"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109911"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109951"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110006"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111040"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111076"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111819"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111830"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111834"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111870"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111901"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111904"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111921"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111928"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111983"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112170"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112173"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112208"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112219"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112221"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112246"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112372"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112514"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112554"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112708"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112710"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112711"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112712"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112713"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112731"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112732"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112733"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112734"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112735"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112736"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112738"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112740"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112741"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112743"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112745"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112746"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112878"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112894"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112899"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112905"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112906"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112907"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113257"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113284"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113295"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113408"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113667"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113751"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113780"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113972"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16533/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18224/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-18386/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-18445/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-18710/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20183934-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c2ceadc2"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
    SUSE-SLE-SERVER-12-SP4-2018-2803=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms-azure");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-4.12.14-6.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-base-4.12.14-6.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-base-debuginfo-4.12.14-6.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-debuginfo-4.12.14-6.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-debugsource-4.12.14-6.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-devel-4.12.14-6.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-syms-azure-4.12.14-6.3.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-893.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier permitted out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-18224: fs/ocfs2/aops.c omitted use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The following non-security bugs were fixed : - acpi / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - aio: fix io_destroy(2) vs. lookup_ioctx() race (git-fixes). - alsa: hda: Add 2 more models to the power_save blacklist (bsc#1051510). - alsa: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510). - alsa: hda - Add quirk for ASUS G751 laptop (bsc#1051510). - alsa: hda - Fix headphone pin config for ASUS G751 (bsc#1051510). - alsa: hda: fix unused variable warning (bsc#1051510). - alsa: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510). - alsa: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510). - apparmor: Check buffer bounds when mapping permissions mask (git-fixes). - ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers (bsc#1111819). - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: bvec_nr_vecs() returns value for wrong slab (bsc#1111834). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - btrfs: fix file data corruption after cloning a range and fsync (bsc#1111901). - btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - btrfs: fix mount failure after fsync due to hard link recreation (bsc#1103543). - btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - btrfs: send, fix invalid access to commit roots due to concurrent snapshotting (bsc#1111904). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - clk: x86: add
    last seen2020-06-01
    modified2020-06-02
    plugin id123366
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123366
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-893)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-893.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123366);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/27");
    
      script_cve_id("CVE-2017-16533", "CVE-2017-18224", "CVE-2018-10940", "CVE-2018-16658", "CVE-2018-18386", "CVE-2018-18445", "CVE-2018-18710");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2019-893)");
      script_summary(english:"Check for the openSUSE-2019-893 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE Leap 15.0 kernel was updated to receive various security
    and bugfixes.
    
    The following security bugs were fixed :
    
      - CVE-2018-18710: An information leak in
        cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could
        be used by local attackers to read kernel memory because
        a cast from unsigned long to int interferes with bounds
        checking. This is similar to CVE-2018-10940 and
        CVE-2018-16658 (bnc#1113751).
    
      - CVE-2018-18445: Faulty computation of numeric bounds in
        the BPF verifier permitted out-of-bounds memory accesses
        because adjust_scalar_min_max_vals in
        kernel/bpf/verifier.c mishandled 32-bit right shifts
        (bnc#1112372).
    
      - CVE-2018-18386: drivers/tty/n_tty.c allowed local
        attackers (who are able to access pseudo terminals) to
        hang/block further usage of any pseudo terminal devices
        due to an EXTPROC versus ICANON confusion in TIOCINQ
        (bnc#1094825).
    
      - CVE-2017-18224: fs/ocfs2/aops.c omitted use of a
        semaphore and consequently has a race condition for
        access to the extent tree during read operations in
        DIRECT mode, which allowed local users to cause a denial
        of service (BUG) by modifying a certain e_cpos field
        (bnc#1084831).
    
      - CVE-2017-16533: The usbhid_parse function in
        drivers/hid/usbhid/hid-core.c allowed local users to
        cause a denial of service (out-of-bounds read and system
        crash) or possibly have unspecified other impact via a
        crafted USB device (bnc#1066674).
    
    The following non-security bugs were fixed :
    
      - acpi / processor: Fix the return value of
        acpi_processor_ids_walk() (bsc#1051510).
    
      - aio: fix io_destroy(2) vs. lookup_ioctx() race
        (git-fixes).
    
      - alsa: hda: Add 2 more models to the power_save blacklist
        (bsc#1051510).
    
      - alsa: hda - Add mic quirk for the Lenovo G50-30
        (17aa:3905) (bsc#1051510).
    
      - alsa: hda - Add quirk for ASUS G751 laptop
        (bsc#1051510).
    
      - alsa: hda - Fix headphone pin config for ASUS G751
        (bsc#1051510).
    
      - alsa: hda: fix unused variable warning (bsc#1051510).
    
      - alsa: hda/realtek - Fix the problem of the front MIC on
        the Lenovo M715 (bsc#1051510).
    
      - alsa: usb-audio: update quirk for B&W PX to remove
        microphone (bsc#1051510).
    
      - apparmor: Check buffer bounds when mapping permissions
        mask (git-fixes).
    
      - ASoC: intel: skylake: Add missing break in
        skl_tplg_get_token() (bsc#1051510).
    
      - ASoC: Intel: Skylake: Reset the controller in probe
        (bsc#1051510).
    
      - ASoC: rsnd: adg: care clock-frequency size
        (bsc#1051510).
    
      - ASoC: rsnd: do not fallback to PIO mode when
        -EPROBE_DEFER (bsc#1051510).
    
      - ASoC: rt5514: Fix the issue of the delay volume applied
        again (bsc#1051510).
    
      - ASoC: sigmadsp: safeload should not have lower byte
        limit (bsc#1051510).
    
      - ASoC: wm8804: Add ACPI support (bsc#1051510).
    
      - ath10k: fix kernel panic issue during pci probe
        (bsc#1051510).
    
      - ath10k: fix scan crash due to incorrect length
        calculation (bsc#1051510).
    
      - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait
        (bsc#1051510).
    
      - batman-adv: Avoid probe ELP information leak
        (bsc#1051510).
    
      - batman-adv: fix backbone_gw refcount on queue_work()
        failure (bsc#1051510).
    
      - batman-adv: fix hardif_neigh refcount on queue_work()
        failure (bsc#1051510).
    
      - bdi: Fix another oops in wb_workfn() (bsc#1112746).
    
      - bdi: Preserve kabi when adding cgwb_release_mutex
        (bsc#1112746).
    
      - blkdev_report_zones_ioctl(): Use vmalloc() to allocate
        large buffers (bsc#1111819).
    
      - blk-mq: I/O and timer unplugs are inverted in blktrace
        (bsc#1112713).
    
      - block, bfq: fix wrong init of saved start time for
        weight raising (bsc#1112708).
    
      - block: bfq: swap puts in bfqg_and_blkg_put
        (bsc#1112712).
    
      - block: bvec_nr_vecs() returns value for wrong slab
        (bsc#1111834).
    
      - bpf/verifier: disallow pointer subtraction
        (bsc#1083647).
    
      - btrfs: Enhance btrfs_trim_fs function to handle error
        better (Dependency for bsc#1113667).
    
      - btrfs: Ensure btrfs_trim_fs can trim the whole
        filesystem (bsc#1113667).
    
      - btrfs: fix file data corruption after cloning a range
        and fsync (bsc#1111901).
    
      - btrfs: fix missing error return in btrfs_drop_snapshot
        (Git-fixes bsc#1109919).
    
      - btrfs: fix mount failure after fsync due to hard link
        recreation (bsc#1103543).
    
      - btrfs: handle errors while updating refcounts in
        update_ref_for_cow (Git-fixes bsc#1109915).
    
      - btrfs: send, fix invalid access to commit roots due to
        concurrent snapshotting (bsc#1111904).
    
      - cdc-acm: fix race between reset and control messaging
        (bsc#1051510).
    
      - ceph: avoid a use-after-free in ceph_destroy_options()
        (bsc#1111983).
    
      - cifs: check for STATUS_USER_SESSION_DELETED
        (bsc#1112902).
    
      - cifs: fix memory leak in SMB2_open() (bsc#1112894).
    
      - cifs: Fix use after free of a mid_q_entry (bsc#1112903).
    
      - clk: x86: add 'ether_clk' alias for Bay Trail / Cherry
        Trail (bsc#1051510).
    
      - clk: x86: Stop marking clocks as CLK_IS_CRITICAL
        (bsc#1051510).
    
      - clocksource/drivers/ti-32k: Add
        CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs
        (bsc#1051510).
    
      - clocksource/drivers/timer-atmel-pit: Properly handle
        error cases (bsc#1051510).
    
      - coda: fix 'kernel memory exposure attempt' in fsync
        (bsc#1051510).
    
      - crypto: caam - fix implicit casts in endianness helpers
        (bsc#1051510).
    
      - crypto: chelsio - Fix memory corruption in DMA Mapped
        buffers (bsc#1051510).
    
      - crypto: lrw - Fix out-of bounds access on counter
        overflow (bsc#1051510).
    
      - crypto: tcrypt - fix ghash-generic speed test
        (bsc#1051510).
    
      - dax: Fix deadlock in dax_lock_mapping_entry()
        (bsc#1109951).
    
      - debugobjects: Make stack check warning more informative
        (bsc#1051510).
    
      - documentation/l1tf: Fix small spelling typo
        (bsc#1051510).
    
      - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7
        (bsc#1051510).
    
      - drm/amdgpu: Fix vce work queue was not cancelled when
        suspend (bsc#1106110)
    
      - drm/amdgpu/powerplay: fix missing break in switch
        statements (bsc#1113722)
    
      - drm/edid: VSDB yCBCr420 Deep Color mode bit definitions
        (bsc#1051510).
    
      - drm/hisilicon: hibmc: Do not carry error code in HiBMC
        framebuffer (bsc#1113722)
    
      - drm/hisilicon: hibmc: Do not overwrite fb helper surface
        depth (bsc#1113722)
    
      - drm/i915/audio: Hook up component bindings even if
        displays are (bsc#1113722)
    
      - drm/i915/dp: Link train Fallback on eDP only if fallback
        link BW can fit panel's native mode (bsc#1051510).
    
      - drm/i915/gen9+: Fix initial readout for Y tiled
        framebuffers (bsc#1113722)
    
      - drm/i915/glk: Add Quirk for GLK NUC HDMI port issues
        (bsc#1051510).
    
      - drm/i915: Restore vblank interrupts earlier
        (bsc#1051510).
    
      - drm: mali-dp: Call drm_crtc_vblank_reset on device init
        (bsc#1051510).
    
      - drm/mediatek: fix OF sibling-node lookup (bsc#1106110)
    
      - drm/msm: fix OF child-node lookup (bsc#1106110)
    
      - drm/nouveau: Do not disable polling in fallback mode
        (bsc#1103356).
    
      - drm/sti: do not remove the drm_bridge that was never
        added (bsc#1100132)
    
      - drm/sun4i: Fix an ulong overflow in the dotclock driver
        (bsc#1106110)
    
      - drm/virtio: fix bounds check in
        virtio_gpu_cmd_get_capset() (bsc#1113722)
    
      - e1000: check on netif_running() before calling
        e1000_up() (bsc#1051510).
    
      - e1000: ensure to free old tx/rx rings in set_ringparam()
        (bsc#1051510).
    
      - eeprom: at24: change nvmem stride to 1 (bsc#1051510).
    
      - eeprom: at24: check at24_read/write arguments
        (bsc#1051510).
    
      - eeprom: at24: correctly set the size for at24mac402
        (bsc#1051510).
    
      - enic: do not call enic_change_mtu in enic_probe
        (bsc#1051510).
    
      - enic: handle mtu change for vf properly (bsc#1051510).
    
      - enic: initialize enic->rfs_h.lock in enic_probe
        (bsc#1051510).
    
      - ethtool: fix a privilege escalation bug (bsc#1076830).
    
      - ext2, dax: set ext2_dax_aops for dax files
        (bsc#1112554).
    
      - ext4: avoid arithemetic overflow that can trigger a BUG
        (bsc#1112736).
    
      - ext4: avoid divide by zero fault when deleting corrupted
        inline directories (bsc#1112735).
    
      - ext4: check for NUL characters in extended attribute's
        name (bsc#1112732).
    
      - ext4: check to make sure the rename(2)'s destination is
        not freed (bsc#1112734).
    
      - ext4: do not mark mmp buffer head dirty (bsc#1112743).
    
      - ext4: fix online resize's handling of a too-small final
        block group (bsc#1112739).
    
      - ext4: fix online resizing for bigalloc file systems with
        a 1k block size (bsc#1112740).
    
      - ext4: fix spectre gadget in ext4_mb_regular_allocator()
        (bsc#1112733).
    
      - ext4: recalucate superblock checksum after updating free
        blocks/inodes (bsc#1112738).
    
      - ext4: reset error code in ext4_find_entry in fallback
        (bsc#1112731).
    
      - ext4: show test_dummy_encryption mount option in
        /proc/mounts (bsc#1112741).
    
      - fbdev/omapfb: fix omapfb_memory_read infoleak
        (bsc#1051510).
    
      - fs/quota: Fix spectre gadget in do_quotactl
        (bsc#1112745).
    
      - hfsplus: do not return 0 when fill_super() failed
        (bsc#1051510).
    
      - hfsplus: stop workqueue when fill_super() failed
        (bsc#1051510).
    
      - hfs: prevent crash on exit from failed search
        (bsc#1051510).
    
      - hid: hid-sensor-hub: Force logical minimum to 1 for
        power and report state (bsc#1051510).
    
      - hid: quirks: fix support for Apple Magic Keyboards
        (bsc#1051510).
    
      - hid: sensor-hub: Restore fixup for Lenovo ThinkPad Helix
        2 sensor hub report (bsc#1051510).
    
      - hv: avoid crash in vmbus sysfs files (bnc#1108377).
    
      - hv_netvsc: fix schedule in RCU context ().
    
      - hwrng: core - document the quality field (bsc#1051510).
    
      - hypfs_kill_super(): deal with failed allocations
        (bsc#1051510).
    
      - i2c: i2c-scmi: fix for i2c_smbus_write_block_data
        (bsc#1051510).
    
      - i2c: rcar: cleanup DMA for all kinds of failure
        (bsc#1051510).
    
      - iio: adc: at91: fix acking DRDY irq on simple
        conversions (bsc#1051510).
    
      - iio: adc: at91: fix wrong channel number in triggered
        buffer mode (bsc#1051510).
    
      - iio: adc: imx25-gcq: Fix leak of device_node in
        mx25_gcq_setup_cfgs() (bsc#1051510).
    
      - input: atakbd - fix Atari CapsLock behaviour
        (bsc#1051510).
    
      - input: atakbd - fix Atari keymap (bsc#1051510).
    
      - intel_th: pci: Add Ice Lake PCH support (bsc#1051510).
    
      - iommu/arm-smmu: Error out only if not enough context
        interrupts (bsc#1106237).
    
      - iommu/vt-d: Add definitions for PFSID (bsc#1106237).
    
      - iommu/vt-d: Fix dev iotlb pfsid use (bsc#1106237).
    
      - iommu/vt-d: Fix scatterlist offset handling
        (bsc#1106237).
    
      - iwlwifi: dbg: do not crash if the firmware crashes in
        the middle of a debug dump (bsc#1051510).
    
      - iwlwifi: mvm: Allow TKIP for AP mode (bsc#1051510).
    
      - iwlwifi: mvm: check for n_profiles validity in EWRD ACPI
        (bsc#1051510).
    
      - iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping
        the interface (bsc#1051510).
    
      - iwlwifi: mvm: open BA session only when sta is
        authorized (bsc#1051510).
    
      - iwlwifi: mvm: send BCAST management frames to the right
        station (bsc#1051510).
    
      - iwlwifi: pcie: gen2: build A-MSDU only for GSO
        (bsc#1051510).
    
      - iwlwifi: pcie gen2: check iwl_pcie_gen2_set_tb() return
        value (bsc#1051510).
    
      - jbd2: fix use after free in jbd2_log_do_checkpoint()
        (bsc#1113257).
    
      - kABI: Hide get_msr_feature() in kvm_x86_ops
        (bsc#1106240).
    
      - Kbuild: fix # escaping in .cmd files for future Make
        (git-fixes).
    
      - kernfs: update comment about kernfs_path() return value
        (bsc#1051510).
    
      - kprobes/x86: Fix %p uses in error messages
        (bsc#1110006).
    
      - ksm: fix unlocked iteration over vmas in
        cmp_and_merge_page() (VM Functionality bsc#1111806).
    
      - kvm: Make VM ioctl do valloc for some archs
        (bsc#1111506).
    
      - kvm: SVM: Add MSR-based feature support for serializing
        LFENCE (bsc#1106240).
    
      - kvm: VMX: support MSR_IA32_ARCH_CAPABILITIES as a
        feature MSR (bsc#1106240).
    
      - kvm: VMX: Tell the nested hypervisor to skip L1D flush
        on vmentry (bsc#1106240).
    
      - kvm: x86: Add a framework for supporting MSR-based
        features (bsc#1106240).
    
      - kvm: x86: define SVM/VMX specific
        kvm_arch_[alloc|free]_vm (bsc#1111506).
    
      - kvm: X86: Introduce kvm_get_msr_feature() (bsc#1106240).
    
      - kvm/x86: kABI fix for vm_alloc/vm_free changes
        (bsc#1111506).
    
      - kvm: x86: Set highest physical address bits in
        non-present/reserved SPTEs (bsc#1106240).
    
      - libertas: call into generic suspend code before turning
        off power (bsc#1051510).
    
      - libnvdimm, dimm: Maximize label transfer size
        (bsc#1111921, bsc#1113408, bsc#1113972).
    
      - libnvdimm, label: change nvdimm_num_label_slots per UEFI
        2.7 (bsc#1111921, bsc#1113408, bsc#1113972).
    
      - libnvdimm, label: Fix sparse warning (bsc#1111921,
        bsc#1113408, bsc#1113972).
    
      - lib/ubsan: add type mismatch handler for new GCC/Clang
        (bsc#1051510).
    
      - lib/ubsan.c: s/missaligned/misaligned/ (bsc#1051510).
    
      - loop: add recursion validation to LOOP_CHANGE_FD
        (bsc#1112711).
    
      - loop: do not call into filesystem while holding
        lo_ctl_mutex (bsc#1112710).
    
      - loop: fix LOOP_GET_STATUS lock imbalance (bsc#1113284).
    
      - mac80211: minstrel: fix using short preamble CCK rates
        on HT clients (bsc#1051510).
    
      - mach64: detect the dot clock divider correctly on sparc
        (bsc#1051510).
    
      - media: af9035: prevent buffer overflow on write
        (bsc#1051510).
    
      - media: cx231xx: fix potential sign-extension overflow on
        large shift (bsc#1051510).
    
      - media: dvb: fix compat ioctl translation (bsc#1051510).
    
      - media: em28xx: fix input name for Terratec AV 350
        (bsc#1051510).
    
      - media: em28xx: use a default format if TRY_FMT fails
        (bsc#1051510).
    
      - media: pci: cx23885: handle adding to list failure
        (bsc#1051510).
    
      - media: tvp5150: avoid going past array on
        v4l2_querymenu() (bsc#1051510).
    
      - media: tvp5150: fix switch exit in set control handler
        (bsc#1051510).
    
      - media: tvp5150: fix width alignment during
        set_selection() (bsc#1051510).
    
      - media: uvcvideo: Fix uvc_alloc_entity() allocation
        alignment (bsc#1051510).
    
      - media: v4l2-tpg: fix kernel oops when enabling HFLIP and
        OSD (bsc#1051510).
    
      - media: vsp1: Fix YCbCr planar formats pitch calculation
        (bsc#1051510).
    
      - mfd: arizona: Correct calling of runtime_put_sync
        (bsc#1051510).
    
      - mmc: block: avoid multiblock reads for the last sector
        in SPI mode (bsc#1051510).
    
      - mm: fix BUG_ON() in vmf_insert_pfn_pud() from
        VM_MIXEDMAP removal (bsc#1111841).
    
      - mm/migrate: Use spin_trylock() while resetting rate
        limit ().
    
      - mm: /proc/pid/pagemap: hide swap entries from
        unprivileged users (Git-fixes bsc#1109907).
    
      - move changes without Git-commit out of sorted section
    
      - nfc: nfcmrvl_uart: fix OF child-node lookup
        (bsc#1051510).
    
      - nfs: Avoid quadratic search when freeing delegations
        (bsc#1084760).
    
      - nvdimm: Clarify comment in sizeof_namespace_index
        (bsc#1111921, bsc#1113408, bsc#1113972).
    
      - nvdimm: Remove empty if statement (bsc#1111921,
        bsc#1113408, bsc#1113972).
    
      - nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408,
        bsc#1113972).
    
      - nvdimm: Split label init out from the logic for getting
        config data (bsc#1111921, bsc#1113408, bsc#1113972).
    
      - nvdimm: Use namespace index data to reduce number of
        label reads needed (bsc#1111921, bsc#1113408,
        bsc#1113972).
    
      - of: add helper to lookup compatible child node
        (bsc#1106110)
    
      - orangefs: fix deadlock; do not write i_size in read_iter
        (bsc#1051510).
    
      - orangefs: initialize op on loop restart in
        orangefs_devreq_read (bsc#1051510).
    
      - orangefs_kill_sb(): deal with allocation failures
        (bsc#1051510).
    
      - orangefs: use list_for_each_entry_safe in
        purge_waiting_ops (bsc#1051510).
    
      - ovl: fix format of setxattr debug (git-fixes).
    
      - ovl: Sync upper dirty data when syncing overlayfs
        (git-fixes).
    
      - pci/ASPM: Fix link_state teardown on device removal
        (bsc#1051510).
    
      - pci: hv: Do not wait forever on a device that has
        disappeared (bsc#1109806).
    
      - pci: Reprogram bridge prefetch registers on resume
        (bsc#1051510).
    
      - powerpc/mm/hugetlb: initialize the pagetable cache
        correctly for hugetlb (bsc#1091800).
    
      - powerpc/powernv/ioda2: Reduce upper limit for DMA window
        size (bsc#1055120).
    
      - powerpc/pseries: Fix build break for SPLPAR=n and CPU
        hotplug (bsc#1079524, git-fixes).
    
      - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906,
        git-fixes).
    
      - powerpc/pseries: Fix 'OF: ERROR: Bad of_node_put() on
        /cpus' during DLPAR (bsc#1113295).
    
      - powerpc: pseries: remove dlpar_attach_node dependency on
        full path (bsc#1113295).
    
      - powerpc/rtas: Fix a potential race between CPU-Offline &
        Migration (bsc#1111870).
    
      - printk: drop in_nmi check from
        printk_safe_flush_on_panic() (bsc#1112170).
    
      - printk/tracing: Do not trace printk_nmi_enter()
        (bsc#1112208).
    
      - proc: restrict kernel stack dumps to root (git-fixes).
        blacklist.conf :
    
      - qmi_wwan: Added support for Gemalto's Cinterion ALASxx
        WWAN interface (bsc#1051510).
    
      - qrtr: add MODULE_ALIAS macro to smd (bsc#1051510).
    
      - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing
        RTL_FLAG_TASK_ENABLED (bsc#1051510).
    
      - random: rate limit unseeded randomness warnings
        (git-fixes).
    
      - rculist: add list_for_each_entry_from_rcu()
        (bsc#1084760).
    
      - rculist: Improve documentation for
        list_for_each_entry_from_rcu() (bsc#1084760).
    
      - reiserfs: add check to detect corrupted directory entry
        (bsc#1109818).
    
      - reiserfs: do not panic on bad directory entries
        (bsc#1109818).
    
      - scsi: core: Allow state transitions from OFFLINE to
        BLOCKED (bsc#1112246).
    
      - scsi: ipr: Eliminate duplicate barriers ().
    
      - scsi: ipr: fix incorrect indentation of assignment
        statement ().
    
      - scsi: ipr: Use dma_pool_zalloc() ().
    
      - scsi: libfc: check fc_frame_payload_get() return value
        for null (bsc#1104731).
    
      - scsi: libfc: retry PRLI if we cannot analyse the payload
        (bsc#1104731).
    
      - scsi: qla2xxx: Fix memory leak for allocating abort IOCB
        (bsc#1111830).
    
      - scsi: target: prefer dbroot of /etc/target over
        /var/target (bsc#1111928).
    
      - serial: 8250: Fix clearing FIFOs in RS485 mode again
        (bsc#1051510).
    
      - series.conf: moved some Xen patches to the sorted region
        xen/blkfront: correct purging of persistent grants
        (bnc#1112514).
    
      - signal: Properly deliver SIGSEGV from x86 uprobes
        (bsc#1110006).
    
      - smb2: fix missing files in root share directory listing
        (bsc#1112907).
    
      - smb3: fill in statfs fsid and correct namelen
        (bsc#1112905).
    
      - smb3: fix reset of bytes read and written stats
        (bsc#1112906).
    
      - smb3: on reconnect set PreviousSessionId field
        (bsc#1112899).
    
      - sock_diag: fix use-after-free read in __sk_free
        (bsc#1051510).
    
      - soc/tegra: pmc: Fix child-node lookup (bsc#1051510).
    
      - sound: do not call skl_init_chip() to reset intel skl
        soc (bsc#1051510).
    
      - sound: enable interrupt after dma buffer initialization
        (bsc#1051510).
    
      - spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510).
    
      - spi: bcm-qspi: switch back to reading flash using
        smaller chunks (bsc#1051510).
    
      - spi: sh-msiof: fix deferred probing (bsc#1051510).
    
      - squashfs: more metadata hardening (bsc#1051510).
    
      - staging: comedi: ni_mio_common: protect register write
        overflow (bsc#1051510).
    
      - stm: Potential read overflow in
        stm_char_policy_set_ioctl() (bsc#1051510).
    
      - switchtec: Fix Spectre v1 vulnerability (bsc#1051510).
    
      - sysfs: Do not return POSIX ACL xattrs via listxattr
        (git-fixes).
    
      - target: log Data-Out timeouts as errors (bsc#1095805).
    
      - target: log NOP ping timeouts as errors (bsc#1095805).
    
      - target: split out helper for cxn timeout error stashing
        (bsc#1095805).
    
      - target: stash sess_err_stats on Data-Out timeout
        (bsc#1095805).
    
      - target: use ISCSI_IQN_LEN in iscsi_target_stat
        (bsc#1095805).
    
      - team: Forbid enslaving team device to itself
        (bsc#1051510).
    
      - tools build: fix # escaping in .cmd files for future
        Make (git-fixes).
    
      - tools/vm/page-types.c: fix 'defined but not used'
        warning (bsc#1051510).
    
      - tools/vm/slabinfo.c: fix sign-compare warning
        (bsc#1051510).
    
      - tracing: Add barrier to trace_printk() buffer nesting
        modification (bsc#1112219).
    
      - tty: fix data race between tty_init_dev and flush of buf
        (bnc#1105428).
    
      - tty: Hold tty_ldisc_lock() during tty_reopen()
        (bnc#1105428).
    
      - tty/ldsem: Add lockdep asserts for ldisc_sem
        (bnc#1105428).
    
      - tty/ldsem: Convert to regular lockdep annotations
        (bnc#1105428).
    
      - tty/ldsem: Decrement wait_readers on timeouted
        down_read() (bnc#1105428).
    
      - tty/ldsem: Wake up readers after timed out down_write()
        (bnc#1105428).
    
      - tty: Simplify tty->count math in tty_reopen()
        (bnc#1105428).
    
      - usb: chipidea: Prevent unbalanced IRQ disable
        (bsc#1051510).
    
      - usb: gadget: fotg210-udc: Fix memory leak of
        fotg210->ep[i] (bsc#1051510).
    
      - usb: gadget: fsl_udc_core: check allocation return value
        and cleanup on failure (bsc#1051510).
    
      - usb: gadget: fsl_udc_core: fixup struct_udc_setup
        documentation (bsc#1051510).
    
      - usbip: tools: fix atoi() on non-null terminated string
        (bsc#1051510).
    
      - usb: remove LPM management from
        usb_driver_claim_interface() (bsc#1051510).
    
      - usb: serial: cypress_m8: fix interrupt-out transfer
        length (bsc#1051510).
    
      - usb: serial: simple: add Motorola Tetra MTP6550 id
        (bsc#1051510).
    
      - usb: xhci-mtk: resume USB3 roothub first (bsc#1051510).
    
      - usb: yurex: Check for truncation in yurex_read()
        (bsc#1051510).
    
      - userfaultfd: hugetlbfs: fix userfaultfd_huge_must_wait()
        pte access (bsc#1109739).
    
      - Use upstream version of pci-hyperv patch (35a88a1)
    
      - vmbus: do not return values for uninitalized channels
        (bsc#1051510).
    
      - vti4: Do not count header length twice on tunnel setup
        (bsc#1051510).
    
      - vti6: fix PMTU caching and reporting on xmit
        (bsc#1051510).
    
      - vti6: remove !skb->ignore_df check from vti6_xmit()
        (bsc#1051510).
    
      - Workaround for mysterious NVMe breakage with i915 CFL
        (bsc#1111040).
    
      - x86/acpi: Prevent X2APIC id 0xffffffff from being
        accounted (bsc#1110006).
    
      - x86/boot/KASLR: Work around firmware bugs by excluding
        EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice
        (bnc#1112878).
    
      - x86/boot: Move EISA setup to a separate file
        (bsc#1110006).
    
      - x86/cpufeature: Add User-Mode Instruction Prevention
        definitions (bsc#1110006).
    
      - x86/cpufeatures: Add Intel Total Memory Encryption
        cpufeature (bsc#1110006).
    
      - x86/eisa: Add missing include (bsc#1110006).
    
      - x86/EISA: Do not probe EISA bus for Xen PV guests
        (bsc#1110006).
    
      - x86/fpu: Remove second definition of fpu in
        __fpu__restore_sig() (bsc#1110006).
    
      - x86/kasan: Panic if there is not enough memory to boot
        (bsc#1110006).
    
      - x86/MCE: Fix stack out-of-bounds write in mce-inject.c:
        Flags_read() (bsc#1110006).
    
      - x86/paravirt: Fix some warning messages (bnc#1065600).
    
      - x86/percpu: Fix this_cpu_read() (bsc#1110006).
    
      - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit()
        on 32bit (bsc#1105536).
    
      - x86/time: Correct the attribute on jiffies' definition
        (bsc#1110006).
    
      - xen/gntdev: avoid out of bounds access in case of
        partial gntdev_mmap() (bnc#1065600).
    
      - xen: Remove unnecessary BUG_ON from __unbind_from_irq()
        (bnc#1065600).
    
      - xen-swiotlb: fix the check condition for
        xen_swiotlb_free_coherent (bnc#1065600).
    
      - xfrm: use complete IPv6 addresses for hash
        (bsc#1109330).
    
      - xfs: do not fail when converting shortform attr to long
        form during ATTR_REPLACE (bsc#1105025).
    
      - xhci: Add missing CAS workaround for Intel Sunrise Point
        xHCI (bsc#1051510).
    
      - xhci: Do not print a warning when setting link state for
        disabled ports (bsc#1051510)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055120"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1066674"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1067906"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1076830"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1079524"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084760"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084831"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1091800"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094825"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100132"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103356"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103543"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104124"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104731"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1105025"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1105428"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1105536"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106110"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106237"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106240"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108377"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109330"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109818"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109907"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109911"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109951"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110006"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111040"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111819"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111830"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111834"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111870"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111901"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111904"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111921"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111928"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111983"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112170"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112173"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112208"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112219"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112221"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112246"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112372"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112514"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112554"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112708"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112710"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112711"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112712"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112713"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112731"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112732"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112733"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112734"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112735"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112736"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112738"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112740"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112741"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112743"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112745"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112746"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112878"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112894"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112899"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112905"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112906"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112907"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113257"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113284"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113295"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113408"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113667"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113751"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113972"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-base-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-base-debuginfo-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-debuginfo-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-debugsource-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-devel-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-devel-debuginfo-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-base-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-base-debuginfo-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-debuginfo-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-debugsource-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-devel-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-devel-debuginfo-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-devel-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-docs-html-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-base-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-debugsource-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-devel-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-macros-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-build-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-build-debugsource-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-qa-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-source-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-source-vanilla-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-syms-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-base-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-debuginfo-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-debugsource-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-devel-4.12.14-lp150.12.25.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.25.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3589-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-18445: A faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). CVE-2017-18224: fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-02
    plugin id120151
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120151
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:3589-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:3589-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120151);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/16");
    
      script_cve_id("CVE-2017-16533", "CVE-2017-18224", "CVE-2018-18386", "CVE-2018-18445");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:3589-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 15 kernel was updated to receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2018-18445: A faulty computation of numeric bounds in the BPF
    verifier permits out-of-bounds memory accesses because
    adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit
    right shifts (bnc#1112372).
    
    CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are
    able to access pseudo terminals) to hang/block further usage of any
    pseudo terminal devices due to an EXTPROC versus ICANON confusion in
    TIOCINQ (bnc#1094825).
    
    CVE-2017-18224: fs/ocfs2/aops.c omits use of a semaphore and
    consequently has a race condition for access to the extent tree during
    read operations in DIRECT mode, which allowed local users to cause a
    denial of service (BUG) by modifying a certain e_cpos field
    (bnc#1084831).
    
    CVE-2017-16533: The usbhid_parse function in
    drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of
    service (out-of-bounds read and system crash) or possibly have
    unspecified other impact via a crafted USB device (bnc#1066674).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046540"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050319"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050536"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050540"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055120"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066674"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1067126"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1067906"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1076830"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1079524"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1084760"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1084831"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086283"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086288"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1094825"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1095805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099125"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1100132"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1102881"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1103308"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1103543"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104731"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105025"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105536"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106110"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106237"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106240"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107685"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108241"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108377"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108468"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108828"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108870"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109151"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109158"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109217"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109330"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109784"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109818"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109907"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109911"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109951"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110006"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110096"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110538"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110561"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110921"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111028"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111076"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111819"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111830"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111834"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111870"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111901"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111904"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111928"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111983"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112170"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112173"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112208"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112219"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112221"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112246"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112372"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112514"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112554"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112708"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112710"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112711"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112712"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112713"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112731"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112732"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112733"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112734"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112735"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112736"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112738"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112740"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112741"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112743"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112745"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112746"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112894"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112899"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112905"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112906"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112907"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113257"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113284"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16533/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18224/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-18386/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-18445/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20183589-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fbf5cb31"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 15:zypper in -t patch
    SUSE-SLE-Product-WE-15-2018-2547=1
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-2018-2547=1
    
    SUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch
    SUSE-SLE-Module-Legacy-15-2018-2547=1
    
    SUSE Linux Enterprise Module for Development Tools 15:zypper in -t
    patch SUSE-SLE-Module-Development-Tools-15-2018-2547=1
    
    SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-2018-2547=1
    
    SUSE Linux Enterprise High Availability 15:zypper in -t patch
    SUSE-SLE-Product-HA-15-2018-2547=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-default-man-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-base-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-base-debuginfo-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-qa-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kselftests-kmp-default-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kselftests-kmp-default-debuginfo-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"reiserfs-kmp-default-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"reiserfs-kmp-default-debuginfo-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-build-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-build-debugsource-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-syms-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-base-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-base-debuginfo-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-debuginfo-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-debugsource-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-devel-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-devel-debuginfo-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-default-man-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-base-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-base-debuginfo-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debugsource-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-qa-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kselftests-kmp-default-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kselftests-kmp-default-debuginfo-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-build-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-build-debugsource-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-syms-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-base-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-base-debuginfo-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-debuginfo-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-debugsource-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debugsource-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-devel-4.12.14-25.25.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-devel-debuginfo-4.12.14-25.25.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-0512.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) * kernel: Faulty computation of numberic bounds in the BPF verifier (CVE-2018-18445) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) and Enhancement(s) : * kernel fuse invalidates cached attributes during reads (BZ#1657921) * [NetApp-FC-NVMe] RHEL7.6: nvme reset gets hung indefinitely (BZ#1659937) * Memory reclaim deadlock calling __sock_create() after memalloc_noio_save() (BZ#1660392) * hardened usercopy is causing crash (BZ#1660815) * Backport: xfrm: policy: init locks early (BZ#1660887) * AWS m5 instance type loses NVMe mounted volumes [was: Unable to Mount StatefulSet PV in AWS EBS] (BZ#1661947) * RHEL 7.6 running on a VirtualBox guest with a GUI has a mouse problem (BZ# 1662848) * Kernel bug report in cgroups on heavily contested 3.10 node (BZ#1663114) * [PCIe] SHPC probe crash on Non-ACPI/Non-SHPC ports (BZ#1663241) * [Cavium 7.7 Feat] qla2xxx: Update to latest upstream. (BZ#1663508) * Regression in lpfc and the CNE1000 (BE2 FCoE) adapters that no longer initialize (BZ#1664067) * [csiostor] call trace after command: modprobe csiostor (BZ#1665370) * libceph: fall back to sendmsg for slab pages (BZ#1665814) * Deadlock between stop_one_cpu_nowait() and stop_two_cpus() (BZ#1667328) * Soft lockups occur when the sd driver passes a device size of 1 sector to string_get_size() (BZ#1667989) * [RHEL7.7] BUG: unable to handle kernel paging request at ffffffffffffffff (BZ#1668208) * RHEL7.6 - powerpc/pseries: Disable CPU hotplug across migrations / powerpc/ rtas: Fix a potential race between CPU-Offline & Migration (LPM) (BZ# 1669044) * blk-mq: fix corruption with direct issue (BZ#1670511) * [RHEL7][patch] iscsi driver can block reboot/shutdown (BZ#1670680) * [DELL EMC 7.6 BUG] Unable to create-namespace over Dell NVDIMM-N (BZ# 1671743) * efi_bgrt_init fails to ioremap error during boot (BZ#1671745) * Unable to mount a share on kernel- 3.10.0-957.el7. The share can be mounted on kernel-3.10.0-862.14.4.el7 (BZ#1672448) * System crash with RIP nfs_readpage_async+0x43 -- BUG: unable to handle kernel NULL pointer dereference (BZ#1672510) Users of kernel are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.
    last seen2020-06-01
    modified2020-06-02
    plugin id122954
    published2019-03-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122954
    titleCentOS 7 : kernel (CESA-2019:0512)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4304.NASL
    descriptionDescription of changes: [4.14.35-1818.5.4.el7uek] - RDS: NULL pointer dereference in rds_atomic_free_op (Mohamed Ghannam) [Orabug: 28020694] {CVE-2018-5333} - x86/speculation: Make enhanced IBRS the default spectre v2 mitigation (Alejandro Jimenez) [Orabug: 28474853] - x86/speculation: Enable enhanced IBRS usage (Alejandro Jimenez) [Orabug: 28474853] - x86/speculation: functions for supporting enhanced IBRS (Alejandro Jimenez) [Orabug: 28474853] - KVM: x86: Expose CLDEMOTE CPU feature to guest VM (Jingqi Liu) [Orabug: 28938290] - x86/cpufeatures: Enumerate cldemote instruction (Fenghua Yu) [Orabug: 28938290] - libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (Fred Herard) [Orabug: 28946206] - wil6210: missing length check in wmi_set_ie (Lior David) [Orabug: 28951267] {CVE-2018-5848} - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (Andy Whitcroft) [Orabug: 28956546] {CVE-2018-7755} {CVE-2018-7755} [4.14.35-1818.5.3.el7uek] - hugetlbfs: use truncate mutex to prevent pmd sharing race (Mike Kravetz) [Orabug: 28896279] - xfs: enhance dinode verifier (Eric Sandeen) [Orabug: 28943579] {CVE-2018-10322} - xfs: move inode fork verifiers to xfs_dinode_verify (Darrick J. Wong) [Orabug: 28943579] {CVE-2018-10322} [4.14.35-1818.5.2.el7uek] - rds: crash at rds_ib_inc_copy_to_user+104 due to NULL ptr reference (Venkat Venkatsubra) [Orabug: 28748049] - kdump/vmcore: support encrypted old memory with SME enabled (Lianbo Jiang) [Orabug: 28796835] - amd_iommu: remap the device table of IOMMU with the memory encryption mask for kdump (Lianbo Jiang) [Orabug: 28796835] - kexec: allocate unencrypted control pages for kdump in case SME is enabled (Lianbo Jiang) [Orabug: 28796835] - x86/ioremap: add a function ioremap_encrypted() to remap kdump old memory (Lianbo Jiang) [Orabug: 28796835] - net/rds: Fix endless RNR situation (Venkat Venkatsubra) [Orabug: 28857013] - Btrfs: fix xattr loss after power failure (Filipe Manana) [Orabug: 28893942] - xen/balloon: Support xend-based toolstack (Boris Ostrovsky) [Orabug: 28901032] - Btrfs: fix file data corruption after cloning a range and fsync (Filipe Manana) [Orabug: 28905635] - xen-blkfront: fix kernel panic with negotiate_mq error path (Manjunath Patil) - cdrom: fix improper type cast, which can leat to information leak. (Young_X) [Orabug: 28929755] {CVE-2018-16658} {CVE-2018-10940} {CVE-2018-18710} - sched/fair: Use a recently used CPU as an idle candidate and the basis for SIS (Mel Gorman) [Orabug: 28940633] - sched/fair: Move select_task_rq_fair() slow-path into its own function (Brendan Jackman) [Orabug: 28940633] - certs: Add Oracle
    last seen2020-04-30
    modified2018-12-13
    plugin id119638
    published2018-12-13
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119638
    titleOracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2018-4304)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1342.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). - CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier permitted out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). - CVE-2017-18224: fs/ocfs2/aops.c omitted use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). - CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The following non-security bugs were fixed : - acpi / processor: Fix the return value of acpi_processor_ids_walk() (bsc#1051510). - aio: fix io_destroy(2) vs. lookup_ioctx() race (git-fixes). - alsa: hda: Add 2 more models to the power_save blacklist (bsc#1051510). - alsa: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510). - alsa: hda - Add quirk for ASUS G751 laptop (bsc#1051510). - alsa: hda - Fix headphone pin config for ASUS G751 (bsc#1051510). - alsa: hda: fix unused variable warning (bsc#1051510). - alsa: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510). - alsa: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510). - apparmor: Check buffer bounds when mapping permissions mask (git-fixes). - ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510). - ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510). - ASoC: rsnd: adg: care clock-frequency size (bsc#1051510). - ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510). - ASoC: rt5514: Fix the issue of the delay volume applied again (bsc#1051510). - ASoC: sigmadsp: safeload should not have lower byte limit (bsc#1051510). - ASoC: wm8804: Add ACPI support (bsc#1051510). - ath10k: fix kernel panic issue during pci probe (bsc#1051510). - ath10k: fix scan crash due to incorrect length calculation (bsc#1051510). - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bsc#1051510). - batman-adv: Avoid probe ELP information leak (bsc#1051510). - batman-adv: fix backbone_gw refcount on queue_work() failure (bsc#1051510). - batman-adv: fix hardif_neigh refcount on queue_work() failure (bsc#1051510). - bdi: Fix another oops in wb_workfn() (bsc#1112746). - bdi: Preserve kabi when adding cgwb_release_mutex (bsc#1112746). - blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers (bsc#1111819). - blk-mq: I/O and timer unplugs are inverted in blktrace (bsc#1112713). - block, bfq: fix wrong init of saved start time for weight raising (bsc#1112708). - block: bfq: swap puts in bfqg_and_blkg_put (bsc#1112712). - block: bvec_nr_vecs() returns value for wrong slab (bsc#1111834). - bpf/verifier: disallow pointer subtraction (bsc#1083647). - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667). - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667). - btrfs: fix file data corruption after cloning a range and fsync (bsc#1111901). - btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919). - btrfs: fix mount failure after fsync due to hard link recreation (bsc#1103543). - btrfs: handle errors while updating refcounts in update_ref_for_cow (Git-fixes bsc#1109915). - btrfs: send, fix invalid access to commit roots due to concurrent snapshotting (bsc#1111904). - cdc-acm: fix race between reset and control messaging (bsc#1051510). - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1111983). - cifs: check for STATUS_USER_SESSION_DELETED (bsc#1112902). - cifs: fix memory leak in SMB2_open() (bsc#1112894). - cifs: Fix use after free of a mid_q_entry (bsc#1112903). - clk: x86: add
    last seen2020-06-05
    modified2018-11-08
    plugin id118818
    published2018-11-08
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118818
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2018-1342)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-4069-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removed entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry could remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769). CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751). CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier permitted out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372). CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825). CVE-2017-18224: fs/ocfs2/aops.c omitted use of a semaphore and consequently had a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831). CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119647
    published2018-12-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119647
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:4069-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0512.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) * kernel: Faulty computation of numberic bounds in the BPF verifier (CVE-2018-18445) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) and Enhancement(s) : * kernel fuse invalidates cached attributes during reads (BZ#1657921) * [NetApp-FC-NVMe] RHEL7.6: nvme reset gets hung indefinitely (BZ#1659937) * Memory reclaim deadlock calling __sock_create() after memalloc_noio_save() (BZ#1660392) * hardened usercopy is causing crash (BZ#1660815) * Backport: xfrm: policy: init locks early (BZ#1660887) * AWS m5 instance type loses NVMe mounted volumes [was: Unable to Mount StatefulSet PV in AWS EBS] (BZ#1661947) * RHEL 7.6 running on a VirtualBox guest with a GUI has a mouse problem (BZ# 1662848) * Kernel bug report in cgroups on heavily contested 3.10 node (BZ#1663114) * [PCIe] SHPC probe crash on Non-ACPI/Non-SHPC ports (BZ#1663241) * [Cavium 7.7 Feat] qla2xxx: Update to latest upstream. (BZ#1663508) * Regression in lpfc and the CNE1000 (BE2 FCoE) adapters that no longer initialize (BZ#1664067) * [csiostor] call trace after command: modprobe csiostor (BZ#1665370) * libceph: fall back to sendmsg for slab pages (BZ#1665814) * Deadlock between stop_one_cpu_nowait() and stop_two_cpus() (BZ#1667328) * Soft lockups occur when the sd driver passes a device size of 1 sector to string_get_size() (BZ#1667989) * [RHEL7.7] BUG: unable to handle kernel paging request at ffffffffffffffff (BZ#1668208) * RHEL7.6 - powerpc/pseries: Disable CPU hotplug across migrations / powerpc/ rtas: Fix a potential race between CPU-Offline & Migration (LPM) (BZ# 1669044) * blk-mq: fix corruption with direct issue (BZ#1670511) * [RHEL7][patch] iscsi driver can block reboot/shutdown (BZ#1670680) * [DELL EMC 7.6 BUG] Unable to create-namespace over Dell NVDIMM-N (BZ# 1671743) * efi_bgrt_init fails to ioremap error during boot (BZ#1671745) * Unable to mount a share on kernel- 3.10.0-957.el7. The share can be mounted on kernel-3.10.0-862.14.4.el7 (BZ#1672448) * System crash with RIP nfs_readpage_async+0x43 -- BUG: unable to handle kernel NULL pointer dereference (BZ#1672510) Users of kernel are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.
    last seen2020-06-01
    modified2020-06-02
    plugin id122842
    published2019-03-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122842
    titleRHEL 7 : kernel (RHSA-2019:0512)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3832-1.NASL
    descriptionJann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972) Jann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281) It was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445) Daniel Dadap discovered that the module loading implementation in the Linux kernel did not properly enforce signed module loading when booted with UEFI Secure Boot in some situations. A local privileged attacker could use this to execute untrusted code in the kernel. (CVE-2018-18653) Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. (CVE-2018-18955) Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information (protected file names). (CVE-2018-6559). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119302
    published2018-11-30
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119302
    titleUbuntu 18.10 : linux-aws vulnerabilities (USN-3832-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190314_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) - kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) - kernel: Faulty computation of numberic bounds in the BPF verifier (CVE-2018-18445) Bug Fix(es) and Enhancement(s) : - kernel fuse invalidates cached attributes during reads - [NetApp-FC-NVMe] SL7.6: nvme reset gets hung indefinitely - Memory reclaim deadlock calling __sock_create() after memalloc_noio_save() - hardened usercopy is causing crash - Backport: xfrm: policy: init locks early - AWS m5 instance type loses NVMe mounted volumes [was: Unable to Mount StatefulSet PV in AWS EBS] - SL 7.6 running on a VirtualBox guest with a GUI has a mouse problem - Kernel bug report in cgroups on heavily contested 3.10 node - [PCIe] SHPC probe crash on Non-ACPI/Non-SHPC ports - [Cavium 7.7 Feat] qla2xxx: Update to latest upstream. - Regression in lpfc and the CNE1000 (BE2 FCoE) adapters that no longer initialize - [csiostor] call trace after command: modprobe csiostor - libceph: fall back to sendmsg for slab pages - Deadlock between stop_one_cpu_nowait() and stop_two_cpus() - Soft lockups occur when the sd driver passes a device size of 1 sector to string_get_size() - [SL7.7] BUG: unable to handle kernel paging request at ffffffffffffffff - SL7.6 - powerpc/pseries: Disable CPU hotplug across migrations / powerpc/rtas: Fix a potential race between CPU-Offline &amp; Migration (LPM) - blk-mq: fix corruption with direct issue - [SL7][patch] iscsi driver can block reboot/shutdown - [DELL EMC 7.6 BUG] Unable to create-namespace over Dell NVDIMM-N - efi_bgrt_init fails to ioremap error during boot - Unable to mount a share on kernel- 3.10.0-957.el7. The share can be mounted on kernel-3.10.0-862.14.4.el7 - System crash with RIP nfs_readpage_async+0x43 -- BUG: unable to handle kernel NULL pointer dereference
    last seen2020-03-18
    modified2019-03-18
    plugin id122887
    published2019-03-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122887
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20190314)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0514.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) * kernel: Faulty computation of numberic bounds in the BPF verifier (CVE-2018-18445) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * kernel-rt: update to the RHEL7.6.z batch#3 source tree (BZ#1672406) Users of kernel-rt are advised to upgrade to these updated packages, which fix this bug.
    last seen2020-06-01
    modified2020-06-02
    plugin id122843
    published2019-03-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122843
    titleRHEL 7 : kernel-rt (RHSA-2019:0514)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3847-1.NASL
    descriptionIt was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902) It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896) Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734) It was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16276) It was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445) Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690) It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-27
    modified2018-12-21
    plugin id119827
    published2018-12-21
    reporterUbuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119827
    titleUbuntu 18.04 LTS : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, (USN-3847-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3847-2.NASL
    descriptionUSN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902) It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896) Noam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734) It was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16276) It was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445) Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690) It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-27
    modified2018-12-21
    plugin id119828
    published2018-12-21
    reporterUbuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119828
    titleUbuntu 16.04 LTS : linux-hwe, linux-aws-hwe, linux-azure, linux-gcp vulnerabilities (USN-3847-2)

Redhat

advisories
  • rhsa
    idRHSA-2019:0512
  • rhsa
    idRHSA-2019:0514
rpms
  • bpftool-0:3.10.0-957.10.1.el7
  • kernel-0:3.10.0-957.10.1.el7
  • kernel-abi-whitelists-0:3.10.0-957.10.1.el7
  • kernel-bootwrapper-0:3.10.0-957.10.1.el7
  • kernel-debug-0:3.10.0-957.10.1.el7
  • kernel-debug-debuginfo-0:3.10.0-957.10.1.el7
  • kernel-debug-devel-0:3.10.0-957.10.1.el7
  • kernel-debuginfo-0:3.10.0-957.10.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-957.10.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-957.10.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-957.10.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-957.10.1.el7
  • kernel-devel-0:3.10.0-957.10.1.el7
  • kernel-doc-0:3.10.0-957.10.1.el7
  • kernel-headers-0:3.10.0-957.10.1.el7
  • kernel-kdump-0:3.10.0-957.10.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-957.10.1.el7
  • kernel-kdump-devel-0:3.10.0-957.10.1.el7
  • kernel-tools-0:3.10.0-957.10.1.el7
  • kernel-tools-debuginfo-0:3.10.0-957.10.1.el7
  • kernel-tools-libs-0:3.10.0-957.10.1.el7
  • kernel-tools-libs-devel-0:3.10.0-957.10.1.el7
  • perf-0:3.10.0-957.10.1.el7
  • perf-debuginfo-0:3.10.0-957.10.1.el7
  • python-perf-0:3.10.0-957.10.1.el7
  • python-perf-debuginfo-0:3.10.0-957.10.1.el7
  • kernel-rt-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-debug-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-debug-devel-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-debug-kvm-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-debuginfo-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-devel-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-doc-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-kvm-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-trace-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-trace-devel-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-trace-kvm-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-957.10.1.rt56.921.el7