Vulnerabilities > CVE-2018-20669 - Improper Input Validation vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linux
canonical
netapp
CWE-20
nessus

Summary

An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.

Vulnerable Configurations

Part Description Count
OS
Linux
3442
OS
Canonical
3
OS
Netapp
1
Application
Netapp
3
Hardware
Netapp
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0765-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971). CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (
    last seen2020-06-01
    modified2020-06-02
    plugin id123413
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123413
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0765-1) (Spectre)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:0765-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123413);
      script_version("1.7");
      script_cvs_date("Date: 2020/01/27");
    
      script_cve_id("CVE-2017-5753", "CVE-2018-20669", "CVE-2019-2024", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3819", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-7308", "CVE-2019-8912", "CVE-2019-8980", "CVE-2019-9213");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0765-1) (Spectre)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915
    driver were fixed which might have lead to information leaks.
    (bnc#1122971).
    
    CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two
    remote information leak vulnerabilities in the code that handles
    incoming L2cap configuration packets (bsc#1120758).
    
    CVE-2019-3819: A flaw was found in the function
    hid_debug_events_read() in drivers/hid/hid-debug.c file which may
    enter an infinite loop with certain parameters passed from a
    userspace. A local privileged user ('root') can cause a system lock up
    and a denial of service. (bnc#1123161).
    
    CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c
    mishandled reference counting because of a race condition, leading to
    a use-after-free (bnc#1124728 ).
    
    CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM
    hypervisor related to the emulation of a preemption timer, allowing an
    guest user/process to crash the host kernel. (bsc#1124732).
    
    CVE-2019-7222: Fixed an information leakage in the KVM hypervisor
    related to handling page fault exceptions, which allowed a guest
    user/process to use this flaw to leak the host's stack memory contents
    to a guest (bsc#1124735).
    
    CVE-2019-7308: kernel/bpf/verifier.c performed undesirable
    out-of-bounds speculation on pointer arithmetic in various cases,
    including cases of different branches with different state or limits
    to sanitize, leading to side-channel attacks (bnc#1124055).
    
    CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a
    NULL value for a certain structure member, which leads to a
    use-after-free in sockfs_setattr (bnc#1125907).
    
    CVE-2019-8980: A memory leak in the kernel_read_file function in
    fs/exec.c allowed attackers to cause a denial of service (memory
    consumption) by triggering vfs_read failures (bnc#1126209).
    
    CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the
    mmap minimum address, which made it easier for attackers to exploit
    kernel NULL pointer dereferences on non-SMAP platforms. This is
    related to a capability check for the wrong task (bnc#1128166).
    
    CVE-2019-2024: A use-after-free when disconnecting a source was fixed
    which could lead to crashes. bnc#1129179).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046305"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046306"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050252"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050549"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054610"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055121"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056658"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056662"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056787"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060463"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063638"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1068032"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1070995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1071995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1074562"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1074578"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1074701"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1075006"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1075419"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1075748"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1078355"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1080039"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1082943"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083548"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1084216"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086095"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086282"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086301"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086313"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086323"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1087082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1087084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1087092"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1087939"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1088133"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1094555"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098425"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1102055"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1103429"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104353"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107078"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107665"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108870"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110096"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110705"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111666"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113712"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113769"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113939"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114585"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117108"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117155"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117947"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1118338"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119019"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119086"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119766"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120008"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120601"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120758"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120854"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120909"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120955"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1121317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1121726"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1121789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1121805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122019"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122159"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122292"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122324"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122554"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122662"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122764"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122779"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122822"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122885"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122927"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122944"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122971"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123060"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123061"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123161"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123357"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123456"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123538"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123697"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123933"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124055"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124204"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124235"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124579"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124589"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124732"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124735"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124969"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124974"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124975"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124976"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124978"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124979"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124980"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124981"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124984"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124985"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125109"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125125"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125252"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125315"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125614"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125780"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125797"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125799"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125800"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125907"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125947"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126131"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126209"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126389"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126393"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126476"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126480"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126481"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126488"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126495"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126555"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126579"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126804"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126807"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127062"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127154"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127285"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127286"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127307"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127363"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127493"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127494"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127495"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127496"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127497"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127498"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127534"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127561"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127567"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127595"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127603"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127682"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127731"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127750"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127836"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127961"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128094"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128166"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128351"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128451"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128895"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129046"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129080"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129163"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129179"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129181"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129182"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129183"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129184"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129205"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129281"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129284"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129285"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129292"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129293"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129294"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129295"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129296"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129326"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129327"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129330"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129363"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129366"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129497"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129519"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129543"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129547"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129551"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129581"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129625"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129664"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129923"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=807502"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=824948"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=828192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=925178"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-5753/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-20669/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2024/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-3459/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-3460/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-3819/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-6974/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-7221/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-7222/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-7308/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-8912/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-8980/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9213/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20190765-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7176d9bd"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch
    SUSE-SLE-WE-12-SP4-2019-765=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t
    patch SUSE-SLE-SDK-12-SP4-2019-765=1
    
    SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
    SUSE-SLE-SERVER-12-SP4-2019-765=1
    
    SUSE Linux Enterprise Live Patching 12-SP4:zypper in -t patch
    SUSE-SLE-Live-Patching-12-SP4-2019-765=1
    
    SUSE Linux Enterprise High Availability 12-SP4:zypper in -t patch
    SUSE-SLE-HA-12-SP4-2019-765=1
    
    SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP4-2019-765=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8912");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-default-devel-debuginfo-4.12.14-95.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"s390x", reference:"kernel-default-man-4.12.14-95.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"kernel-default-4.12.14-95.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"kernel-default-base-4.12.14-95.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"kernel-default-base-debuginfo-4.12.14-95.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"kernel-default-debuginfo-4.12.14-95.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"kernel-default-debugsource-4.12.14-95.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"kernel-default-devel-4.12.14-95.13.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"kernel-syms-4.12.14-95.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"kernel-default-4.12.14-95.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"kernel-default-debuginfo-4.12.14-95.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"kernel-default-debugsource-4.12.14-95.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"kernel-default-devel-4.12.14-95.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"kernel-default-devel-debuginfo-4.12.14-95.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"kernel-default-extra-4.12.14-95.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"kernel-default-extra-debuginfo-4.12.14-95.13.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"kernel-syms-4.12.14-95.13.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0784-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). CVE-2019-9213: expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (
    last seen2020-06-01
    modified2020-06-02
    plugin id123496
    published2019-03-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123496
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0784-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:0784-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123496);
      script_version("1.6");
      script_cvs_date("Date: 2020/01/27");
    
      script_cve_id("CVE-2018-20669", "CVE-2019-2024", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3819", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-7308", "CVE-2019-8912", "CVE-2019-8980", "CVE-2019-9213");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0784-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 15 kernel was updated to receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2019-2024: A use-after-free when disconnecting a source was fixed
    which could lead to crashes. bnc#1129179).
    
    CVE-2019-9213: expand_downwards in mm/mmap.c lacks a check for the
    mmap minimum address, which made it easier for attackers to exploit
    kernel NULL pointer dereferences on non-SMAP platforms. This is
    related to a capability check for the wrong task (bnc#1128166).
    
    CVE-2019-8980: A memory leak in the kernel_read_file function in
    fs/exec.c allowed attackers to cause a denial of service (memory
    consumption) by triggering vfs_read failures (bnc#1126209).
    
    CVE-2019-3819: A flaw was found in the function
    hid_debug_events_read() in drivers/hid/hid-debug.c file which may
    enter an infinite loop with certain parameters passed from a
    userspace. A local privileged user ('root') can cause a system lock up
    and a denial of service. Versions from v4.18 and newer are vulnerable
    (bnc#1123161).
    
    CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a
    NULL value for a certain structure member, which leads to a
    use-after-free in sockfs_setattr (bnc#1125907).
    
    CVE-2019-7308: kernel/bpf/verifier.c performed undesirable
    out-of-bounds speculation on pointer arithmetic in various cases,
    including cases of different branches with different state or limits
    to sanitize, leading to side-channel attacks (bnc#1124055).
    
    CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two
    remote information leak vulnerabilities in the code that handles
    incoming L2cap configuration packets (bsc#1120758).
    
    CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM
    hypervisor related to the emulation of a preemption timer, allowing an
    guest user/process to crash the host kernel. (bsc#1124732).
    
    CVE-2019-7222: Fixed an information leakage in the KVM hypervisor
    related to handling page fault exceptions, which allowed a guest
    user/process to use this flaw to leak the host's stack memory contents
    to a guest (bsc#1124735).
    
    CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c
    mishandled reference counting because of a race condition, leading to
    a use-after-free (bnc#1124728).
    
    CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915
    driver were fixed which might have lead to information leaks.
    (bnc#1122971).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046305"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046306"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050252"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050549"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054610"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055121"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056658"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056662"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056787"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060463"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063638"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1070995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1071995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1078355"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1082943"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083548"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1084216"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086095"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086282"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086301"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086313"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086323"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1087082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1087092"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1088133"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1094555"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098425"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1103429"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104353"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107078"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107665"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108870"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110096"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110705"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111666"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113712"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113939"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114585"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117108"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117155"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1118338"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119019"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119086"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119766"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120008"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120601"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120758"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120854"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120909"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120955"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1121317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1121726"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1121789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1121805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122019"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122324"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122554"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122662"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122764"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122779"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122822"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122885"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122927"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122944"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122971"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123060"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123061"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123161"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123357"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123456"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123538"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123697"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123933"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124055"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124204"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124235"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124579"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124589"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124732"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124735"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124969"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124974"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124975"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124976"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124978"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124979"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124980"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124981"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124984"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124985"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125109"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125125"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125252"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125315"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125614"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125780"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125797"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125799"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125800"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125907"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125947"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126131"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126209"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126389"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126393"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126476"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126480"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126481"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126488"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126495"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126555"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126579"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126804"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126807"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127062"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127154"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127285"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127286"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127307"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127363"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127493"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127494"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127495"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127496"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127497"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127498"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127534"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127561"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127567"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127595"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127603"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127682"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127731"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127750"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127836"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127961"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128094"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128166"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128351"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128451"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128895"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129046"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129080"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129163"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129179"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129181"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129182"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129183"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129184"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129205"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129281"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129284"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129285"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129292"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129293"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129294"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129295"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129296"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129326"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129327"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129330"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129363"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129366"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129497"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129519"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129543"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129547"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129551"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129581"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129625"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129664"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129923"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=824948"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-20669/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2024/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-3459/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-3460/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-3819/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-6974/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-7221/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-7222/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-7308/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-8912/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-8980/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9213/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20190784-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c8e3e6e7"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 15:zypper in -t patch
    SUSE-SLE-Product-WE-15-2019-784=1
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-2019-784=1
    
    SUSE Linux Enterprise Module for Live Patching 15:zypper in -t patch
    SUSE-SLE-Module-Live-Patching-15-2019-784=1
    
    SUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch
    SUSE-SLE-Module-Legacy-15-2019-784=1
    
    SUSE Linux Enterprise Module for Development Tools 15:zypper in -t
    patch SUSE-SLE-Module-Development-Tools-15-2019-784=1
    
    SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-2019-784=1
    
    SUSE Linux Enterprise High Availability 15:zypper in -t patch
    SUSE-SLE-Product-HA-15-2019-784=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8912");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-default-man-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-base-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-base-debuginfo-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-qa-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kselftests-kmp-default-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kselftests-kmp-default-debuginfo-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"reiserfs-kmp-default-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"reiserfs-kmp-default-debuginfo-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-build-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-build-debugsource-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-syms-4.12.14-150.14.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-base-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-base-debuginfo-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-debuginfo-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-debugsource-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-base-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-devel-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-devel-debuginfo-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-default-man-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-base-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-base-debuginfo-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-qa-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kselftests-kmp-default-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kselftests-kmp-default-debuginfo-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-build-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-build-debugsource-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-syms-4.12.14-150.14.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-base-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-base-debuginfo-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-debuginfo-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-debugsource-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-base-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-devel-4.12.14-150.14.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-devel-debuginfo-4.12.14-150.14.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0767-1.NASL
    descriptionThe SUSE Linux Enterprise Server 12 SP4 Azure kernel was updated to fix various issues. The following security bugs were fixed : CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166 1128378 1129016). CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (
    last seen2020-06-01
    modified2020-06-02
    plugin id123445
    published2019-03-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123445
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:0767-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:0767-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123445);
      script_version("1.6");
      script_cvs_date("Date: 2020/01/27");
    
      script_cve_id("CVE-2018-20669", "CVE-2019-2024", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3819", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-7308", "CVE-2019-8912", "CVE-2019-8980", "CVE-2019-9213");
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0767-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise Server 12 SP4 Azure kernel was updated to
    fix various issues.
    
    The following security bugs were fixed :
    
    CVE-2019-2024: A use-after-free when disconnecting a source was fixed
    which could lead to crashes. bnc#1129179).
    
    CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the
    mmap minimum address, which made it easier for attackers to exploit
    kernel NULL pointer dereferences on non-SMAP platforms. This is
    related to a capability check for the wrong task (bnc#1128166 1128378
    1129016).
    
    CVE-2019-8980: A memory leak in the kernel_read_file function in
    fs/exec.c allowed attackers to cause a denial of service (memory
    consumption) by triggering vfs_read failures (bnc#1126209).
    
    CVE-2019-3819: A flaw was found in the function
    hid_debug_events_read() in drivers/hid/hid-debug.c file which may
    enter an infinite loop with certain parameters passed from a
    userspace. A local privileged user ('root') can cause a system lock up
    and a denial of service. (bnc#1123161).
    
    CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a
    NULL value for a certain structure member, which led to a
    use-after-free in sockfs_setattr (bnc#1125907 1126284).
    
    CVE-2019-7308: kernel/bpf/verifier.c performed undesirable
    out-of-bounds speculation on pointer arithmetic in various cases,
    including cases of different branches with different state or limits
    to sanitize, leading to side-channel attacks (bnc#1124055).
    
    CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two
    remote information leak vulnerabilities in the code that handles
    incoming L2cap configuration packets (bsc#1120758).
    
    CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM
    hypervisor related to the emulation of a preemption timer, allowing an
    guest user/process to crash the host kernel. (bsc#1124732).
    
    CVE-2019-7222: Fixed an information leakage in the KVM hypervisor
    related to handling page fault exceptions, which allowed a guest
    user/process to use this flaw to leak the host's stack memory contents
    to a guest (bsc#1124735).
    
    CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c
    mishandled reference counting because of a race condition, leading to
    a use-after-free (bnc#1124728).
    
    CVE-2018-20669: An issue where a provided address with access_ok() is
    not checked was discovered in i915_gem_execbuffer2_ioctl in
    drivers/gpu/drm/i915/i915_gem_execbuffer.c where a local attacker can
    craft a malicious IOCTL function call to overwrite arbitrary kernel
    memory, resulting in a Denial of Service or privilege escalation
    (bnc#1122971).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046305"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046306"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050252"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050549"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054610"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055121"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056658"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056662"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056787"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060463"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063638"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1070995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1071995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1078355"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1082943"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083548"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1084216"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086095"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086282"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086301"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086313"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086323"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1087082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1087092"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1088133"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1094555"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098425"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1103429"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104353"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107078"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107665"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108870"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110096"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110705"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111666"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113712"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113939"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114585"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117108"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117155"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117947"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1118338"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119019"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119086"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119766"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120008"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120601"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120758"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120854"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120909"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120955"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1121317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1121726"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1121789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1121805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122159"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122324"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122554"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122662"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122764"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122779"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122822"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122885"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122927"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122944"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122971"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123060"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123061"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123161"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123357"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123456"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123538"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123697"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123933"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124055"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124204"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124235"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124579"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124589"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124732"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124735"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124969"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124974"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124975"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124976"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124978"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124979"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124980"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124981"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124984"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124985"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125109"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125125"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125252"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125315"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125614"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125780"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125797"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125799"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125800"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125907"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125947"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126131"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126209"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126284"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126389"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126393"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126476"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126480"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126481"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126488"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126495"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126555"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126579"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126789"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126804"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126807"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127062"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127081"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127154"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127285"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127286"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127307"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127363"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127493"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127494"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127495"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127496"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127497"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127498"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127534"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127561"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127567"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127577"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127595"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127603"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127682"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127731"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127750"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127836"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127961"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128094"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128166"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128351"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128378"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128451"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128895"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129016"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129046"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129080"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129163"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129179"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129181"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129182"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129183"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129184"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129205"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129281"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129284"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129285"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129292"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129293"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129294"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129295"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129296"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129326"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129327"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129330"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129363"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129366"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129497"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129519"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129543"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129547"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129551"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129581"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129625"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129664"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129923"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=807502"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=828192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-20669/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2024/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-3459/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-3460/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-3819/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-6974/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-7221/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-7222/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-7308/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-8912/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-8980/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9213/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20190767-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?542ed9f0"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
    SUSE-SLE-SERVER-12-SP4-2019-767=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8912");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms-azure");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-4.12.14-6.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-base-4.12.14-6.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-base-debuginfo-4.12.14-6.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-debuginfo-4.12.14-6.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-debugsource-4.12.14-6.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-devel-4.12.14-6.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-syms-azure-4.12.14-6.9.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1503.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash), or possibly have unspecified other impacts via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c.(CVE-2017-16530i1/4%0 - The implementation of big key management in security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type.(CVE-2016-9313i1/4%0 - The Linux kernel allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. This may create a kernel panic or memory corruption leading to privilege escalation.(CVE-2016-10229i1/4%0 - Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write operation.(CVE-2013-4512i1/4%0 - It was found that unsharing a mount namespace could allow a user to see data beneath their restricted namespace.(CVE-2014-9717i1/4%0 - A divide-by-zero flaw was discovered in the Linux kernel built with KVM virtualization support(CONFIG_KVM). The flaw occurs in the KVM module
    last seen2020-03-19
    modified2019-05-13
    plugin id124826
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124826
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1503)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124826);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2013-2890",
        "CVE-2013-4512",
        "CVE-2014-0181",
        "CVE-2014-1444",
        "CVE-2014-9717",
        "CVE-2014-9870",
        "CVE-2015-7513",
        "CVE-2015-8967",
        "CVE-2016-10229",
        "CVE-2016-3689",
        "CVE-2016-8658",
        "CVE-2016-9313",
        "CVE-2017-15537",
        "CVE-2017-16530",
        "CVE-2017-5549",
        "CVE-2018-13094",
        "CVE-2018-19407",
        "CVE-2018-20669",
        "CVE-2018-6555",
        "CVE-2018-7273"
      );
      script_bugtraq_id(
        62055,
        63510,
        64952,
        67034,
        74226
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1503)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - The uas driver in the Linux kernel before 4.13.6 allows
        local users to cause a denial of service (out-of-bounds
        read and system crash), or possibly have unspecified
        other impacts via a crafted USB device, related to
        drivers/usb/storage/uas-detect.h and
        drivers/usb/storage/uas.c.(CVE-2017-16530i1/4%0
    
      - The implementation of big key management in
        security/keys/big_key.c in the Linux kernel before
        4.8.7 mishandles unsuccessful crypto registration in
        conjunction with successful key-type registration,
        which allows local users to cause a denial of service
        (NULL pointer dereference and panic) or possibly have
        unspecified other impact via a crafted application that
        uses the big_key data type.(CVE-2016-9313i1/4%0
    
      - The Linux kernel allows remote attackers to execute
        arbitrary code via UDP traffic that triggers an unsafe
        second checksum calculation during execution of a recv
        system call with the MSG_PEEK flag. This may create a
        kernel panic or memory corruption leading to privilege
        escalation.(CVE-2016-10229i1/4%0
    
      - Buffer overflow in the exitcode_proc_write function in
        arch/um/kernel/exitcode.c in the Linux kernel before
        3.12 allows local users to cause a denial of service or
        possibly have unspecified other impact by leveraging
        root privileges for a write operation.(CVE-2013-4512i1/4%0
    
      - It was found that unsharing a mount namespace could
        allow a user to see data beneath their restricted
        namespace.(CVE-2014-9717i1/4%0
    
      - A divide-by-zero flaw was discovered in the Linux
        kernel built with KVM virtualization
        support(CONFIG_KVM). The flaw occurs in the KVM
        module's Programmable Interval Timer(PIT) emulation,
        when PIT counters for channel 1 or 2 are set to zero(0)
        and a privileged user inside the guest attempts to read
        these counters. A privileged guest user with access to
        PIT I/O ports could exploit this issue to crash the
        host kernel (denial of service).(CVE-2015-7513i1/4%0
    
      - The ims_pcu_parse_cdc_data function in
        drivers/input/misc/ims-pcu.c in the Linux kernel before
        4.5.1 allows physically proximate attackers to cause a
        denial of service (system crash) via a USB device
        without both a master and a slave
        interface.(CVE-2016-3689i1/4%0
    
      - Stack-based buffer overflow in the
        brcmf_cfg80211_start_ap() function in
        'drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80
        211.c' in the Linux kernel before 4.7.5 allows local
        users to cause a denial of service (system crash) or
        possibly have unspecified other impact via a long SSID
        Information Element in a command to a Netlink
        socket.(CVE-2016-8658i1/4%0
    
      - drivers/hid/hid-sony.c in the Human Interface Device
        (HID) subsystem in the Linux kernel through 3.11, when
        CONFIG_HID_SONY is enabled, allows physically proximate
        attackers to cause a denial of service (heap-based
        out-of-bounds write) via a crafted
        device.(CVE-2013-2890i1/4%0
    
      - An issue where a provided address with access_ok() is
        not checked was discovered in
        i915_gem_execbuffer2_ioctl in
        drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux
        kernel through 4.19.13. A local attacker can craft a
        malicious IOCTL function call to overwrite arbitrary
        kernel memory, resulting in a Denial of Service or
        privilege escalation.(CVE-2018-20669i1/4%0
    
      - It was found that the permission checks performed by
        the Linux kernel when a netlink message was received
        were not sufficient. A local, unprivileged user could
        potentially bypass these restrictions by passing a
        netlink socket as stdout or stderr to a more privileged
        process and altering the output of this
        process.(CVE-2014-0181i1/4%0
    
      - An issue was discovered in the XFS filesystem in
        fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A
        NULL pointer dereference may occur for a corrupted xfs
        image after xfs_da_shrink_inode() is called with a NULL
        bp. This can lead to a system crash and a denial of
        service.(CVE-2018-13094i1/4%0
    
      - The irda_setsockopt function in net/irda/af_irda.c in
        the Linux kernel, through 4.16, allows local users to
        cause a denial of service (due to a use-after-free of
        the ias_object and a system crash) or possibly have
        unspecified other impact by leveraging an AF_IRDA
        socket.(CVE-2018-6555i1/4%0
    
      - The x86/fpu (Floating Point Unit) subsystem in the
        Linux kernel, when a processor supports the xsave
        feature but not the xsaves feature, does not correctly
        handle attempts to set reserved bits in the xstate
        header via the ptrace() or rt_sigreturn() system call.
        This allows local users to read the FPU registers of
        other processes on the system, related to
        arch/x86/kernel/fpu/regset.c and
        arch/x86/kernel/fpu/signal.c.(CVE-2017-15537i1/4%0
    
      - The fst_get_iface function in drivers/net/wan/farsync.c
        in the Linux kernel before 3.11.7 does not properly
        initialize a certain data structure, which allows local
        users to obtain sensitive information from kernel
        memory by leveraging the CAP_NET_ADMIN capability for
        an SIOCWANDEV ioctl call.(CVE-2014-1444i1/4%0
    
      - In the Linux kernel, through 4.15.4, the floppy driver
        reveals the addresses of kernel functions and global
        variables using printk calls within the function
        show_floppy in drivers/block/floppy.c. An attacker can
        read this information from dmesg and use the addresses
        to find the locations of kernel code and data and
        bypass kernel security protections such as
        KASLR.(CVE-2018-7273i1/4%0
    
      - A flaw in 'arch/arm64/kernel/sys.c' in the Linux kernel
        allows local users to bypass the 'strict page
        permissions' protection mechanism and modify the
        system-call table and, consequently, gain privileges by
        leveraging write access.(CVE-2015-8967i1/4%0
    
      - The Linux kernel before 3.11 on ARM platforms, as used
        in Android before 2016-08-05 on Nexus 5 and 7 (2013)
        devices, does not properly consider user-space access
        to the TPIDRURW register, which allows local users to
        gain privileges via a crafted application, aka Android
        internal bug 28749743 and Qualcomm internal bug
        CR561044.(CVE-2014-9870i1/4%0
    
      - A NULL pointer dereference security flaw was found in
        the Linux kernel in the vcpu_scan_ioapic() function in
        arch/x86/kvm/x86.c. This allows local users with
        certain privileges to cause a denial of service via a
        crafted system call to the KVM
        subsystem.(CVE-2018-19407i1/4%0
    
      - It was found that current implementation of kl5kusb105
        driver failed to detect short transfers when attempting
        to read the line state and logged the content of the
        uninitialized heap transfer buffer.(CVE-2017-5549i1/4%0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1503
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5e5b5599");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-4.19.28-1.2.117",
            "kernel-devel-4.19.28-1.2.117",
            "kernel-headers-4.19.28-1.2.117",
            "kernel-tools-4.19.28-1.2.117",
            "kernel-tools-libs-4.19.28-1.2.117",
            "kernel-tools-libs-devel-4.19.28-1.2.117",
            "perf-4.19.28-1.2.117",
            "python-perf-4.19.28-1.2.117"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-203.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-3459,CVE-2019-3460: Two information leaks in the bluetooth stack were fixed. (bnc#1120758). - CVE-2019-7221: A use-after-free in the KVM nVMX hrtimer was fixed. (bnc#1124732). - CVE-2019-7222: A information leak in exception handling in KVM could be used to expose host memory to guests. (bnc#1124735). - CVE-2019-6974: A use-after-free in the KVM device control API was fixed. (bnc#1124728). - CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971). The following non-security bugs were fixed : - 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510). - 9p: clear dangling pointers in p9stat_free (bsc#1051510). - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510). - 9p/net: put a lower bound on msize (bsc#1051510). - acpi/nfit: Block function zero DSMs (bsc#1051510). - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969). - acpi/nfit: Fix command-supported detection (bsc#1051510). - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662). - acpi/nfit: Fix user-initiated ARS to be
    last seen2020-06-01
    modified2020-06-02
    plugin id122303
    published2019-02-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122303
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-203)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-203.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122303);
      script_version("1.6");
      script_cvs_date("Date: 2020/02/12");
    
      script_cve_id("CVE-2018-20669", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2019-203)");
      script_summary(english:"Check for the openSUSE-2019-203 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE Leap 15.0 kernel was updated to receive various security
    and bugfixes.
    
    The following security bugs were fixed :
    
      - CVE-2019-3459,CVE-2019-3460: Two information leaks in
        the bluetooth stack were fixed. (bnc#1120758).
    
      - CVE-2019-7221: A use-after-free in the KVM nVMX hrtimer
        was fixed. (bnc#1124732).
    
      - CVE-2019-7222: A information leak in exception handling
        in KVM could be used to expose host memory to guests.
        (bnc#1124735).
    
      - CVE-2019-6974: A use-after-free in the KVM device
        control API was fixed. (bnc#1124728).
    
      - CVE-2018-20669: Missing access control checks in ioctl
        of gpu/drm/i915 driver were fixed which might have lead
        to information leaks. (bnc#1122971).
    
    The following non-security bugs were fixed :
    
      - 6lowpan: iphc: reset mac_header after decompress to fix
        panic (bsc#1051510).
    
      - 9p: clear dangling pointers in p9stat_free
        (bsc#1051510).
    
      - 9p locks: fix glock.client_id leak in do_lock
        (bsc#1051510).
    
      - 9p/net: put a lower bound on msize (bsc#1051510).
    
      - acpi/nfit: Block function zero DSMs (bsc#1051510).
    
      - acpi, nfit: Fix Address Range Scrub completion tracking
        (bsc#1124969).
    
      - acpi/nfit: Fix command-supported detection
        (bsc#1051510).
    
      - acpi/nfit: Fix race accessing memdev in
        nfit_get_smbios_id() (bsc#1122662).
    
      - acpi/nfit: Fix user-initiated ARS to be 'ARS-long'
        rather than 'ARS-short' (bsc#1124969).
    
      - ACPI: power: Skip duplicate power resource references in
        _PRx (bsc#1051510).
    
      - Add delay-init quirk for Corsair K70 RGB keyboards
        (bsc#1087092).
    
      - af_iucv: Move sockaddr length checks to before accessing
        sa_family in bind and connect handlers (bsc#1051510).
    
      - alsa: bebob: fix model-id of unit for Apogee Ensemble
        (bsc#1051510).
    
      - alsa: compress: Fix stop handling on compressed capture
        streams (bsc#1051510).
    
      - alsa: hda - Add mute LED support for HP ProBook 470 G5
        (bsc#1051510).
    
      - alsa: hda/ca0132 - Fix build error without CONFIG_PCI
        (bsc#1051510).
    
      - alsa: hda/realtek - Fixed hp_pin no value (bsc#1051510).
    
      - alsa: hda/realtek - Fix lose hp_pins for disable auto
        mute (bsc#1051510).
    
      - alsa: hda/realtek - Use a common helper for hp pin
        reference (bsc#1051510).
    
      - alsa: hda - Serialize codec registrations (bsc#1122944).
    
      - alsa: hda - Use standard device registration for beep
        (bsc#1122944).
    
      - alsa: oxfw: add support for APOGEE duet FireWire
        (bsc#1051510).
    
      - alsa: usb-audio: Add Opus #3 to quirks for native DSD
        support (bsc#1051510).
    
      - alsa: usb-audio: Add support for new T+A USB DAC
        (bsc#1051510).
    
      - amd-xgbe: Fix mdio access for non-zero ports and clause
        45 PHYs (bsc#1122927).
    
      - arm: 8802/1: Call syscall_trace_exit even when system
        call skipped (bsc#1051510).
    
      - arm: 8814/1: mm: improve/fix ARM v7_dma_inv_range()
        unaligned address handling (bsc#1051510).
    
      - arm: 8815/1: V7M: align v7m_dma_inv_range() with v7
        counterpart (bsc#1051510).
    
      - arm/arm64: kvm:vgic: Force VM halt when changing the
        active state of GICv3 PPIs/SGIs (bsc#1051510).
    
      - arm: cns3xxx: Fix writing to wrong PCI config registers
        after alignment (bsc#1051510).
    
      - arm: cns3xxx: Use actual size reads for PCIe
        (bsc#1051510).
    
      - arm: imx: update the cpu power up timing setting on
        i.mx6sx (bsc#1051510).
    
      - arm: kvm:Fix VTTBR_BADDR_MASK BUG_ON off-by-one
        (bsc#1051510).
    
      - arm: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt
        (bsc#1051510).
    
      - arm: OMAP1: ams-delta: Fix possible use of uninitialized
        field (bsc#1051510).
    
      - arm: OMAP2+: prm44xx: Fix section annotation on
        omap44xx_prm_enable_io_wakeup (bsc#1051510).
    
      - ASoC: dma-sh7760: cleanup a debug printk (bsc#1051510).
    
      - ASoC: rt5514-spi: Fix potential NULL pointer dereference
        (bsc#1051510).
    
      - ax25: fix a use-after-free in ax25_fillin_cb()
        (networking-stable-19_01_04).
    
      - be2net: do not flip hw_features when VXLANs are
        added/deleted (bsc#1050252).
    
      - blkdev: avoid migration stalls for blkdev pages
        (bsc#1084216).
    
      - blk-mq: fix kernel oops in blk_mq_tag_idle()
        (bsc#1051510).
    
      - block: break discard submissions into the user defined
        size (git-fixes).
    
      - block: cleanup __blkdev_issue_discard() (git-fixes).
    
      - block: do not deal with discard limit in
        blkdev_issue_discard() (git-fixes).
    
      - block: fix 32 bit overflow in __blkdev_issue_discard()
        (git-fixes).
    
      - block: fix infinite loop if the device loses discard
        capability (git-fixes).
    
      - block: make sure discard bio is aligned with logical
        block size (git-fixes).
    
      - block: make sure writesame bio is aligned with logical
        block size (git-fixes).
    
      - block/swim3: Fix -EBUSY error when re-opening device
        after unmount (git-fixes).
    
      - bnx2x: Assign unique DMAE channel number for FW DMAE
        transactions (bsc#1086323).
    
      - bnx2x: Clear fip MAC when fcoe offload support is
        disabled (bsc#1086323).
    
      - bnx2x: Fix NULL pointer dereference in
        bnx2x_del_all_vlans() on some hw (bsc#1086323).
    
      - bnx2x: Remove configured vlans as part of unload
        sequence (bsc#1086323).
    
      - bnx2x: Send update-svid ramrod with retry/poll flags
        enabled (bsc#1086323).
    
      - bonding: update nest level on unlink (git-fixes).
    
      - bsg: allocate sense buffer if requested (bsc#1106811).
    
      - btrfs: qgroup: Fix root item corruption when multiple
        same source snapshots are created with quota enabled
        (bsc#1122324).
    
      - can: bcm: check timer values before ktime conversion
        (bsc#1051510).
    
      - can: dev: __can_get_echo_skb(): fix bogous check for
        non-existing skb by removing it (bsc#1051510).
    
      - can: gw: ensure DLC boundaries after CAN frame
        modification (bsc#1051510).
    
      - cdc-acm: fix abnormal DATA RX issue for Mediatek
        Preloader (bsc#1051510).
    
      - char/mwave: fix potential Spectre v1 vulnerability
        (bsc#1051510).
    
      - checkstack.pl: fix for aarch64 (bsc#1051510).
    
      - cifs: add missing debug entries for kconfig options
        (bsc#1051510).
    
      - cifs: add missing support for ACLs in SMB 3.11
        (bsc#1051510).
    
      - cifs: add sha512 secmech (bsc#1051510).
    
      - cifs: Add support for reading attributes on SMB2+
        (bsc#1051510).
    
      - cifs: Add support for writing attributes on SMB2+
        (bsc#1051510).
    
      - cifs: do not log STATUS_NOT_FOUND errors for DFS
        (bsc#1051510).
    
      - cifs: Do not modify mid entry after submitting I/O in
        cifs_call_async (bsc#1051510).
    
      - cifs: Fix error mapping for SMB2_LOCK command which
        caused OFD lock problem (bsc#1051510).
    
      - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510).
    
      - cifs: fix return value for cifs_listxattr (bsc#1051510).
    
      - cifs: Fix separator when building path from dentry
        (bsc#1051510).
    
      - cifs: fix set info (bsc#1051510).
    
      - cifs: fix sha512 check in cifs_crypto_secmech_release
        (bsc#1051510).
    
      - cifs: fix wrapping bugs in num_entries() (bsc#1051510).
    
      - cifs: For SMB2 security informaion query, check for
        minimum sized security descriptor instead of sizeof
        FileAllInformation class (bsc#1051510).
    
      - cifs: hide unused functions (bsc#1051510).
    
      - cifs: hide unused functions (bsc#1051510).
    
      - cifs: implement v3.11 preauth integrity (bsc#1051510).
    
      - cifs: make 'nodfs' mount opt a superblock flag
        (bsc#1051510).
    
      - cifs: prevent integer overflow in nxt_dir_entry()
        (bsc#1051510).
    
      - cifs: prototype declaration and definition for smb 2 - 3
        and cifsacl mount options (bsc#1051510).
    
      - cifs: prototype declaration and definition to set acl
        for smb 2 - 3 and cifsacl mount options (bsc#1051510).
    
      - cifs: refactor crypto shash/sdesc allocation&free
        (bsc#1051510).
    
      - cifs: smb2ops: Fix listxattr() when there are no EAs
        (bsc#1051510).
    
      - cifs: Use smb 2 - 3 and cifsacl mount options getacl
        functions (bsc#1051510).
    
      - cifs: Use smb 2 - 3 and cifsacl mount options setacl
        function (bsc#1051510).
    
      - cifs: Use ULL suffix for 64-bit constant (bsc#1051510).
    
      - clk: imx6q: reset exclusive gates on init (bsc#1051510).
    
      - clk: rockchip: fix typo in rk3188 spdif_frac parent
        (bsc#1051510).
    
      - clk: sunxi-ng: enable so-said LDOs for A64 SoC's
        pll-mipi clock (bsc#1051510).
    
      - clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent (bsc#1051510).
    
      - cpufreq: imx6q: add return value check for voltage scale
        (bsc#1051510).
    
      - Cramfs: fix abad comparison when wrap-arounds occur
        (bsc#1051510).
    
      - crypto: authencesn - Avoid twice completion call in
        decrypt path (bsc#1051510).
    
      - crypto: authenc - fix parsing key with misaligned
        rta_len (bsc#1051510).
    
      - crypto: bcm - convert to use
        crypto_authenc_extractkeys() (bsc#1051510).
    
      - crypto: caam - fix zero-length buffer DMA mapping
        (bsc#1051510).
    
      - crypto: user - support incremental algorithm dumps
        (bsc#1120902).
    
      - dlm: fixed memory leaks after failed ls_remove_names
        allocation (bsc#1051510).
    
      - dlm: lost put_lkb on error path in receive_convert() and
        receive_unlock() (bsc#1051510).
    
      - dlm: memory leaks on error path in dlm_user_request()
        (bsc#1051510).
    
      - dlm: possible memory leak on error path in create_lkb()
        (bsc#1051510).
    
      - dmaengine: at_hdmac: fix memory leak in at_dma_xlate()
        (bsc#1051510).
    
      - dmaengine: at_hdmac: fix module unloading (bsc#1051510).
    
      - dmaengine: dma-jz4780: Return error if not probed from
        DT (bsc#1051510).
    
      - dmaengine: dw: Fix FIFO size for Intel Merrifield
        (bsc#1051510).
    
      - dmaengine: xilinx_dma: Remove __aligned attribute on
        zynqmp_dma_desc_ll (bsc#1051510).
    
      - dm cache metadata: verify cache has blocks in
        blocks_are_clean_separate_dirty() (git-fixes).
    
      - dm: call blk_queue_split() to impose device limits on
        bios (git-fixes).
    
      - dm: do not allow readahead to limit IO size (git-fixes).
    
      - dm thin: send event about thin-pool state change _after_
        making it (git-fixes).
    
      - dm zoned: Fix target BIO completion handling
        (git-fixes).
    
      - Do not log expected error on DFS referral request
        (bsc#1051510).
    
      - driver core: Move async_synchronize_full call
        (bsc#1051510).
    
      - drivers: core: Remove glue dirs from sysfs earlier
        (bsc#1051510).
    
      - drivers/misc/sgi-gru: fix Spectre v1 vulnerability
        (bsc#1051510).
    
      - drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo
        (bsc#1086314 bsc#1086313 bsc#1086301 ).
    
      - drivers/sbus/char: add of_node_put() (bsc#1051510).
    
      - drivers/tty: add missing of_node_put() (bsc#1051510).
    
      - drm/fb-helper: Ignore the value of
        fb_var_screeninfo.pixclock (bsc#1113722)
    
      - drm/fb-helper: Partially bring back workaround for bugs
        of SDL 1.2 (bsc#1113722)
    
      - drm/i915/gvt: Fix mmap range check (bsc#1120902)
    
      - drm/nouveau/tmr: detect stalled gpu timer and break out
        of waits (bsc#1123538).
    
      - drm/vmwgfx: Fix setting of dma masks (bsc#1120902)
    
      - drm/vmwgfx: Return error code from
        vmw_execbuf_copy_fence_user (bsc#1120902)
    
      - e1000e: allow non-monotonic SYSTIM readings
        (bsc#1051510).
    
      - exportfs: do not read dentry after free (bsc#1051510).
    
      - ext4: Fix crash during online resizing (bsc#1122779).
    
      - fanotify: fix handling of events on child sub-directory
        (bsc#1122019).
    
      - fat: validate ->i_start before using (bsc#1051510).
    
      - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y
        (bsc#1051510).
    
      - fork: do not copy inconsistent signal handler state to
        child (bsc#1051510).
    
      - fork: record start_time late (git-fixes).
    
      - fork: unconditionally clear stack on fork (git-fixes).
    
      - fs/cifs: require sha512 (bsc#1051510).
    
      - gpio: altera-a10sr: Set proper output level for
        direction_output (bsc#1051510).
    
      - gpio: pcf857x: Fix interrupts on multiple instances
        (bsc#1051510).
    
      - gpio: pl061: handle failed allocations (bsc#1051510).
    
      - gpio: pl061: Move irq_chip definition inside struct
        pl061 (bsc#1051510).
    
      - gpio: vf610: Mask all GPIO interrupts (bsc#1051510).
    
      - gro_cell: add napi_disable in gro_cells_destroy
        (networking-stable-19_01_04).
    
      - hfs: do not free node before using (bsc#1051510).
    
      - hfsplus: do not free node before using (bsc#1051510).
    
      - hfsplus: prevent btree data loss on root split
        (bsc#1051510).
    
      - hfs: prevent btree data loss on root split
        (bsc#1051510).
    
      - i2c: dev: prevent adapter retries and timeout being set
        as minus value (bsc#1051510).
    
      - i40e: fix mac filter delete when setting mac address
        (bsc#1056658 bsc#1056662).
    
      - i40e: report correct statistics when XDP is enabled
        (bsc#1056658 bsc#1056662).
    
      - i40e: restore NETIF_F_GSO_IPXIP to netdev features
        (bsc#1056658 bsc#1056662).
    
      - ibmveth: Do not process frames after calling
        napi_reschedule (bcs#1123357).
    
      - ibmveth: fix DMA unmap error in ibmveth_xmit_start error
        path (networking-stable-19_01_04).
    
      - ibmvnic: Add ethtool private flag for driver-defined
        queue limits (bsc#1121726).
    
      - ibmvnic: Increase maximum queue size limit
        (bsc#1121726).
    
      - ibmvnic: Introduce driver limits for ring sizes
        (bsc#1121726).
    
      - ide: pmac: add of_node_put() (bsc#1051510).
    
      - ieee802154: lowpan_header_create check must check daddr
        (networking-stable-19_01_04).
    
      - input: elan_i2c - add ACPI ID for touchpad in ASUS
        Aspire F5-573G (bsc#1051510).
    
      - input: omap-keypad - fix idle configuration to not block
        SoC idle states (bsc#1051510).
    
      - input: raspberrypi-ts - fix link error (git-fixes).
    
      - input: restore EV_ABS ABS_RESERVED (bsc#1051510).
    
      - input: synaptics - enable RMI on ThinkPad T560
        (bsc#1051510).
    
      - input: synaptics - enable SMBus for HP EliteBook 840 G4
        (bsc#1051510).
    
      - input: xpad - add support for SteelSeries Stratus Duo
        (bsc#1111666).
    
      - iommu/amd: Call free_iova_fast with pfn in map_sg
        (bsc#1106105).
    
      - iommu/amd: Fix IOMMU page flush when detach device from
        a domain (bsc#1106105).
    
      - iommu/amd: Unmap all mapped pages in error path of
        map_sg (bsc#1106105).
    
      - iommu/vt-d: Fix memory leak in
        intel_iommu_put_resv_regions() (bsc#1106105).
    
      - ip6mr: Fix potential Spectre v1 vulnerability
        (networking-stable-19_01_04).
    
      - ipmi:pci: Blacklist a Realtek 'IPMI' device (git-fixes).
    
      - ipmi:ssif: Fix handling of multi-part return messages
        (bsc#1051510).
    
      - ip: on queued skb use skb_header_pointer instead of
        pskb_may_pull (git-fixes).
    
      - ipv4: Fix potential Spectre v1 vulnerability
        (networking-stable-19_01_04).
    
      - ipv4: ipv6: netfilter: Adjust the frag mem limit when
        truesize changes (networking-stable-18_12_12).
    
      - ipv6: Check available headroom in ip6_xmit() even
        without options (networking-stable-18_12_12).
    
      - ipv6: explicitly initialize udp6_addr in
        udp_sock_create6() (networking-stable-19_01_04).
    
      - ipv6: sr: properly initialize flowi6 prior passing to
        ip6_route_output (networking-stable-18_12_12).
    
      - ipv6: tunnels: fix two use-after-free
        (networking-stable-19_01_04).
    
      - ip: validate header length on virtual device xmit
        (networking-stable-19_01_04).
    
      - iscsi target: fix session creation failure handling
        (bsc#1051510).
    
      - isdn: fix kernel-infoleak in capi_unlocked_ioctl
        (bsc#1051510).
    
      - iwlwifi: fix non_shared_ant for 22000 devices
        (bsc#1119086).
    
      - iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086).
    
      - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old
        firmwares (bsc#1119086).
    
      - jffs2: Fix use of uninitialized delayed_work, lockdep
        breakage (bsc#1051510).
    
      - kABI: fix xhci kABI stability (bsc#1119086).
    
      - kABI: protect struct sctp_association (kabi).
    
      - kABI workaround for deleted
        snd_hda_register_beep_device() (bsc#1122944).
    
      - kABI workaround for snd_hda_bus.bus_probing addition
        (bsc#1122944).
    
      - kdb: use memmove instead of overlapping memcpy
        (bsc#1120954).
    
      - kernel/exit.c: release ptraced tasks before
        zap_pid_ns_processes (git-fixes).
    
      - kvm: arm/arm64: Properly protect VGIC locks from IRQs
        (bsc#1117155).
    
      - kvm: arm/arm64: VGIC/ITS: Promote irq_lock() in
        update_affinity (bsc#1117155).
    
      - kvm: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls
        with SRCU lock (bsc#1117155).
    
      - kvm: arm/arm64: VGIC/ITS save/restore: protect
        kvm_read_guest() calls (bsc#1117155).
    
      - kvm: PPC: Book3S PR: Set hflag to indicate that POWER9
        supports 1T segments (bsc#1124589).
    
      - kvm: sev: Fail KVM_SEV_INIT if already initialized
        (bsc#1114279).
    
      - kvm: x86: fix L1TF's MMIO GFN calculation (bsc#1124204).
    
      - lan78xx: Resolve issue with changing MAC address
        (bsc#1051510).
    
      - libertas_tf: prevent underflow in process_cmdrequest()
        (bsc#1119086).
    
      - lib/rbtree-test: lower default params (git-fixes).
    
      - lockd: fix access beyond unterminated strings in prints
        (git-fixes).
    
      - LSM: Check for NULL cred-security on free (bsc#1051510).
    
      - md: fix raid10 hang issue caused by barrier (git-fixes).
    
      - media: firewire: Fix app_info parameter type in
        avc_ca(,_app)_info (bsc#1051510).
    
      - media: usb: pwc: Do not use coherent DMA buffers for ISO
        transfer (bsc#1054610).
    
      - media: v4l2-tpg: array index could become negative
        (bsc#1051510).
    
      - media: v4l: ioctl: Validate num_planes for debug
        messages (bsc#1051510).
    
      - media: vb2: be sure to unlock mutex on errors
        (bsc#1051510).
    
      - media: vb2: vb2_mmap: move lock up (bsc#1051510).
    
      - media: vivid: fix error handling of kthread_run
        (bsc#1051510).
    
      - media: vivid: free bitmap_cap when updating
        std/timings/etc (bsc#1051510).
    
      - media: vivid: set min width/height to a value > 0
        (bsc#1051510).
    
      - mfd: ab8500-core: Return zero in
        get_register_interruptible() (bsc#1051510).
    
      - mfd: tps6586x: Handle interrupts on suspend
        (bsc#1051510).
    
      - misc: atmel-ssc: Fix section annotation on
        atmel_ssc_get_driver_data (bsc#1051510).
    
      - misc: hmc6352: fix potential Spectre v1 (bsc#1051510).
    
      - misc: mic/scif: fix copy-paste error in
        scif_create_remote_lookup (bsc#1051510).
    
      - misc: mic: SCIF Fix scif_get_new_port() error handling
        (bsc#1051510).
    
      - misc: sram: enable clock before registering regions
        (bsc#1051510).
    
      - misc: sram: fix resource leaks in probe error path
        (bsc#1051510).
    
      - misc: ti-st: Fix memory leak in the error path of
        probe() (bsc#1051510).
    
      - misc: vexpress: Off by one in vexpress_syscfg_exec()
        (bsc#1051510).
    
      - mmc: atmel-mci: do not assume idle after
        atmci_request_end (bsc#1051510).
    
      - mmc: bcm2835: Fix DMA channel leak on probe error
        (bsc#1051510).
    
      - mmc: dw_mmc-bluefield: : Fix the license information
        (bsc#1051510).
    
      - mmc: sdhci-iproc: handle mmc_of_parse() errors during
        probe (bsc#1051510).
    
      - mm/huge_memory: fix lockdep complaint on 32-bit
        i_size_read() (VM Functionality, bsc#1121599).
    
      - mm/huge_memory: rename freeze_page() to unmap_page() (VM
        Functionality, bsc#1121599).
    
      - mm/huge_memory: splitting set mapping+index before
        unfreeze (VM Functionality, bsc#1121599).
    
      - mm/khugepaged: collapse_shmem() do not crash on Compound
        (VM Functionality, bsc#1121599).
    
      - mm/khugepaged: collapse_shmem() remember to clear holes
        (VM Functionality, bsc#1121599).
    
      - mm/khugepaged: collapse_shmem() stop if punched or
        truncated (VM Functionality, bsc#1121599).
    
      - mm/khugepaged: collapse_shmem() without freezing
        new_page (VM Functionality, bsc#1121599).
    
      - mm/khugepaged: fix crashes due to misaccounted holes (VM
        Functionality, bsc#1121599).
    
      - mm/khugepaged: minor reorderings in collapse_shmem() (VM
        Functionality, bsc#1121599).
    
      - mm: migrate: lock buffers before
        migrate_page_move_mapping() (bsc#1084216).
    
      - mm: migrate: Make buffer_migrate_page_norefs() actually
        succeed (bsc#1084216)
    
      - mm: migrate: provide buffer_migrate_page_norefs()
        (bsc#1084216).
    
      - mm: migration: factor out code to compute expected
        number of page references (bsc#1084216).
    
      - Move the upstreamed HD-audio fix into sorted section
    
      - mpt3sas: check sense buffer before copying sense data
        (bsc#1106811).
    
      - neighbour: Avoid writing before skb->head in
        neigh_hh_output() (networking-stable-18_12_12).
    
      - net: 8139cp: fix a BUG triggered by changing mtu with
        network traffic (networking-stable-18_12_12).
    
      - net: core: Fix Spectre v1 vulnerability
        (networking-stable-19_01_04).
    
      - net/hamradio/6pack: use mod_timer() to rearm timers
        (networking-stable-19_01_04).
    
      - net: hns3: add error handler for
        hns3_nic_init_vector_data() (bsc#1104353).
    
      - net: hns3: add handling for big TX fragment (bsc#1104353
        ).
    
      - net: hns3: Fix client initialize state issue when roce
        client initialize failed (bsc#1104353).
    
      - net: hns3: Fix for loopback selftest failed problem
        (bsc#1104353 ).
    
      - net: hns3: fix for multiple unmapping DMA problem
        (bsc#1104353 ).
    
      - net: hns3: Fix tc setup when netdev is first up
        (bsc#1104353 ).
    
      - net: hns3: Fix tqp array traversal condition for vf
        (bsc#1104353 ).
    
      - net: hns3: move DMA map into hns3_fill_desc (bsc#1104353
        ).
    
      - net: hns3: remove hns3_fill_desc_tso (bsc#1104353).
    
      - net: hns3: rename hns_nic_dma_unmap (bsc#1104353).
    
      - net: hns3: rename the interface for init_client_instance
        and uninit_client_instance (bsc#1104353).
    
      - net: macb: restart tx after tx used bit read
        (networking-stable-19_01_04).
    
      - net/mlx4_en: Change min MTU size to ETH_MIN_MTU
        (networking-stable-18_12_12).
    
      - net/mlx5e: Remove the false indication of software
        timestamping support (networking-stable-19_01_04).
    
      - net/mlx5: Typo fix in del_sw_hw_rule
        (networking-stable-19_01_04).
    
      - net: phy: do not allow __set_phy_supported to add
        unsupported modes (networking-stable-18_12_12).
    
      - net: phy: Fix the issue that netif always links up after
        resuming (networking-stable-19_01_04).
    
      - netrom: fix locking in nr_find_socket()
        (networking-stable-19_01_04).
    
      - net: skb_scrub_packet(): Scrub offload_fwd_mark
        (networking-stable-18_12_03).
    
      - net/smc: fix TCP fallback socket release
        (networking-stable-19_01_04).
    
      - net: stmmac: Fix PCI module removal leak (git-fixes).
    
      - net: thunderx: set tso_hdrs pointer to NULL in
        nicvf_free_snd_queue (networking-stable-18_12_03).
    
      - net: thunderx: set xdp_prog to NULL if bpf_prog_add
        fails (networking-stable-18_12_03).
    
      - net/wan: fix a double free in x25_asy_open_tty()
        (networking-stable-19_01_04).
    
      - nfsd: COPY and CLONE operations require the saved
        filehandle to be set (git-fixes).
    
      - nfsd: Fix an Oops in free_session() (git-fixes).
    
      - nfs: Fix a missed page unlock after pg_doio()
        (git-fixes).
    
      - NFS: Fix up return value on fatal errors in
        nfs_page_async_flush() (git-fixes).
    
      - NFSv4.1: Fix the r/wsize checking (git-fixes).
    
      - NFSv4: Do not exit the state manager without clearing
        NFS4CLNT_MANAGER_RUNNING (git-fixes).
    
      - nvme-multipath: round-robin I/O policy (bsc#1110705).
    
      - omap2fb: Fix stack memory disclosure (bsc#1120902)
    
      - packet: Do not leak dev refcounts on error exit
        (git-fixes).
    
      - packet: validate address length if non-zero
        (networking-stable-19_01_04).
    
      - packet: validate address length
        (networking-stable-19_01_04).
    
      - PCI: Disable broken RTIT_BAR of Intel TH (bsc#1120318).
    
      - phonet: af_phonet: Fix Spectre v1 vulnerability
        (networking-stable-19_01_04).
    
      - platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34
        scan codes (bsc#1051510).
    
      - platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK
        (bsc#1051510).
    
      - platform/x86: asus-wmi: Tell the EC the OS will handle
        the display off hotkey (bsc#1051510).
    
      - powerpc: Always save/restore checkpointed regs during
        treclaim/trecheckpoint (bsc#1118338).
    
      - powerpc/cacheinfo: Report the correct shared_cpu_map on
        big-cores (bsc#1109695).
    
      - powerpc: Detect the presence of big-cores via 'ibm,
        thread-groups' (bsc#1109695).
    
      - powerpc: make use of for_each_node_by_type() instead of
        open-coding it (bsc#1109695).
    
      - powerpc/powernv: Clear LPCR[PECE1] via stop-api only for
        deep state offline (bsc#1119766, bsc#1055121).
    
      - powerpc/powernv: Clear PECE1 in LPCR via stop-api only
        on Hotplug (bsc#1119766, bsc#1055121).
    
      - powerpc: Remove facility loadups on transactional (fp,
        vec, vsx) unavailable (bsc#1118338).
    
      - powerpc: Remove redundant FP/Altivec giveup code
        (bsc#1118338).
    
      - powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).
    
      - powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).
    
      - powerpc/smp: Add Power9 scheduler topology
        (bsc#1109695).
    
      - powerpc/smp: Rework CPU topology construction
        (bsc#1109695).
    
      - powerpc/smp: Use cpu_to_chip_id() to find core siblings
        (bsc#1109695).
    
      - powerpc/tm: Avoid machine crash on rt_sigreturn
        (bsc#1118338).
    
      - powerpc/tm: Do not check for WARN in TM Bad Thing
        handling (bsc#1118338).
    
      - powerpc/tm: Fix comment (bsc#1118338).
    
      - powerpc/tm: Fix endianness flip on trap (bsc#1118338).
    
      - powerpc/tm: Fix HFSCR bit for no suspend case
        (bsc#1118338).
    
      - powerpc/tm: Fix HTM documentation (bsc#1118338).
    
      - powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM
        (bsc#1118338).
    
      - powerpc/tm: P9 disable transactionally suspended
        sigcontexts (bsc#1118338).
    
      - powerpc/tm: Print 64-bits MSR (bsc#1118338).
    
      - powerpc/tm: Print scratch value (bsc#1118338).
    
      - powerpc/tm: Reformat comments (bsc#1118338).
    
      - powerpc/tm: Remove msr_tm_active() (bsc#1118338).
    
      - powerpc/tm: Remove struct thread_info param from
        tm_reclaim_thread() (bsc#1118338).
    
      - powerpc/tm: Save MSR to PACA before RFID (bsc#1118338).
    
      - powerpc/tm: Set MSR[TS] just prior to recheckpoint
        (bsc#1118338, bsc#1120955).
    
      - powerpc/tm: Unset MSR[TS] if not recheckpointing
        (bsc#1118338).
    
      - powerpc/tm: Update function prototype comment
        (bsc#1118338).
    
      - powerpc: Use cpu_smallcore_sibling_mask at SMT level on
        bigcores (bsc#1109695).
    
      - powerpc/xmon: Fix invocation inside lock region
        (bsc#1122885).
    
      - pstore/ram: Avoid allocation and leak of platform data
        (bsc#1051510).
    
      - pstore/ram: Avoid NULL deref in ftrace merging failure
        path (bsc#1051510).
    
      - pstore/ram: Correctly calculate usable PRZ bytes
        (bsc#1051510).
    
      - pstore/ram: Do not treat empty buffers as valid
        (bsc#1051510).
    
      - ptp_kvm: probe for kvm guest availability (bsc#1098382).
    
      - ptr_ring: wrap back ->producer in
        __ptr_ring_swap_queue() (networking-stable-19_01_04).
    
      - qed: Avoid constant logical operation warning in
        qed_vf_pf_acquire (bsc#1086314 bsc#1086313 bsc#1086301).
    
      - qed: Avoid implicit enum conversion in
        qed_iwarp_parse_rx_pkt (bsc#1086314 bsc#1086313
        bsc#1086301 ).
    
      - qed: Avoid implicit enum conversion in
        qed_roce_mode_to_flavor (bsc#1086314 bsc#1086313
        bsc#1086301 ).
    
      - qed: Avoid implicit enum conversion in
        qed_set_tunn_cls_info (bsc#1086314 bsc#1086313
        bsc#1086301 ).
    
      - qed: Fix an error code qed_ll2_start_xmit() (bsc#1086314
        bsc#1086313 bsc#1086301).
    
      - qed: Fix bitmap_weight() check (bsc#1086314 bsc#1086313
        bsc#1086301).
    
      - qed: Fix blocking/unlimited SPQ entries leak
        (bsc#1086314 bsc#1086313 bsc#1086301).
    
      - qed: Fix command number mismatch between driver and the
        mfw (bsc#1086314 bsc#1086313 bsc#1086301 ).
    
      - qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv
        (bsc#1086314 bsc#1086313 bsc#1086301).
    
      - qed: Fix memory/entry leak in qed_init_sp_request()
        (bsc#1086314 bsc#1086313 bsc#1086301).
    
      - qed: Fix potential memory corruption (bsc#1086314
        bsc#1086313 bsc#1086301).
    
      - qed: Fix PTT leak in qed_drain() (bsc#1086314
        bsc#1086313 bsc#1086301).
    
      - qed: Fix QM getters to always return a valid pq
        (bsc#1086314 bsc#1086313 bsc#1086301).
    
      - qed: Fix rdma_info structure allocation (bsc#1086314
        bsc#1086313 bsc#1086301).
    
      - qed: Fix reading wrong value in loop condition
        (bsc#1086314 bsc#1086313 bsc#1086301).
    
      - qla2xxx: Fixup dual-protocol FCP connections
        (bsc#1108870).
    
      - qmi_wwan: Added support for Fibocom NL668 series
        (networking-stable-19_01_04).
    
      - qmi_wwan: Added support for Telit LN940 series
        (networking-stable-19_01_04).
    
      - qmi_wwan: Add support for Fibocom NL678 series
        (networking-stable-19_01_04).
    
      - rapidio/rionet: do not free skb before reading its
        length (networking-stable-18_12_03).
    
      - RDMA/core: Fix unwinding flow in case of error to
        register device (bsc#1046306).
    
      - Revert 'serial: 8250: Fix clearing FIFOs in RS485 mode
        again' (bsc#1051510).
    
      - rpm/release-projects: Add SUSE:Maintenance:* for MU
        kernels (bsc#1123317)
    
      - rtnetlink: ndo_dflt_fdb_dump() only work for
        ARPHRD_ETHER devices (networking-stable-18_12_12).
    
      - s390/zcrypt: fix specification exception on z196 during
        ap probe (LTC#174936, bsc#1123061).
    
      - sbus: char: add of_node_put() (bsc#1051510).
    
      - sched/wait: Fix rcuwait_wake_up() ordering (git-fixes).
    
      - scripts/git_sort/git_sort.py: Add mkp/scsi
        5.0/scsi-fixes
    
      - scripts/git_sort/git_sort.py: Add s390/linux.git fixes.
    
      - scsi: qedi: Add ep_state for login completion on
        un-reachable targets (bsc#1113712).
    
      - scsi: qla2xxx: Timeouts occur on surprise removal of
        QLogic adapter (bsc#1124985).
    
      - scsi: target: make the pi_prot_format ConfigFS path
        readable (bsc#1123933).
    
      - sctp: initialize sin6_flowinfo for ipv6 addrs in
        sctp_inet6addr_event (networking-stable-19_01_04).
    
      - sctp: kfree_rcu asoc (networking-stable-18_12_12).
    
      - selftests/powerpc: Use snprintf to construct DSCR sysfs
        interface paths (bsc#1124579).
    
      - selinux: Add __GFP_NOWARN to allocation at str_read()
        (bsc#1051510).
    
      - selinux: fix GPF on invalid policy (bsc#1051510).
    
      - serial: imx: fix error handling in console_setup
        (bsc#1051510).
    
      - serial: set suppress_bind_attrs flag only if builtin
        (bsc#1051510).
    
      - serial/sunsu: fix refcount leak (bsc#1051510).
    
      - serial: uartps: Fix interrupt mask issue to handle the
        RX interrupts properly (bsc#1051510).
    
      - shmem: introduce shmem_inode_acct_block (VM
        Functionality, bsc#1121599).
    
      - shmem: shmem_charge: verify max_block is not exceeded
        before inode update (VM Functionality, bsc#1121599).
    
      - signal: Always deliver the kernel's SIGKILL and SIGSTOP
        to a pid namespace init (git-fixes).
    
      - slab: alien caches must not be initialized if the
        allocation of the alien cache failed (git fixes
        (mm/slab)).
    
      - smb3.1.1 dialect is no longer experimental
        (bsc#1051510).
    
      - smb311: Fix reconnect (bsc#1051510).
    
      - smb3: Add support for multidialect negotiate (SMB2.1 and
        later) (bsc#1051510).
    
      - smb3: allow stats which track session and share
        reconnects to be reset (bsc#1051510).
    
      - smb3: Backup intent flag missing for directory opens
        with backupuid mounts (bsc#1051510).
    
      - smb3: check for and properly advertise directory lease
        support (bsc#1051510).
    
      - smb3: directory sync should not return an error
        (bsc#1051510).
    
      - smb3: do not attempt cifs operation in smb3 query info
        error path (bsc#1051510).
    
      - smb3: do not request leases in symlink creation and
        query (bsc#1051510).
    
      - smb3: Do not send SMB3 SET_INFO if nothing changed
        (bsc#1051510).
    
      - smb3: enumerating snapshots was leaving part of the data
        off end (bsc#1051510).
    
      - smb3: Fix length checking of SMB3.11 negotiate request
        (bsc#1051510).
    
      - smb3: Fix root directory when server returns inode
        number of zero (bsc#1051510).
    
      - smb3: fix various xid leaks (bsc#1051510).
    
      - smb3: Improve security, move default dialect to SMB3
        from old CIFS (bsc#1051510).
    
      - smb3: on kerberos mount if server does not specify auth
        type use krb5 (bsc#1051510).
    
      - smb3: Remove ifdef since SMB3 (and later) now STRONGLY
        preferred (bsc#1051510).
    
      - smb3: simplify code by removing CONFIG_CIFS_SMB311
        (bsc#1051510).
    
      - staging: rtl8188eu: Add device code for D-Link DWA-121
        rev B1 (bsc#1051510).
    
      - sunrpc: correct the computation for page_ptr when
        truncating (git-fixes).
    
      - sunrpc: Fix a potential race in xprt_connect()
        (git-fixes).
    
      - sunrpc: Fix leak of krb5p encode pages (git-fixes).
    
      - sunrpc: handle ENOMEM in rpcb_getport_async (git-fixes).
    
      - sunrpc: safely reallow resvport min/max inversion
        (git-fixes).
    
      - tcp: Do not underestimate rwnd_limited
        (networking-stable-18_12_12).
    
      - tcp: fix a race in inet_diag_dump_icsk()
        (networking-stable-19_01_04).
    
      - tcp: fix NULL ref in tail loss probe
        (networking-stable-18_12_12).
    
      - tcp: lack of available data can also cause TSO defer
        (git-fixes).
    
      - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
        (bsc#1051510).
    
      - tipc: compare remote and local protocols in
        tipc_udp_enable() (networking-stable-19_01_04).
    
      - tipc: fix a double kfree_skb()
        (networking-stable-19_01_04).
    
      - tipc: use lock_sock() in tipc_sk_reinit()
        (networking-stable-19_01_04).
    
      - tools/lib/lockdep: Rename 'trywlock' into 'trywrlock'
        (bsc#1121973).
    
      - tty: Do not hold ldisc lock in tty_reopen() if ldisc
        present (bsc#1051510).
    
      - tty: Handle problem if line discipline does not have
        receive_buf (bsc#1051510).
    
      - tty/n_hdlc: fix __might_sleep warning (bsc#1051510).
    
      - tty/serial: do not free trasnmit buffer page under port
        lock (bsc#1051510).
    
      - tun: forbid iface creation with rtnl ops
        (networking-stable-18_12_12).
    
      - uart: Fix crash in uart_write and uart_put_char
        (bsc#1051510).
    
      - usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70
        RGB (bsc#1120902).
    
      - usb: cdc-acm: send ZLP for Telit 3G Intel based modems
        (bsc#1120902).
    
      - usb: dwc3: gadget: Clear req->needs_extra_trb flag on
        cleanup (bsc#1120902).
    
      - usb: dwc3: trace: add missing break statement to make
        compiler happy (bsc#1120902).
    
      - usbnet: ipheth: fix potential recvmsg bug and recvmsg
        bug 2 (networking-stable-18_12_03).
    
      - usb: serial: option: add Fibocom NL678 series
        (bsc#1120902).
    
      - usb: serial: pl2303: add ids for Hewlett-Packard HP POS
        pole displays (bsc#1120902).
    
      - usb: storage: add quirk for SMI SM3350 (bsc#1120902).
    
      - usb: storage: do not insert sane sense for SPC3+ when
        bad sense specified (bsc#1120902).
    
      - usb: xhci: fix 'broken_suspend' placement in struct
        xchi_hcd (bsc#1119086).
    
      - vfs: Avoid softlockups in drop_pagecache_sb()
        (bsc#1118505).
    
      - vhost: make sure used idx is seen before log in
        vhost_add_used_n() (networking-stable-19_01_04).
    
      - virtio-net: fail XDP set if guest csum is negotiated
        (networking-stable-18_12_03).
    
      - virtio-net: keep vnet header zeroed after processing XDP
        (networking-stable-18_12_12).
    
      - vsock: Send reset control packet when socket is
        partially bound (networking-stable-19_01_04).
    
      - vt: invoke notifier on screen size change (bsc#1051510).
    
      - watchdog: w83627hf_wdt: Add quirk for Inves system
        (bsc#1106434).
    
      - writeback: do not decrement wb->refcnt if !wb->bdi (git
        fixes (writeback)).
    
      - x86/bugs: Add AMD's variant of SSB_NO (bsc#1114279).
    
      - x86/bugs: Update when to check for the LS_CFG SSBD
        mitigation (bsc#1114279).
    
      - x86/kvmclock: set pvti_cpu0_va after enabling kvmclock
        (bsc#1098382).
    
      - x86/MCE: Initialize mce.bank in the case of a fatal
        error in mce_no_way_out() (bsc#1114279).
    
      - x86/microcode/amd: Do not falsely trick the late loading
        mechanism (bsc#1114279).
    
      - x86/mm: Drop usage of __flush_tlb_all() in
        kernel_physical_mapping_init() (bsc#1114279).
    
      - x86, modpost: Replace last remnants of RETPOLINE with
        CONFIG_RETPOLINE (bsc#1114279).
    
      - x86/pvclock: add setter for pvclock_pvti_cpu0_va
        (bsc#1098382).
    
      - x86/resctrl: Fix rdt_find_domain() return value and
        checks (bsc#1114279).
    
      - x86/speculation: Add RETPOLINE_AMD support to the inline
        asm CALL_NOSPEC variant (bsc#1114279).
    
      - x86/speculation: Remove redundant arch_smt_update()
        invocation (bsc#1114279).
    
      - x86/xen/time: Output xen sched_clock time from 0
        (bsc#1098382).
    
      - x86/xen/time: set pvclock flags on xen_time_init()
        (bsc#1098382).
    
      - x86/xen/time: setup vcpu 0 time info page (bsc#1098382).
    
      - xen: Fix x86 sched_clock() interface for xen
        (bsc#1098382).
    
      - xhci: Add quirk to zero 64bit registers on Renesas PCIe
        controllers (bsc#1120854).
    
      - xhci: workaround CSS timeout on AMD SNPS 3.0 xHC
        (bsc#1119086).
    
      - xprtrdma: Reset credit grant properly after a disconnect
        (git-fixes)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1046306"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050252"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1054610"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055121"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056658"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056662"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084216"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086301"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086313"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086323"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087092"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1098382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1098425"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104353"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108870"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110705"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111666"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113712"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117155"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118338"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118505"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119086"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119766"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120758"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120854"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120954"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120955"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121599"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121726"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121973"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122019"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122324"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122554"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122662"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122779"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122885"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122927"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122944"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122971"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123061"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123357"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123538"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123697"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123933"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124204"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124579"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124589"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124732"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124735"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124969"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124985"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1125109"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=802154"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-20669");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-base-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-base-debuginfo-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-debuginfo-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-debugsource-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-devel-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-devel-debuginfo-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-base-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-base-debuginfo-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-debuginfo-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-debugsource-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-devel-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-devel-debuginfo-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-devel-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-docs-html-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-base-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-debugsource-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-devel-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-macros-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-build-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-build-debugsource-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-qa-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-source-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-source-vanilla-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-syms-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-base-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-debuginfo-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-debugsource-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-devel-4.12.14-lp150.12.48.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.48.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc");
    }