Vulnerabilities > CVE-2018-18559 - Use After Free vulnerability in multiple products

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
linux
redhat
CWE-416
nessus

Summary

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.

Vulnerable Configurations

Part Description Count
OS
Linux
476
OS
Redhat
6
Application
Redhat
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0174.NASL
    descriptionAn update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * Kernel: speculative bounds check bypass store (CVE-2018-3693) * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846) * kernel: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (CVE-2019-8912) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126) * kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487) * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814) * kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815) * kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Kernel panic on job cleanup, related to SyS_getdents64 (BZ#1702057) * Kernel modules generated incorrectly when system is localized to non-English language (BZ#1705285) * RHEL-Alt-7.6 - Fixup tlbie vs store ordering issue on POWER9 (BZ#1756270)
    last seen2020-06-01
    modified2020-06-02
    plugin id133162
    published2020-01-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133162
    titleRHEL 7 : kernel-alt (RHSA-2020:0174)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:0174. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133162);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/24");
    
      script_cve_id("CVE-2018-18559", "CVE-2018-3693", "CVE-2019-10126", "CVE-2019-11487", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-17133", "CVE-2019-18660", "CVE-2019-3846", "CVE-2019-8912");
      script_xref(name:"RHSA", value:"2020:0174");
    
      script_name(english:"RHEL 7 : kernel-alt (RHSA-2020:0174)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel-alt is now available for Red Hat Enterprise Linux
    7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel-alt packages provide the Linux kernel version 4.x.
    
    Security Fix(es) :
    
    * Kernel: speculative bounds check bypass store (CVE-2018-3693)
    
    * kernel: Use-after-free due to race condition in AF_PACKET
    implementation (CVE-2018-18559)
    
    * kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in
    marvell/mwifiex/scan.c (CVE-2019-3846)
    
    * kernel: af_alg_release() in crypto/af_alg.c neglects to set a NULL
    value for a certain structure member, which leads to a use-after-free
    in sockfs_setattr (CVE-2019-8912)
    
    * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in
    drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)
    
    * kernel: Count overflow in FUSE request leading to use-after-free
    issues. (CVE-2019-11487)
    
    * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell
    WiFi driver (CVE-2019-14816)
    
    * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in
    net/wireless/ wext-sme.c (CVE-2019-17133)
    
    * kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell
    Wifi Driver leading to DoS (CVE-2019-14814)
    
    * kernel: heap-overflow in mwifiex_set_wmm_params() function of
    Marvell WiFi driver leading to DoS (CVE-2019-14815)
    
    * kernel: (powerpc) incomplete Spectre-RSB mitigation leads to
    information exposure (CVE-2019-18660)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section.
    
    Bug Fix(es) :
    
    * Kernel panic on job cleanup, related to SyS_getdents64 (BZ#1702057)
    
    * Kernel modules generated incorrectly when system is localized to
    non-English language (BZ#1705285)
    
    * RHEL-Alt-7.6 - Fixup tlbie vs store ordering issue on POWER9
    (BZ#1756270)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/solutions/3523601"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0174"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-3693"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-18559"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-3846"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-8912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-10126"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-11487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14814"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14815"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14816"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-17133"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-18660"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3846");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-18559", "CVE-2018-3693", "CVE-2019-10126", "CVE-2019-11487", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-17133", "CVE-2019-18660", "CVE-2019-3846", "CVE-2019-8912");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2020:0174");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2020:0174";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", reference:"kernel-abi-whitelists-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-debuginfo-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-devel-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-devel-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", reference:"kernel-doc-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-headers-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-debuginfo-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-devel-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-debuginfo-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-debuginfo-4.14.0-115.17.1.el7a")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
      }
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1244.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found In the Linux kernel, through version 4.19.6, where a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. An attacker could corrupt memory and possibly escalate privileges if the attacker is able to have physical access to the system.i1/4^CVE-2018-19824i1/4%0 - It was found that the Linux kernel can hit a BUG_ON() statement in the __xfs_get_blocks() in the fs/xfs/xfs_aops.c because of a race condition between direct and memory-mapped I/O associated with a hole in a file that is handled with BUG_ON() instead of an I/O failure. This allows a local unprivileged attacker to cause a system crash and a denial of service.i1/4^CVE-2016-10741i1/4%0 - A division-by-zero in set_termios(), when debugging is enabled, was found in the Linux kernel. When the [io_ti] driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the change_port_settings() in the drivers/usb/serial/io_ti.c so that the divisor value becomes zero and causes a system crash resulting in a denial of service.i1/4^CVE-2017-18360i1/4%0 - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused.i1/4^CVE-2018-18281i1/4%0 - A use-after-free flaw can occur in the Linux kernel due to a race condition between packet_do_bind() and packet_notifier() functions called for an AF_PACKET socket. An unprivileged, local user could use this flaw to induce kernel memory corruption on the system, leading to an unresponsive system or to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.i1/4^CVE-2018-18559i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-04
    plugin id123712
    published2019-04-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123712
    titleEulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1244)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123712);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2016-10741",
        "CVE-2017-18360",
        "CVE-2018-18281",
        "CVE-2018-18559",
        "CVE-2018-19824"
      );
    
      script_name(english:"EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1244)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - A flaw was found In the Linux kernel, through version
        4.19.6, where a local user could exploit a
        use-after-free in the ALSA driver by supplying a
        malicious USB Sound device (with zero interfaces) that
        is mishandled in usb_audio_probe in sound/usb/card.c.
        An attacker could corrupt memory and possibly escalate
        privileges if the attacker is able to have physical
        access to the system.i1/4^CVE-2018-19824i1/4%0
    
      - It was found that the Linux kernel can hit a BUG_ON()
        statement in the __xfs_get_blocks() in the
        fs/xfs/xfs_aops.c because of a race condition between
        direct and memory-mapped I/O associated with a hole in
        a file that is handled with BUG_ON() instead of an I/O
        failure. This allows a local unprivileged attacker to
        cause a system crash and a denial of
        service.i1/4^CVE-2016-10741i1/4%0
    
      - A division-by-zero in set_termios(), when debugging is
        enabled, was found in the Linux kernel. When the
        [io_ti] driver is loaded, a local unprivileged attacker
        can request incorrect high transfer speed in the
        change_port_settings() in the
        drivers/usb/serial/io_ti.c so that the divisor value
        becomes zero and causes a system crash resulting in a
        denial of service.i1/4^CVE-2017-18360i1/4%0
    
      - Since Linux kernel version 3.2, the mremap() syscall
        performs TLB flushes after dropping pagetable locks. If
        a syscall such as ftruncate() removes entries from the
        pagetables of a task that is in the middle of mremap(),
        a stale TLB entry can remain for a short time that
        permits access to a physical page after it has been
        released back to the page allocator and
        reused.i1/4^CVE-2018-18281i1/4%0
    
      - A use-after-free flaw can occur in the Linux kernel due
        to a race condition between packet_do_bind() and
        packet_notifier() functions called for an AF_PACKET
        socket. An unprivileged, local user could use this flaw
        to induce kernel memory corruption on the system,
        leading to an unresponsive system or to a crash. Due to
        the nature of the flaw, privilege escalation cannot be
        fully ruled out.i1/4^CVE-2018-18559i1/4%0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1244
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9ebc7ba2");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/04");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.3");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "2.5.3") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.3");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-514.44.5.10_132",
            "kernel-devel-3.10.0-514.44.5.10_132",
            "kernel-headers-3.10.0-514.44.5.10_132",
            "kernel-tools-3.10.0-514.44.5.10_132",
            "kernel-tools-libs-3.10.0-514.44.5.10_132",
            "kernel-tools-libs-devel-3.10.0-514.44.5.10_132"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-0163.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : These updated kernel packages include also numerous bug fixes and enhancements. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/ articles/3827321
    last seen2020-06-01
    modified2020-06-02
    plugin id121547
    published2019-02-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121547
    titleCentOS 7 : kernel (CESA-2019:0163)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:0163 and 
    # CentOS Errata and Security Advisory 2019:0163 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121547);
      script_version("1.4");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2018-18397", "CVE-2018-18559");
      script_xref(name:"RHSA", value:"2019:0163");
    
      script_name(english:"CentOS 7 : kernel (CESA-2019:0163)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * kernel: Use-after-free due to race condition in AF_PACKET
    implementation (CVE-2018-18559)
    
    * kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Bug Fix(es) :
    
    These updated kernel packages include also numerous bug fixes and
    enhancements. Space precludes documenting all of the bug fixes in this
    advisory. See the descriptions in the related Knowledge Article:
    https://access.redhat.com/ articles/3827321"
      );
      # https://lists.centos.org/pipermail/centos-announce/2019-February/023149.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?05b5afeb"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-18559");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bpftool");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bpftool-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-devel-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-doc-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-headers-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perf-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-perf-3.10.0-957.5.1.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190129_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) - kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397) Bug Fix(es) : See the descriptions in the related Knowledge Article :
    last seen2020-03-18
    modified2019-01-30
    plugin id121456
    published2019-01-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121456
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20190129)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121456);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
    
      script_cve_id("CVE-2018-18397", "CVE-2018-18559");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL7.x x86_64 (20190129)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - kernel: Use-after-free due to race condition in
        AF_PACKET implementation (CVE-2018-18559)
    
      - kernel: userfaultfd bypasses tmpfs file permissions
        (CVE-2018-18397)
    
    Bug Fix(es) :
    
    See the descriptions in the related Knowledge Article :"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1901&L=SCIENTIFIC-LINUX-ERRATA&P=9416
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?39692c42"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bpftool");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/01/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bpftool-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", reference:"kernel-abi-whitelists-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", reference:"kernel-doc-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-3.10.0-957.5.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-957.5.1.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1253.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A division-by-zero in set_termios(), when debugging is enabled, was found in the Linux kernel. When the [io_ti] driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the change_port_settings() in the drivers/usb/serial/io_ti.c so that the divisor value becomes zero and causes a system crash resulting in a denial of service.i1/4^CVE-2017-18360i1/4%0 - A flaw was found In the Linux kernel, through version 4.19.6, where a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. An attacker could corrupt memory and possibly escalate privileges if the attacker is able to have physical access to the system.i1/4^CVE-2018-19824i1/4%0 - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused.i1/4^CVE-2018-18281i1/4%0 - A use-after-free flaw can occur in the Linux kernel due to a race condition between packet_do_bind() and packet_notifier() functions called for an AF_PACKET socket. An unprivileged, local user could use this flaw to induce kernel memory corruption on the system, leading to an unresponsive system or to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.i1/4^CVE-2018-18559i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-04
    plugin id123721
    published2019-04-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123721
    titleEulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1253)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123721);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2017-18360",
        "CVE-2018-18281",
        "CVE-2018-18559",
        "CVE-2018-19824"
      );
    
      script_name(english:"EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1253)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - A division-by-zero in set_termios(), when debugging is
        enabled, was found in the Linux kernel. When the
        [io_ti] driver is loaded, a local unprivileged attacker
        can request incorrect high transfer speed in the
        change_port_settings() in the
        drivers/usb/serial/io_ti.c so that the divisor value
        becomes zero and causes a system crash resulting in a
        denial of service.i1/4^CVE-2017-18360i1/4%0
    
      - A flaw was found In the Linux kernel, through version
        4.19.6, where a local user could exploit a
        use-after-free in the ALSA driver by supplying a
        malicious USB Sound device (with zero interfaces) that
        is mishandled in usb_audio_probe in sound/usb/card.c.
        An attacker could corrupt memory and possibly escalate
        privileges if the attacker is able to have physical
        access to the system.i1/4^CVE-2018-19824i1/4%0
    
      - Since Linux kernel version 3.2, the mremap() syscall
        performs TLB flushes after dropping pagetable locks. If
        a syscall such as ftruncate() removes entries from the
        pagetables of a task that is in the middle of mremap(),
        a stale TLB entry can remain for a short time that
        permits access to a physical page after it has been
        released back to the page allocator and
        reused.i1/4^CVE-2018-18281i1/4%0
    
      - A use-after-free flaw can occur in the Linux kernel due
        to a race condition between packet_do_bind() and
        packet_notifier() functions called for an AF_PACKET
        socket. An unprivileged, local user could use this flaw
        to induce kernel memory corruption on the system,
        leading to an unresponsive system or to a crash. Due to
        the nature of the flaw, privilege escalation cannot be
        fully ruled out.i1/4^CVE-2018-18559i1/4%0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1253
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b1ef0b72");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/04");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.4");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "2.5.4") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.4");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-862.14.1.1_62",
            "kernel-devel-3.10.0-862.14.1.1_62",
            "kernel-headers-3.10.0-862.14.1.1_62",
            "kernel-tools-3.10.0-862.14.1.1_62",
            "kernel-tools-libs-3.10.0-862.14.1.1_62",
            "kernel-tools-libs-devel-3.10.0-862.14.1.1_62"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1170.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the implementation of the
    last seen2020-06-01
    modified2020-06-02
    plugin id125039
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125039
    titleRHEL 7 : kernel (RHSA-2019:1170) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1524.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.(CVE-2018-18559i1/4%0 - The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump. A local users could obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.(CVE-2017-11472i1/4%0 - Race condition in net/packet/af_packet.c in the Linux kernel allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.(CVE-2017-6346i1/4%0 - Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system calls.(CVE-2013-7026i1/4%0 - An issue was discovered in the Linux kernel. A NULL pointer dereference and panic in hfsplus_lookup() in the fs/hfsplus/dir.c function can occur when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.(CVE-2018-14617i1/4%0 - The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.(CVE-2016-2782i1/4%0 - An information-exposure flaw was found in the Linux kernel where the pcpu_embed_first_chunk() function in mm/percpu.c allows local users to obtain kernel-object address information by reading the kernel log (dmesg). However, this address is not static and cannot be used to commit a further attack.(CVE-2018-5995i1/4%0 - Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.(CVE-2014-6416i1/4%0 - It was found that the Linux kernel
    last seen2020-03-19
    modified2019-05-14
    plugin id124977
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124977
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1524)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4575.NASL
    descriptionDescription of changes: [4.1.12-124.26.1.el7uek] - NFS: commit direct writes even if they fail partially (J. Bruce Fields) [Orabug: 28212440] - rds: update correct congestion map for loopback transport (Mukesh Kacker) [Orabug: 29175685] - ext4: only look at the bg_flags field if it is valid (Theodore Ts
    last seen2020-06-01
    modified2020-06-02
    plugin id122803
    published2019-03-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122803
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4575)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1303.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A new software page cache side channel attack scenario was discovered in operating systems that implement the very common
    last seen2020-05-06
    modified2019-05-01
    plugin id124430
    published2019-05-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124430
    titleEulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1303)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1131.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A division-by-zero in set_termios(), when debugging is enabled, was found in the Linux kernel. When the [io_ti] driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the change_port_settings() in the drivers/usb/serial/io_ti.c so that the divisor value becomes zero and causes a system crash resulting in a denial of service. (CVE-2017-18360) - Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused.(CVE-2018-18281) - A flaw was discovered in the Linux kernel
    last seen2020-05-06
    modified2019-04-02
    plugin id123605
    published2019-04-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123605
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1131)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0163.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : These updated kernel packages include also numerous bug fixes and enhancements. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/ articles/3827321
    last seen2020-06-01
    modified2020-06-02
    plugin id121449
    published2019-01-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121449
    titleRHEL 7 : kernel (RHSA-2019:0163)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0163.NASL
    descriptionFrom Red Hat Security Advisory 2019:0163 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : These updated kernel packages include also numerous bug fixes and enhancements. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/ articles/3827321
    last seen2020-06-01
    modified2020-06-02
    plugin id121496
    published2019-01-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121496
    titleOracle Linux 7 : kernel (ELSA-2019-0163)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3967.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) * Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221) * kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service (CVE-2017-18208) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * A cluster node has multiple hung
    last seen2020-06-01
    modified2020-06-02
    plugin id131375
    published2019-11-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131375
    titleRHEL 7 : kernel (RHSA-2019:3967)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0053_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by a vulnerability: - A use-after-free flaw can occur in the Linux kernel due to a race condition between packet_do_bind() and packet_notifier() functions called for an AF_PACKET socket. An unprivileged, local user could use this flaw to induce kernel memory corruption on the system, leading to an unresponsive system or to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-18559) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127240
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127240
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Vulnerability (NS-SA-2019-0053)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2018-077.NASL
    descriptionAccording to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - It was discovered that a race condition between packet_do_bind() and packet_notifier() in the implementation of AF_PACKET could lead to use-after-free. An unprivileged user on the host or in a container could exploit this to crash the kernel or, potentially, to escalate their privileges in the system. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2019-01-11
    plugin id121099
    published2019-01-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121099
    titleVirtuozzo 7 : readykernel-patch (VZA-2018-077)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL28241423.NASL
    descriptionIn the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control. (CVE-2018-18559) Impact An attacker can exploit this vulnerability by executing arbitrary code with elevated privileges.
    last seen2020-06-01
    modified2020-06-02
    plugin id129311
    published2019-09-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129311
    titleF5 Networks BIG-IP : Linux kernel vulnerability (K28241423)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0055_KERNEL-RT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by a vulnerability: - A use-after-free flaw can occur in the Linux kernel due to a race condition between packet_do_bind() and packet_notifier() functions called for an AF_PACKET socket. An unprivileged, local user could use this flaw to induce kernel memory corruption on the system, leading to an unresponsive system or to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-18559) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127243
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127243
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Vulnerability (NS-SA-2019-0055)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1076.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial of service.(CVE-2018-14641) - A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system.(CVE-2018-5391) - The resv_map_release function in mm/hugetlb.c in the Linux kernel, through 4.15.7, allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. (CVE-2018-7740) - A use-after-free vulnerability was found in the way the Linux kernel
    last seen2020-05-06
    modified2019-03-08
    plugin id122699
    published2019-03-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122699
    titleEulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1076)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1512.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size() function in
    last seen2020-06-01
    modified2020-06-02
    plugin id124834
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124834
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1512)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2019-0009.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - NFS: commit direct writes even if they fail partially (J. Bruce Fields) [Orabug: 28212440] - rds: update correct congestion map for loopback transport (Mukesh Kacker) [Orabug: 29175685] - ext4: only look at the bg_flags field if it is valid (Theodore Ts
    last seen2020-06-01
    modified2020-06-02
    plugin id122837
    published2019-03-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122837
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0009)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2019-013.NASL
    descriptionAccording to the versions of the OVMF / anaconda / anaconda-core / anaconda-dracut / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw was found in create_elf_tables(). An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. - It was discovered that a race condition between packet_do_bind() and packet_notifier() in the implementation of AF_PACKET could lead to use-after-free. An unprivileged user on the host or in a container could exploit this to crash the kernel or, potentially, to escalate their privileges in the system. - The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122611
    published2019-03-05
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122611
    titleVirtuozzo 7 : OVMF / anaconda / anaconda-core / anaconda-dracut / etc (VZA-2019-013)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0188.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * The kernel-rt packages have been upgraded to the 3.10.0-957.5.1 source tree, which provides a number of bug fixes over the previous version. (BZ# 1653822) * Under certain circumstances, the following warning message, which indicated a SCHED_DEADLINE bandwidth tracking mechanism error, occurred : WARNING: CPU: 8 PID: 19536 at kernel/sched/deadline.c:64 dequeue_task_dl+0x121/ 0x140 This update fixes the sched_setscheduler() core kernel function, and backports multiple upstream patches to the SCHED_DEADLINE scheduler. As a result, the SCHED_DEADLINE bandwidth tracking mechanism is prevented from error conditions, and the warning message no longer occurs. (BZ#1655439)
    last seen2020-03-18
    modified2019-01-30
    plugin id121450
    published2019-01-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121450
    titleRHEL 7 : kernel-rt (RHSA-2019:0188)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1190.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A flaw was found in the implementation of the
    last seen2020-06-01
    modified2020-06-02
    plugin id125192
    published2019-05-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125192
    titleRHEL 6 : MRG (RHSA-2019:1190) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-4159.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Out-of-bounds heap access in xfrm (CVE-2017-7184) * kernel: Exploitable memory corruption due to UFO to non-UFO path switch (CVE-2017-1000112) * kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068) * kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405) * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * Kernel: page cache side channel attacks (CVE-2019-5489) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * IPv6 UDP inconsistent usage of UFO and HW checksums (BZ#1773816) * UDPv6 packets badly fragmented when ESP in use on devices supporting UFO (BZ#1774503)
    last seen2020-06-01
    modified2020-06-02
    plugin id131980
    published2019-12-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131980
    titleRHEL 7 : kernel (RHSA-2019:4159)

Redhat

advisories
  • bugzilla
    id1641878
    titleCVE-2018-18559 kernel: Use-after-free due to race condition in AF_PACKET implementation
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • commentkernel earlier than 0:3.10.0-957.5.1.el7 is currently running
          ovaloval:com.redhat.rhsa:tst:20190163033
        • commentkernel earlier than 0:3.10.0-957.5.1.el7 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20190163034
      • OR
        • AND
          • commentkernel-tools-libs-devel is earlier than 0:3.10.0-957.5.1.el7
            ovaloval:com.redhat.rhsa:tst:20190163001
          • commentkernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678022
        • AND
          • commentkernel-doc is earlier than 0:3.10.0-957.5.1.el7
            ovaloval:com.redhat.rhsa:tst:20190163003
          • commentkernel-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842002
        • AND
          • commentkernel-abi-whitelists is earlier than 0:3.10.0-957.5.1.el7
            ovaloval:com.redhat.rhsa:tst:20190163005
          • commentkernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131645022
        • AND
          • commentbpftool is earlier than 0:3.10.0-957.5.1.el7
            ovaloval:com.redhat.rhsa:tst:20190163007
          • commentbpftool is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183083026
        • AND
          • commentkernel-tools-libs is earlier than 0:3.10.0-957.5.1.el7
            ovaloval:com.redhat.rhsa:tst:20190163009
          • commentkernel-tools-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678016
        • AND
          • commentkernel is earlier than 0:3.10.0-957.5.1.el7
            ovaloval:com.redhat.rhsa:tst:20190163011
          • commentkernel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842012
        • AND
          • commentkernel-debug-devel is earlier than 0:3.10.0-957.5.1.el7
            ovaloval:com.redhat.rhsa:tst:20190163013
          • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842008
        • AND
          • commentpython-perf is earlier than 0:3.10.0-957.5.1.el7
            ovaloval:com.redhat.rhsa:tst:20190163015
          • commentpython-perf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111530024
        • AND
          • commentkernel-debug is earlier than 0:3.10.0-957.5.1.el7
            ovaloval:com.redhat.rhsa:tst:20190163017
          • commentkernel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842014
        • AND
          • commentkernel-headers is earlier than 0:3.10.0-957.5.1.el7
            ovaloval:com.redhat.rhsa:tst:20190163019
          • commentkernel-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842010
        • AND
          • commentkernel-devel is earlier than 0:3.10.0-957.5.1.el7
            ovaloval:com.redhat.rhsa:tst:20190163021
          • commentkernel-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842016
        • AND
          • commentkernel-tools is earlier than 0:3.10.0-957.5.1.el7
            ovaloval:com.redhat.rhsa:tst:20190163023
          • commentkernel-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678012
        • AND
          • commentperf is earlier than 0:3.10.0-957.5.1.el7
            ovaloval:com.redhat.rhsa:tst:20190163025
          • commentperf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842006
        • AND
          • commentkernel-kdump-devel is earlier than 0:3.10.0-957.5.1.el7
            ovaloval:com.redhat.rhsa:tst:20190163027
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842022
        • AND
          • commentkernel-kdump is earlier than 0:3.10.0-957.5.1.el7
            ovaloval:com.redhat.rhsa:tst:20190163029
          • commentkernel-kdump is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842020
        • AND
          • commentkernel-bootwrapper is earlier than 0:3.10.0-957.5.1.el7
            ovaloval:com.redhat.rhsa:tst:20190163031
          • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842018
    rhsa
    idRHSA-2019:0163
    released2019-01-29
    severityImportant
    titleRHSA-2019:0163: kernel security, bug fix, and enhancement update (Important)
  • bugzilla
    id1641878
    titleCVE-2018-18559 kernel: Use-after-free due to race condition in AF_PACKET implementation
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentkernel-rt is earlier than 0:3.10.0-957.5.1.rt56.916.el7
            ovaloval:com.redhat.rhsa:tst:20190188001
          • commentkernel-rt is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727006
        • AND
          • commentkernel-rt-debug is earlier than 0:3.10.0-957.5.1.rt56.916.el7
            ovaloval:com.redhat.rhsa:tst:20190188003
          • commentkernel-rt-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727014
        • AND
          • commentkernel-rt-trace-devel is earlier than 0:3.10.0-957.5.1.rt56.916.el7
            ovaloval:com.redhat.rhsa:tst:20190188005
          • commentkernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727004
        • AND
          • commentkernel-rt-trace is earlier than 0:3.10.0-957.5.1.rt56.916.el7
            ovaloval:com.redhat.rhsa:tst:20190188007
          • commentkernel-rt-trace is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727008
        • AND
          • commentkernel-rt-devel is earlier than 0:3.10.0-957.5.1.rt56.916.el7
            ovaloval:com.redhat.rhsa:tst:20190188009
          • commentkernel-rt-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727012
        • AND
          • commentkernel-rt-debug-devel is earlier than 0:3.10.0-957.5.1.rt56.916.el7
            ovaloval:com.redhat.rhsa:tst:20190188011
          • commentkernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727010
        • AND
          • commentkernel-rt-doc is earlier than 0:3.10.0-957.5.1.rt56.916.el7
            ovaloval:com.redhat.rhsa:tst:20190188013
          • commentkernel-rt-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727002
        • AND
          • commentkernel-rt-trace-kvm is earlier than 0:3.10.0-957.5.1.rt56.916.el7
            ovaloval:com.redhat.rhsa:tst:20190188015
          • commentkernel-rt-trace-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212016
        • AND
          • commentkernel-rt-debug-kvm is earlier than 0:3.10.0-957.5.1.rt56.916.el7
            ovaloval:com.redhat.rhsa:tst:20190188017
          • commentkernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212020
        • AND
          • commentkernel-rt-kvm is earlier than 0:3.10.0-957.5.1.rt56.916.el7
            ovaloval:com.redhat.rhsa:tst:20190188019
          • commentkernel-rt-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212018
    rhsa
    idRHSA-2019:0188
    released2019-01-29
    severityImportant
    titleRHSA-2019:0188: kernel-rt security and bug fix update (Important)
  • rhsa
    idRHBA-2019:0327
  • rhsa
    idRHSA-2019:1170
  • rhsa
    idRHSA-2019:1190
  • rhsa
    idRHSA-2019:3967
  • rhsa
    idRHSA-2019:4159
  • rhsa
    idRHSA-2020:0174
rpms
  • bpftool-0:3.10.0-957.5.1.el7
  • kernel-0:3.10.0-957.5.1.el7
  • kernel-abi-whitelists-0:3.10.0-957.5.1.el7
  • kernel-bootwrapper-0:3.10.0-957.5.1.el7
  • kernel-debug-0:3.10.0-957.5.1.el7
  • kernel-debug-debuginfo-0:3.10.0-957.5.1.el7
  • kernel-debug-devel-0:3.10.0-957.5.1.el7
  • kernel-debuginfo-0:3.10.0-957.5.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-957.5.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-957.5.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-957.5.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-957.5.1.el7
  • kernel-devel-0:3.10.0-957.5.1.el7
  • kernel-doc-0:3.10.0-957.5.1.el7
  • kernel-headers-0:3.10.0-957.5.1.el7
  • kernel-kdump-0:3.10.0-957.5.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-957.5.1.el7
  • kernel-kdump-devel-0:3.10.0-957.5.1.el7
  • kernel-tools-0:3.10.0-957.5.1.el7
  • kernel-tools-debuginfo-0:3.10.0-957.5.1.el7
  • kernel-tools-libs-0:3.10.0-957.5.1.el7
  • kernel-tools-libs-devel-0:3.10.0-957.5.1.el7
  • perf-0:3.10.0-957.5.1.el7
  • perf-debuginfo-0:3.10.0-957.5.1.el7
  • python-perf-0:3.10.0-957.5.1.el7
  • python-perf-debuginfo-0:3.10.0-957.5.1.el7
  • kernel-rt-0:3.10.0-957.5.1.rt56.916.el7
  • kernel-rt-debug-0:3.10.0-957.5.1.rt56.916.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-957.5.1.rt56.916.el7
  • kernel-rt-debug-devel-0:3.10.0-957.5.1.rt56.916.el7
  • kernel-rt-debug-kvm-0:3.10.0-957.5.1.rt56.916.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-957.5.1.rt56.916.el7
  • kernel-rt-debuginfo-0:3.10.0-957.5.1.rt56.916.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-957.5.1.rt56.916.el7
  • kernel-rt-devel-0:3.10.0-957.5.1.rt56.916.el7
  • kernel-rt-doc-0:3.10.0-957.5.1.rt56.916.el7
  • kernel-rt-kvm-0:3.10.0-957.5.1.rt56.916.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-957.5.1.rt56.916.el7
  • kernel-rt-trace-0:3.10.0-957.5.1.rt56.916.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-957.5.1.rt56.916.el7
  • kernel-rt-trace-devel-0:3.10.0-957.5.1.rt56.916.el7
  • kernel-rt-trace-kvm-0:3.10.0-957.5.1.rt56.916.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-957.5.1.rt56.916.el7
  • kernel-0:3.10.0-693.47.2.el7
  • kernel-abi-whitelists-0:3.10.0-693.47.2.el7
  • kernel-bootwrapper-0:3.10.0-693.47.2.el7
  • kernel-debug-0:3.10.0-693.47.2.el7
  • kernel-debug-debuginfo-0:3.10.0-693.47.2.el7
  • kernel-debug-devel-0:3.10.0-693.47.2.el7
  • kernel-debuginfo-0:3.10.0-693.47.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-693.47.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-693.47.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-693.47.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-693.47.2.el7
  • kernel-devel-0:3.10.0-693.47.2.el7
  • kernel-doc-0:3.10.0-693.47.2.el7
  • kernel-headers-0:3.10.0-693.47.2.el7
  • kernel-kdump-0:3.10.0-693.47.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-693.47.2.el7
  • kernel-kdump-devel-0:3.10.0-693.47.2.el7
  • kernel-tools-0:3.10.0-693.47.2.el7
  • kernel-tools-debuginfo-0:3.10.0-693.47.2.el7
  • kernel-tools-libs-0:3.10.0-693.47.2.el7
  • kernel-tools-libs-devel-0:3.10.0-693.47.2.el7
  • perf-0:3.10.0-693.47.2.el7
  • perf-debuginfo-0:3.10.0-693.47.2.el7
  • python-perf-0:3.10.0-693.47.2.el7
  • python-perf-debuginfo-0:3.10.0-693.47.2.el7
  • kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt
  • kernel-rt-debug-1:3.10.0-693.47.2.rt56.641.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt
  • kernel-rt-debug-devel-1:3.10.0-693.47.2.rt56.641.el6rt
  • kernel-rt-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.47.2.rt56.641.el6rt
  • kernel-rt-devel-1:3.10.0-693.47.2.rt56.641.el6rt
  • kernel-rt-doc-1:3.10.0-693.47.2.rt56.641.el6rt
  • kernel-rt-firmware-1:3.10.0-693.47.2.rt56.641.el6rt
  • kernel-rt-trace-1:3.10.0-693.47.2.rt56.641.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt
  • kernel-rt-trace-devel-1:3.10.0-693.47.2.rt56.641.el6rt
  • kernel-rt-vanilla-1:3.10.0-693.47.2.rt56.641.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-693.47.2.rt56.641.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-693.47.2.rt56.641.el6rt
  • kernel-0:3.10.0-862.44.2.el7
  • kernel-abi-whitelists-0:3.10.0-862.44.2.el7
  • kernel-bootwrapper-0:3.10.0-862.44.2.el7
  • kernel-debug-0:3.10.0-862.44.2.el7
  • kernel-debug-debuginfo-0:3.10.0-862.44.2.el7
  • kernel-debug-devel-0:3.10.0-862.44.2.el7
  • kernel-debuginfo-0:3.10.0-862.44.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-862.44.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-862.44.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-862.44.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-862.44.2.el7
  • kernel-devel-0:3.10.0-862.44.2.el7
  • kernel-doc-0:3.10.0-862.44.2.el7
  • kernel-headers-0:3.10.0-862.44.2.el7
  • kernel-kdump-0:3.10.0-862.44.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-862.44.2.el7
  • kernel-kdump-devel-0:3.10.0-862.44.2.el7
  • kernel-tools-0:3.10.0-862.44.2.el7
  • kernel-tools-debuginfo-0:3.10.0-862.44.2.el7
  • kernel-tools-libs-0:3.10.0-862.44.2.el7
  • kernel-tools-libs-devel-0:3.10.0-862.44.2.el7
  • perf-0:3.10.0-862.44.2.el7
  • perf-debuginfo-0:3.10.0-862.44.2.el7
  • python-perf-0:3.10.0-862.44.2.el7
  • python-perf-debuginfo-0:3.10.0-862.44.2.el7
  • kernel-0:3.10.0-514.71.1.el7
  • kernel-abi-whitelists-0:3.10.0-514.71.1.el7
  • kernel-bootwrapper-0:3.10.0-514.71.1.el7
  • kernel-debug-0:3.10.0-514.71.1.el7
  • kernel-debug-debuginfo-0:3.10.0-514.71.1.el7
  • kernel-debug-devel-0:3.10.0-514.71.1.el7
  • kernel-debuginfo-0:3.10.0-514.71.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-514.71.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-514.71.1.el7
  • kernel-devel-0:3.10.0-514.71.1.el7
  • kernel-doc-0:3.10.0-514.71.1.el7
  • kernel-headers-0:3.10.0-514.71.1.el7
  • kernel-tools-0:3.10.0-514.71.1.el7
  • kernel-tools-debuginfo-0:3.10.0-514.71.1.el7
  • kernel-tools-libs-0:3.10.0-514.71.1.el7
  • kernel-tools-libs-devel-0:3.10.0-514.71.1.el7
  • perf-0:3.10.0-514.71.1.el7
  • perf-debuginfo-0:3.10.0-514.71.1.el7
  • python-perf-0:3.10.0-514.71.1.el7
  • python-perf-debuginfo-0:3.10.0-514.71.1.el7
  • kernel-0:4.14.0-115.17.1.el7a
  • kernel-abi-whitelists-0:4.14.0-115.17.1.el7a
  • kernel-bootwrapper-0:4.14.0-115.17.1.el7a
  • kernel-debug-0:4.14.0-115.17.1.el7a
  • kernel-debug-debuginfo-0:4.14.0-115.17.1.el7a
  • kernel-debug-devel-0:4.14.0-115.17.1.el7a
  • kernel-debuginfo-0:4.14.0-115.17.1.el7a
  • kernel-debuginfo-common-aarch64-0:4.14.0-115.17.1.el7a
  • kernel-debuginfo-common-ppc64le-0:4.14.0-115.17.1.el7a
  • kernel-debuginfo-common-s390x-0:4.14.0-115.17.1.el7a
  • kernel-devel-0:4.14.0-115.17.1.el7a
  • kernel-doc-0:4.14.0-115.17.1.el7a
  • kernel-headers-0:4.14.0-115.17.1.el7a
  • kernel-kdump-0:4.14.0-115.17.1.el7a
  • kernel-kdump-debuginfo-0:4.14.0-115.17.1.el7a
  • kernel-kdump-devel-0:4.14.0-115.17.1.el7a
  • kernel-tools-0:4.14.0-115.17.1.el7a
  • kernel-tools-debuginfo-0:4.14.0-115.17.1.el7a
  • kernel-tools-libs-0:4.14.0-115.17.1.el7a
  • kernel-tools-libs-devel-0:4.14.0-115.17.1.el7a
  • perf-0:4.14.0-115.17.1.el7a
  • perf-debuginfo-0:4.14.0-115.17.1.el7a
  • python-perf-0:4.14.0-115.17.1.el7a
  • python-perf-debuginfo-0:4.14.0-115.17.1.el7a