Vulnerabilities > CVE-2018-8822 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linux
canonical
debian
CWE-119
nessus

Summary

Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.

Vulnerable Configurations

Part Description Count
OS
Linux
2248
OS
Canonical
4
OS
Debian
3

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0132_RSYNC.NASL
    descriptionAn update of the rsync package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121838
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121838
    titlePhoton OS 1.0: Rsync PHSA-2018-1.0-0132
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-1.0-0132. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(121838);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07");
    
      script_cve_id("CVE-2018-5764");
    
      script_name(english:"Photon OS 1.0: Rsync PHSA-2018-1.0-0132");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the rsync package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-132.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8822");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:rsync");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", reference:"rsync-3.1.3-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"rsync-debuginfo-3.1.3-1.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rsync");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0132.NASL
    descriptionAn update of 'linux-esx', 'rsync', 'linux' packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111934
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111934
    titlePhoton OS 1.0: Linux / Rsync PHSA-2018-1.0-0132 (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-1.0-0132. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111934);
      script_version("1.2");
      script_cvs_date("Date: 2019/02/07 18:59:50");
    
      script_cve_id(
        "CVE-2018-1092",
        "CVE-2018-1094",
        "CVE-2018-5764",
        "CVE-2018-7757",
        "CVE-2018-8822",
        "CVE-2018-1000026"
      );
    
      script_name(english:"Photon OS 1.0: Linux / Rsync PHSA-2018-1.0-0132 (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of 'linux-esx', 'rsync', 'linux' packages of Photon OS has
    been released.");
      # https://github.com/vmware/photon/wiki/Security-Updates-1.0-132
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c3df1f28");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8822");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:linux");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:rsync");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "linux-4.4.130-1.ph1",
      "linux-api-headers-4.4.130-1.ph1",
      "linux-debuginfo-4.4.130-1.ph1",
      "linux-dev-4.4.130-1.ph1",
      "linux-docs-4.4.130-1.ph1",
      "linux-drivers-gpu-4.4.130-1.ph1",
      "linux-esx-4.4.130-1.ph1",
      "linux-esx-debuginfo-4.4.130-1.ph1",
      "linux-esx-devel-4.4.130-1.ph1",
      "linux-esx-docs-4.4.130-1.ph1",
      "linux-oprofile-4.4.130-1.ph1",
      "linux-sound-4.4.130-1.ph1",
      "linux-tools-4.4.130-1.ph1",
      "rsync-3.1.3-1.ph1",
      "rsync-debuginfo-3.1.3-1.ph1"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux / rsync");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-514.NASL
    descriptionThe openSUSE Leap 42.3 kernel was updated to 4.4.132 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Information leaks using
    last seen2020-06-05
    modified2018-05-25
    plugin id110104
    published2018-05-25
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110104
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2018-514) (Spectre)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-514.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110104);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-18257", "CVE-2018-1000199", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-1065", "CVE-2018-1130", "CVE-2018-3639", "CVE-2018-5803", "CVE-2018-7492", "CVE-2018-8781", "CVE-2018-8822");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2018-514) (Spectre)");
      script_summary(english:"Check for the openSUSE-2018-514 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE Leap 42.3 kernel was updated to 4.4.132 to receive
    various security and bugfixes.
    
    The following security bugs were fixed :
    
      - CVE-2018-3639: Information leaks using 'Memory
        Disambiguation' feature in modern CPUs were mitigated,
        aka 'Spectre Variant 4' (bnc#1087082).
    
        A new boot commandline option was introduced,
        'spec_store_bypass_disable', which can have following
        values :
    
      - auto: Kernel detects whether your CPU model contains an
        implementation of Speculative Store Bypass and picks the
        most appropriate mitigation.
    
      - on: disable Speculative Store Bypass
    
      - off: enable Speculative Store Bypass
    
      - prctl: Control Speculative Store Bypass per thread via
        prctl. Speculative Store Bypass is enabled for a process
        by default. The state of the control is inherited on
        fork.
    
      - seccomp: Same as 'prctl' above, but all seccomp threads
        will disable SSB unless they explicitly opt out.
    
        The default is 'seccomp', meaning programs need explicit
        opt-in into the mitigation.
    
        Status can be queried via the
        /sys/devices/system/cpu/vulnerabilities/spec_store_bypas
        s file, containing :
    
      - 'Vulnerable'
    
      - 'Mitigation: Speculative Store Bypass disabled'
    
      - 'Mitigation: Speculative Store Bypass disabled via
        prctl'
    
      - 'Mitigation: Speculative Store Bypass disabled via prctl
        and seccomp'
    
      - CVE-2017-18257: The __get_data_block function in
        fs/f2fs/data.c allowed local users to cause a denial of
        service (integer overflow and loop) via crafted use of
        the open and fallocate system calls with an
        FS_IOC_FIEMAP ioctl. (bnc#1088241)
    
      - CVE-2018-1130: Linux kernel was vulnerable to a NULL
        pointer dereference in dccp_write_xmit() function in
        net/dccp/output.c in that allowed a local user to cause
        a denial of service by a number of certain crafted
        system calls (bnc#1092904).
    
      - CVE-2018-5803: An error in the _sctp_make_chunk()
        function when handling SCTP, packet length could have
        been exploited by a malicious local user to cause a
        kernel crash and a DoS. (bnc#1083900).
    
      - CVE-2018-1065: The netfilter subsystem mishandled the
        case of a rule blob that contains a jump but lacks a
        user-defined chain, which allowed local users to cause a
        denial of service (NULL pointer dereference) by
        leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability,
        related to arpt_do_table in
        net/ipv4/netfilter/arp_tables.c, ipt_do_table in
        net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in
        net/ipv6/netfilter/ip6_tables.c (bnc#1083650).
    
      - CVE-2018-7492: A NULL pointer dereference was found in
        the net/rds/rdma.c __rds_rdma_map() function that
        allowed local attackers to cause a system panic and a
        denial-of-service, related to RDS_GET_MR and
        RDS_GET_MR_FOR_DEST (bnc#1082962).
    
      - CVE-2018-8781: The udl_fb_mmap function in
        drivers/gpu/drm/udl/udl_fb.c had an integer-overflow
        vulnerability allowing local users with access to the
        udldrmfb driver to obtain full read and write
        permissions on kernel physical pages, resulting in a
        code execution in kernel space (bnc#1090643).
    
      - CVE-2018-10124: The kill_something_info function in
        kernel/signal.c might have allowed local users to cause
        a denial of service via an INT_MIN argument
        (bnc#1089752).
    
      - CVE-2018-10087: The kernel_wait4 function in
        kernel/exit.c might have allowed local users to cause a
        denial of service by triggering an attempted use of the
        -INT_MIN value (bnc#1089608).
    
      - CVE-2018-8822: Incorrect buffer length handling in the
        ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c
        could be exploited by malicious NCPFS servers to crash
        the kernel or execute code (bnc#1086162).
    
      - CVE-2018-1000199: A bug in x86 debug register handling
        of ptrace() could lead to memory corruption, possibly a
        denial of service or privilege escalation (bsc#1089895).
    
    The following non-security bugs were fixed :
    
      - acpica: Disassembler: Abort on an invalid/unknown AML
        opcode (bnc#1012382).
    
      - acpica: Events: Add runtime stub support for event APIs
        (bnc#1012382).
    
      - acpi / hotplug / PCI: Check presence of slot itself in
        get_slot_status() (bnc#1012382).
    
      - acpi, PCI, irq: remove redundant check for null string
        pointer (bnc#1012382).
    
      - acpi / scan: Send change uevent with offine
        environmental data (bsc#1082485).
    
      - acpi / video: Add quirk to force acpi-video backlight on
        Samsung 670Z5E (bnc#1012382).
    
      - alsa: aloop: Add missing cable lock to ctl API callbacks
        (bnc#1012382).
    
      - alsa: aloop: Mark paused device as inactive
        (bnc#1012382).
    
      - alsa: asihpi: Hardening for potential Spectre v1
        (bnc#1012382).
    
      - alsa: control: Hardening for potential Spectre v1
        (bnc#1012382).
    
      - alsa: core: Report audio_tstamp in snd_pcm_sync_ptr
        (bnc#1012382).
    
      - alsa: hda/conexant - Add fixup for HP Z2 G4 workstation
        (bsc#1092975).
    
      - alsa: hda: Hardening for potential Spectre v1
        (bnc#1012382).
    
      - alsa: hda - New VIA controller suppor no-snoop path
        (bnc#1012382).
    
      - alsa: hda/realtek - Add some fixes for ALC233
        (bnc#1012382).
    
      - alsa: hdspm: Hardening for potential Spectre v1
        (bnc#1012382).
    
      - alsa: line6: Use correct endpoint type for midi output
        (bnc#1012382).
    
      - alsa: opl3: Hardening for potential Spectre v1
        (bnc#1012382).
    
      - alsa: oss: consolidate kmalloc/memset 0 call to kzalloc
        (bnc#1012382).
    
      - alsa: pcm: Avoid potential races between OSS ioctls and
        read/write (bnc#1012382).
    
      - alsa: pcm: Check PCM state at xfern compat ioctl
        (bnc#1012382).
    
      - alsa: pcm: Fix endless loop for XRUN recovery in OSS
        emulation (bnc#1012382).
    
      - alsa: pcm: Fix mutex unbalance in OSS emulation ioctls
        (bnc#1012382).
    
      - alsa: pcm: Fix UAF at PCM release via PCM timer access
        (bnc#1012382).
    
      - alsa: pcm: potential uninitialized return values
        (bnc#1012382).
    
      - alsa: pcm: Return -EBUSY for OSS ioctls changing busy
        streams (bnc#1012382).
    
      - alsa: pcm: Use dma_bytes as size parameter in
        dma_mmap_coherent() (bnc#1012382).
    
      - alsa: pcm: Use ERESTARTSYS instead of EINTR in OSS
        emulation (bnc#1012382).
    
      - alsa: rawmidi: Fix missing input substream checks in
        compat ioctls (bnc#1012382).
    
      - alsa: rme9652: Hardening for potential Spectre v1
        (bnc#1012382).
    
      - alsa: seq: Fix races at MIDI encoding in
        snd_virmidi_output_trigger() (bnc#1012382).
    
      - alsa: seq: oss: Fix unbalanced use lock for synth MIDI
        device (bnc#1012382).
    
      - alsa: seq: oss: Hardening for potential Spectre v1
        (bnc#1012382).
    
      - alsa: usb-audio: Skip broken EU on Dell dock USB-audio
        (bsc#1090658).
    
      - arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening
        support (bsc#1068032).
    
      - arm64: avoid overflow in VA_START and PAGE_OFFSET
        (bnc#1012382).
    
      - arm64: capabilities: Handle duplicate entries for a
        capability (bsc#1068032).
    
      - arm64: cpufeature: __this_cpu_has_cap() shouldn't stop
        early (bsc#1068032).
    
      - arm64: Enforce BBM for huge IO/VMAP mappings
        (bsc#1088313).
    
      - arm64: fix smccc compilation (bsc#1068032).
    
      - arm64: futex: Fix undefined behaviour with
        FUTEX_OP_OPARG_SHIFT usage (bnc#1012382).
    
      - arm64: Kill PSCI_GET_VERSION as a variant-2 workaround
        (bsc#1068032).
    
      - arm64: kvm: Add SMCCC_ARCH_WORKAROUND_1 fast handling
        (bsc#1068032).
    
      - arm64: kvm: Increment PC after handling an SMC trap
        (bsc#1068032).
    
      - arm64: kvm: Report SMCCC_ARCH_WORKAROUND_1 BP hardening
        support (bsc#1068032).
    
      - arm64: mm: fix thinko in non-global page table attribute
        check (bsc#1088050).
    
      - arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery
        (bsc#1068032).
    
      - arm: amba: Do not read past the end of sysfs
        'driver_override' buffer (bnc#1012382).
    
      - arm: amba: Fix race condition with driver_override
        (bnc#1012382).
    
      - arm: amba: Make driver_override output consistent with
        other buses (bnc#1012382).
    
      - arm/arm64: kvm: Add PSCI_VERSION helper (bsc#1068032).
    
      - arm/arm64: kvm: Add smccc accessors to PSCI code
        (bsc#1068032).
    
      - arm/arm64: kvm: Advertise SMCCC v1.1 (bsc#1068032).
    
      - arm/arm64: kvm: Consolidate the PSCI include files
        (bsc#1068032).
    
      - arm/arm64: kvm: Implement PSCI 1.0 support
        (bsc#1068032).
    
      - arm/arm64: kvm: Turn kvm_psci_version into a static
        inline (bsc#1068032).
    
      - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
        (bsc#1068032).
    
      - arm/arm64: smccc: Make function identifiers an unsigned
        quantity (bsc#1068032).
    
      - arm: davinci: da8xx: Create DSP device only when
        assigned memory (bnc#1012382).
    
      - arm: dts: am57xx-beagle-x15-common: Add overide
        powerhold property (bnc#1012382).
    
      - arm: dts: at91: at91sam9g25: fix mux-mask pinctrl
        property (bnc#1012382).
    
      - arm: dts: at91: sama5d4: fix pinctrl compatible string
        (bnc#1012382).
    
      - arm: dts: dra7: Add power hold and power controller
        properties to palmas (bnc#1012382).
    
      - arm: dts: imx53-qsrb: Pulldown PMIC IRQ pin
        (bnc#1012382).
    
      - arm: dts: imx6qdl-wandboard: Fix audio channel swap
        (bnc#1012382).
    
      - arm: dts: ls1021a: add 'fsl,ls1021a-esdhc' compatible
        string to esdhc node (bnc#1012382).
    
      - arm: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull
        (bnc#1012382).
    
      - arp: fix arp_filter on l3slave devices (bnc#1012382).
    
      - arp: honour gratuitous ARP _replies_ (bnc#1012382).
    
      - ASoC: fsl_esai: Fix divisor calculation failure at lower
        ratio (bnc#1012382).
    
      - ASoC: Intel: cht_bsw_rt5645: Analog Mic support
        (bnc#1012382).
    
      - ASoC: rsnd: SSI PIO adjust to 24bit mode (bnc#1012382).
    
      - ASoC: ssm2602: Replace reg_default_raw with reg_default
        (bnc#1012382).
    
      - async_tx: Fix DMA_PREP_FENCE usage in
        do_async_gen_syndrome() (bnc#1012382).
    
      - ata: libahci: properly propagate return value of
        platform_get_irq() (bnc#1012382).
    
      - ath10k: fix rfc1042 header retrieval in QCA4019 with eth
        decap mode (bnc#1012382).
    
      - ath10k: rebuild crypto header in rx data frames
        (bnc#1012382).
    
      - ath5k: fix memory leak on buf on failed eeprom read
        (bnc#1012382).
    
      - ath9k_hw: check if the chip failed to wake up
        (bnc#1012382).
    
      - atm: zatm: Fix potential Spectre v1 (bnc#1012382).
    
      - audit: add tty field to LOGIN event (bnc#1012382).
    
      - autofs: mount point create should honour passed in mode
        (bnc#1012382).
    
      - bcache: segregate flash only volume write streams
        (bnc#1012382).
    
      - bcache: stop writeback thread after detaching
        (bnc#1012382).
    
      - bdi: Fix oops in wb_workfn() (bnc#1012382).
    
      - blacklist.conf: Add an omapdrm entry (bsc#1090708,
        bsc#1090718)
    
      - blk-mq: fix bad clear of RQF_MQ_INFLIGHT in
        blk_mq_ct_ctx_init() (bsc#1085058).
    
      - blk-mq: fix kernel oops in blk_mq_tag_idle()
        (bnc#1012382).
    
      - block: correctly mask out flags in blk_rq_append_bio()
        (bsc#1085058).
    
      - block/loop: fix deadlock after loop_set_status
        (bnc#1012382).
    
      - block: sanity check for integrity intervals
        (bsc#1091728).
    
      - bluetooth: Fix missing encryption refresh on Security
        Request (bnc#1012382).
    
      - bluetooth: Send HCI Set Event Mask Page 2 command only
        when needed (bnc#1012382).
    
      - bna: Avoid reading past end of buffer (bnc#1012382).
    
      - bnx2x: Allow vfs to disable txvlan offload
        (bnc#1012382).
    
      - bonding: do not set slave_dev npinfo before
        slave_enable_netpoll in bond_enslave (bnc#1012382).
    
      - bonding: Do not update slave->link until ready to commit
        (bnc#1012382).
    
      - bonding: fix the err path for dev hwaddr sync in
        bond_enslave (bnc#1012382).
    
      - bonding: move dev_mc_sync after master_upper_dev_link in
        bond_enslave (bnc#1012382).
    
      - bonding: process the err returned by dev_set_allmulti
        properly in bond_enslave (bnc#1012382).
    
      - bpf: map_get_next_key to return first key on NULL
        (bnc#1012382).
    
      - btrfs: fix incorrect error return ret being passed to
        mapping_set_error (bnc#1012382).
    
      - btrfs: Fix wrong first_key parameter in replace_path
        (Followup fix for bsc#1084721).
    
      - btrfs: Only check first key for committed tree blocks
        (bsc#1084721).
    
      - btrfs: Validate child tree block's level and first key
        (bsc#1084721).
    
      - bus: brcmstb_gisb: correct support for 64-bit address
        output (bnc#1012382).
    
      - bus: brcmstb_gisb: Use register offsets with writes too
        (bnc#1012382).
    
      - can: kvaser_usb: Increase correct stats counter in
        kvaser_usb_rx_can_msg() (bnc#1012382).
    
      - cdc_ether: flag the Cinterion AHS8 modem by gemalto as
        WWAN (bnc#1012382).
    
      - cdrom: information leak in cdrom_ioctl_media_changed()
        (bnc#1012382).
    
      - ceph: adding protection for showing cap reservation info
        (bsc#1089115).
    
      - ceph: always update atime/mtime/ctime for new inode
        (bsc#1089115).
    
      - ceph: check if mds create snaprealm when setting quota
        (fate#324665 bsc#1089115).
    
      - ceph: do not check quota for snap inode (fate#324665
        bsc#1089115).
    
      - ceph: fix invalid point dereference for error case in
        mdsc destroy (bsc#1089115).
    
      - ceph: fix root quota realm check (fate#324665
        bsc#1089115).
    
      - ceph: fix rsize/wsize capping in
        ceph_direct_read_write() (bsc#1089115).
    
      - ceph: quota: add counter for snaprealms with quota
        (fate#324665 bsc#1089115).
    
      - ceph: quota: add initial infrastructure to support
        cephfs quotas (fate#324665 bsc#1089115).
    
      - ceph: quota: cache inode pointer in ceph_snap_realm
        (fate#324665 bsc#1089115).
    
      - ceph: quota: do not allow cross-quota renames
        (fate#324665 bsc#1089115).
    
      - ceph: quota: report root dir quota usage in statfs
        (fate#324665 bsc#1089115).
    
      - ceph: quota: support for ceph.quota.max_bytes
        (fate#324665 bsc#1089115).
    
      - ceph: quota: support for ceph.quota.max_files
        (fate#324665 bsc#1089115).
    
      - ceph: quota: update MDS when max_bytes is approaching
        (fate#324665 bsc#1089115).
    
      - cfg80211: make RATE_INFO_BW_20 the default
        (bnc#1012382).
    
      - ch9200: use skb_cow_head() to deal with cloned skbs
        (bsc#1088684).
    
      - cifs: do not allow creating sockets except with SMB1
        posix exensions (bnc#1012382).
    
      - cifs: silence compiler warnings showing up with
        gcc-8.0.0 (bsc#1090734).
    
      - cifs: silence lockdep splat in cifs_relock_file()
        (bnc#1012382).
    
      - cifs: Use file_dentry() (bsc#1093008).
    
      - clk: bcm2835: De-assert/assert PLL reset signal when
        appropriate (bnc#1012382).
    
      - clk: Fix __set_clk_rates error print-string
        (bnc#1012382).
    
      - clk: mvebu: armada-38x: add support for 1866MHz variants
        (bnc#1012382).
    
      - clk: mvebu: armada-38x: add support for missing clocks
        (bnc#1012382).
    
      - clk: scpi: fix return type of __scpi_dvfs_round_rate
        (bnc#1012382).
    
      - clocksource/drivers/arm_arch_timer: Avoid infinite
        recursion when ftrace is enabled (bsc#1090225).
    
      - cpumask: Add helper cpumask_available() (bnc#1012382).
    
      - crypto: af_alg - fix possible uninit-value in alg_bind()
        (bnc#1012382).
    
      - crypto: ahash - Fix early termination in hash walk
        (bnc#1012382).
    
      - crypto: x86/cast5-avx - fix ECB encryption when long sg
        follows short one (bnc#1012382).
    
      - cx25840: fix unchecked return values (bnc#1012382).
    
      - cxgb4: fix incorrect cim_la output for T6 (bnc#1012382).
    
      - cxgb4: Fix queue free path of ULD drivers (bsc#1022743
        FATE#322540).
    
      - cxgb4: FW upgrade fixes (bnc#1012382).
    
      - cxgb4vf: Fix SGE FL buffer initialization logic for 64K
        pages (bnc#1012382).
    
      - dccp: initialize ireq->ir_mark (bnc#1012382).
    
      - dmaengine: at_xdmac: fix rare residue corruption
        (bnc#1012382).
    
      - dmaengine: imx-sdma: Handle return value of
        clk_prepare_enable (bnc#1012382).
    
      - dm ioctl: remove double parentheses (bnc#1012382).
    
      - Documentation: pinctrl: palmas: Add
        ti,palmas-powerhold-override property definition
        (bnc#1012382).
    
      - Do not leak MNT_INTERNAL away from internal mounts
        (bnc#1012382).
    
      - drivers/infiniband/core/verbs.c: fix build with
        gcc-4.4.4 (FATE#321732).
    
      - drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with
        gcc-4.4.4 (bnc#1024296,FATE#321265).
    
      - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple
        integer overflow tests (bnc#1012382).
    
      - drm/omap: fix tiled buffer stride calculations
        (bnc#1012382).
    
      - drm/radeon: Fix PCIe lane width calculation
        (bnc#1012382).
    
      - drm/virtio: fix vq wait_event condition (bnc#1012382).
    
      - drm/vmwgfx: Fix a buffer object leak (bnc#1012382).
    
      - e1000e: fix race condition around skb_tstamp_tx()
        (bnc#1012382).
    
      - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails
        (bnc#1012382).
    
      - EDAC, mv64x60: Fix an error handling path (bnc#1012382).
    
      - Enable uinput driver (bsc#1092566).
    
      - esp: Fix memleaks on error paths (git-fixes).
    
      - ext4: add validity checks for bitmap block numbers
        (bnc#1012382).
    
      - ext4: bugfix for mmaped pages in
        mpage_release_unused_pages() (bnc#1012382).
    
      - ext4: do not allow r/w mounts if metadata blocks overlap
        the superblock (bnc#1012382).
    
      - ext4: do not update checksum of new initialized bitmaps
        (bnc#1012382).
    
      - ext4: fail ext4_iget for root directory if unallocated
        (bnc#1012382).
    
      - ext4: fix bitmap position validation (bnc#1012382).
    
      - ext4: fix deadlock between inline_data and
        ext4_expand_extra_isize_ea() (bnc#1012382).
    
      - ext4: Fix hole length detection in ext4_ind_map_blocks()
        (bsc#1090953).
    
      - ext4: fix off-by-one on max nr_pages in
        ext4_find_unwritten_pgoff() (bnc#1012382).
    
      - ext4: prevent right-shifting extents beyond
        EXT_MAX_BLOCKS (bnc#1012382).
    
      - ext4: set h_journal if there is a failure starting a
        reserved handle (bnc#1012382).
    
      - fanotify: fix logic of events on child (bnc#1012382).
    
      - firmware/psci: Expose PSCI conduit (bsc#1068032).
    
      - firmware/psci: Expose SMCCC version through psci_ops
        (bsc#1068032).
    
      - fix race in drivers/char/random.c:get_reg()
        (bnc#1012382).
    
      - frv: declare jiffies to be located in the .data section
        (bnc#1012382).
    
      - fs: compat: Remove warning from COMPATIBLE_IOCTL
        (bnc#1012382).
    
      - fs/proc: Stop trying to report thread stacks
        (bnc#1012382).
    
      - fs/reiserfs/journal.c: add missing resierfs_warning()
        arg (bnc#1012382).
    
      - genirq: Use cpumask_available() for check of cpumask
        variable (bnc#1012382).
    
      - getname_kernel() needs to make sure that ->name !=
        ->iname in long case (bnc#1012382).
    
      - gpio: label descriptors using the device name
        (bnc#1012382).
    
      - gpmi-nand: Handle ECC Errors in erased pages
        (bnc#1012382).
    
      - hdlcdrv: Fix divide by zero in hdlcdrv_ioctl
        (bnc#1012382).
    
      - HID: core: Fix size as type u32 (bnc#1012382).
    
      - HID: Fix hid_report_len usage (bnc#1012382).
    
      - HID: hidraw: Fix crash on HIDIOCGFEATURE with a
        destroyed device (bnc#1012382).
    
      - HID: i2c-hid: fix size check and type usage
        (bnc#1012382).
    
      - hwmon: (ina2xx) Fix access to uninitialized mutex
        (git-fixes).
    
      - hwmon: (ina2xx) Make calibration register value fixed
        (bnc#1012382).
    
      - hypfs_kill_super(): deal with failed allocations
        (bnc#1012382).
    
      - i40iw: Free IEQ resources (bsc#969476 FATE#319648
        bsc#969477 FATE#319816).
    
      - IB/core: Fix possible crash to access NULL netdev
        (bsc#966191 FATE#320230 bsc#966186 FATE#320228).
    
      - IB/core: Generate GID change event regardless of RoCE
        GID table property (bsc#966191 FATE#320230 bsc#966186
        FATE#320228).
    
      - IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs (bsc#966191
        FATE#320230 bsc#966186 FATE#320228).
    
      - IB/mlx4: Include GID type when deleting GIDs from HW
        table under RoCE (bsc#966191 FATE#320230 bsc#966186
        FATE#320228).
    
      - IB/mlx5: Avoid passing an invalid QP type to firmware
        (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
    
      - IB/mlx5: Fix an error code in __mlx5_ib_modify_qp()
        (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
    
      - IB/mlx5: Fix incorrect size of klms in the memory region
        (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
    
      - IB/mlx5: Fix out-of-bounds read in
        create_raw_packet_qp_rq (bsc#966170 FATE#320225
        bsc#966172 FATE#320226).
    
      - IB/mlx5: revisit -Wmaybe-uninitialized warning
        (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
    
      - IB/mlx5: Set the default active rate and width to QDR
        and 4X (bsc#1015342 FATE#321688 bsc#1015343
        FATE#321689).
    
      - IB/mlx5: Use unlimited rate when static rate is not
        supported (bnc#1012382).
    
      - ibmvnic: Clean actual number of RX or TX pools
        (bsc#1092289).
    
      - ibmvnic: Clear pending interrupt after device reset
        (bsc#1089644).
    
      - ibmvnic: Define vnic_login_client_data name field as
        unsized array (bsc#1089198).
    
      - ibmvnic: Disable irqs before exiting reset from closed
        state (bsc#1084610).
    
      - ibmvnic: Do not notify peers on parameter change resets
        (bsc#1089198).
    
      - ibmvnic: Do not reset CRQ for Mobility driver resets
        (bsc#1088600).
    
      - ibmvnic: Fix DMA mapping mistakes (bsc#1088600).
    
      - ibmvnic: Fix failover case for non-redundant
        configuration (bsc#1088600).
    
      - ibmvnic: Fix non-fatal firmware error reset
        (bsc#1093990).
    
      - ibmvnic: Fix reset scheduler error handling
        (bsc#1088600).
    
      - ibmvnic: Fix statistics buffers memory leak
        (bsc#1093990).
    
      - ibmvnic: Free coherent DMA memory if FW map failed
        (bsc#1093990).
    
      - ibmvnic: Handle all login error conditions
        (bsc#1089198).
    
      - ibmvnic: Zero used TX descriptor counter on reset
        (bsc#1088600).
    
      - ib/srp: Fix completion vector assignment algorithm
        (bnc#1012382).
    
      - ib/srp: Fix srp_abort() (bnc#1012382).
    
      - ib/srpt: Fix abort handling (bnc#1012382).
    
      - ib/srpt: Fix an out-of-bounds stack access in
        srpt_zerolength_write() (bnc#1024296,FATE#321265).
    
      - iio: hi8435: avoid garbage event at first enable
        (bnc#1012382).
    
      - iio: hi8435: cleanup reset gpio (bnc#1012382).
    
      - iio: magnetometer: st_magn_spi: fix spi_device_id table
        (bnc#1012382).
    
      - input: ALPS - fix multi-touch decoding on SS4 plus
        touchpads (git-fixes).
    
      - input: ALPS - fix trackstick button handling on V8
        devices (git-fixes).
    
      - input: ALPS - fix TrackStick support for SS5 hardware
        (git-fixes).
    
      - input: ALPS - fix two-finger scroll breakage in right
        side on ALPS touchpad (git-fixes).
    
      - input: atmel_mxt_ts - add touchpad button mapping for
        Samsung Chromebook Pro (bnc#1012382).
    
      - input: drv260x - fix initializing overdrive voltage
        (bnc#1012382).
    
      - input: elan_i2c - check if device is there before really
        probing (bnc#1012382).
    
      - input: elan_i2c - clear INT before resetting controller
        (bnc#1012382).
    
      - input: elantech - force relative mode on a certain
        module (bnc#1012382).
    
      - input: i8042 - add Lenovo ThinkPad L460 to i8042 reset
        list (bnc#1012382).
    
      - input: i8042 - enable MUX on Sony VAIO VGN-CS series to
        fix touchpad (bnc#1012382).
    
      - input: leds - fix out of bound access (bnc#1012382).
    
      - input: mousedev - fix implicit conversion warning
        (bnc#1012382).
    
      - iommu/vt-d: Fix a potential memory leak (bnc#1012382).
    
      - ip6_gre: better validate user provided tunnel names
        (bnc#1012382).
    
      - ip6_tunnel: better validate user provided tunnel names
        (bnc#1012382).
    
      - ipc/shm: fix use-after-free of shm file via
        remap_file_pages() (bnc#1012382).
    
      - ipmi: create hardware-independent softdep for
        ipmi_devintf (bsc#1009062, bsc#1060799).
    
      - ipmi_ssif: Fix kernel panic at msg_done_handler
        (bsc#1088871).
    
      - ipsec: check return value of skb_to_sgvec always
        (bnc#1012382).
    
      - ip_tunnel: better validate user provided tunnel names
        (bnc#1012382).
    
      - ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
        (bnc#1012382).
    
      - ipv6: avoid dad-failures for addresses with NODAD
        (bnc#1012382).
    
      - ipv6: sit: better validate user provided tunnel names
        (bnc#1012382).
    
      - ipv6: the entire IPv6 header chain must fit the first
        fragment (bnc#1012382).
    
      - ipvs: fix rtnl_lock lockups caused by start_sync_thread
        (bnc#1012382).
    
      - iw_cxgb4: print mapped ports correctly (bsc#321658
        FATE#1005778 bsc#321660 FATE#1005780 bsc#321661
        FATE#1005781).
    
      - jbd2: fix use after free in kjournald2() (bnc#1012382).
    
      - jbd2: if the journal is aborted then do not allow update
        of the log tail (bnc#1012382).
    
      - jffs2_kill_sb(): deal with failed allocations
        (bnc#1012382).
    
      - jiffies.h: declare jiffies and jiffies_64 with
        ____cacheline_aligned_in_smp (bnc#1012382).
    
      - kABI: add tty include to audit.c (kabi).
    
      - kABI: protect hid report functions (kabi).
    
      - kABI: protect jiffies types (kabi).
    
      - kABI: protect skb_to_sgvec* (kabi).
    
      - kABI: protect sound/timer.h include in sound pcm.c
        (kabi).
    
      - kABI: protect struct ath10k_hw_params (kabi).
    
      - kABI: protect struct cstate (kabi).
    
      - kABI: protect struct _lowcore (kabi).
    
      - kABI: protect tty include in audit.h (kabi).
    
      - kabi/severities: Ignore kgr_shadow_* kABI changes
    
      - kbuild: provide a __UNIQUE_ID for clang (bnc#1012382).
    
      - kexec_file: do not add extra alignment to efi memmap
        (bsc#1044596).
    
      - keys: DNS: limit the length of option strings
        (bnc#1012382).
    
      - kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv
        kthread (bsc#1094033, fate#313296).
    
      - kGraft: fix small race in reversion code (bsc#1083125).
    
      - kobject: do not use WARN for registration failures
        (bnc#1012382).
    
      - kvm: Fix nopvspin static branch init usage
        (bsc#1056427).
    
      - kvm: Introduce nopvspin kernel parameter (bsc#1056427).
    
      - kvm: nVMX: Fix handling of lmsw instruction
        (bnc#1012382).
    
      - kvm: PPC: Book3S PR: Check copy_to/from_user return
        values (bnc#1012382).
    
      - kvm: s390: Enable all facility bits that are known good
        for passthrough (FATE#324071 LTC#158956 bnc#1012382
        bsc#1073059 bsc#1076805).
    
      - kvm: SVM: do not zero out segment attributes if segment
        is unusable or not present (bnc#1012382).
    
      - l2tp: check sockaddr length in pppol2tp_connect()
        (bnc#1012382).
    
      - l2tp: fix missing print session offset info
        (bnc#1012382).
    
      - lan78xx: Correctly indicate invalid OTP (bnc#1012382).
    
      - leds: pca955x: Correct I2C Functionality (bnc#1012382).
    
      - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs
        (bnc#1012382).
    
      - libceph, ceph: change permission for readonly debugfs
        entries (bsc#1089115).
    
      - libceph: fix misjudgement of maximum monitor number
        (bsc#1089115).
    
      - libceph: reschedule a tick in finish_hunting()
        (bsc#1089115).
    
      - libceph: un-backoff on tick when we have a authenticated
        session (bsc#1089115).
    
      - libceph: validate con->state at the top of try_write()
        (bsc#1089115).
    
      - livepatch: Allow to call a custom callback when freeing
        shadow variables (bsc#1082299 fate#313296).
    
      - livepatch: Initialize shadow variables safely by a
        custom callback (bsc#1082299 fate#313296).
    
      - llc: delete timers synchronously in llc_sk_free()
        (bnc#1012382).
    
      - llc: fix NULL pointer deref for SOCK_ZAPPED
        (bnc#1012382).
    
      - llc: hold llc_sap before release_sock() (bnc#1012382).
    
      - llist: clang: introduce member_address_is_nonnull()
        (bnc#1012382).
    
      - lockd: fix lockd shutdown race (bnc#1012382).
    
      - lockd: lost rollback of set_grace_period() in
        lockd_down_net() (git-fixes).
    
      - mac80211: Add RX flag to indicate ICV stripped
        (bnc#1012382).
    
      - mac80211: allow not sending MIC up from driver for HW
        crypto (bnc#1012382).
    
      - mac80211: allow same PN for AMSDU sub-frames
        (bnc#1012382).
    
      - mac80211: bail out from prep_connection() if a reconfig
        is ongoing (bnc#1012382).
    
      - mceusb: sporadic RX truncation corruption fix
        (bnc#1012382).
    
      - md: document lifetime of internal rdev pointer
        (bsc#1056415).
    
      - md: fix two problems with setting the 're-add' device
        state (bsc#1089023).
    
      - md: only allow remove_and_add_spares when no sync_thread
        running (bsc#1056415).
    
      - md raid10: fix NULL deference in
        handle_write_completed() (git-fixes).
    
      - md/raid10: reset the 'first' at the end of loop
        (bnc#1012382).
    
      - md/raid5: make use of spin_lock_irq over
        local_irq_disable + spin_lock (bnc#1012382).
    
      - media: v4l2-compat-ioctl32: do not oops on overlay
        (bnc#1012382).
    
      - media: videobuf2-core: do not go out of the buffer range
        (bnc#1012382).
    
      - mei: remove dev_err message on an unsupported ioctl
        (bnc#1012382).
    
      - mISDN: Fix a sleep-in-atomic bug (bnc#1012382).
    
      - mlx5: fix bug reading rss_hash_type from CQE
        (bnc#1012382).
    
      - mmc: dw_mmc: Fix the DTO/CTO timeout overflow
        calculation for 32-bit systems (bsc#1088267).
    
      - mmc: jz4740: Fix race condition in IRQ mask update
        (bnc#1012382).
    
      - mm/filemap.c: fix NULL pointer in
        page_cache_tree_insert() (bnc#1012382).
    
      - mm, slab: reschedule cache_reap() on the same CPU
        (bnc#1012382).
    
      - mtd: cfi: cmdset_0001: Do not allow read/write to
        suspend erase block (bnc#1012382).
    
      - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend
        bug (bnc#1012382).
    
      - mtd: cfi: cmdset_0002: Do not allow read/write to
        suspend erase block (bnc#1012382).
    
      - mtd: jedec_probe: Fix crash in jedec_read_mfr()
        (bnc#1012382).
    
      - neighbour: update neigh timestamps iff update is
        effective (bnc#1012382).
    
      - net: af_packet: fix race in PACKET_(R|T)X_RING
        (bnc#1012382).
    
      - net: atm: Fix potential Spectre v1 (bnc#1012382).
    
      - net: cavium: liquidio: fix up 'Avoid dma_unmap_single on
        uninitialized ndata' (bnc#1012382).
    
      - net: cdc_ncm: Fix TX zero padding (bnc#1012382).
    
      - net: emac: fix reset timeout with AR8035 phy
        (bnc#1012382).
    
      - net: ethernet: ti: cpsw: adjust cpsw fifos depth for
        fullduplex flow control (bnc#1012382).
    
      - netfilter: bridge: ebt_among: add more missing match
        size checks (bnc#1012382).
    
      - netfilter: ctnetlink: fix incorrect nf_ct_put during
        hash resize (bnc#1012382).
    
      - netfilter: ctnetlink: Make some parameters integer to
        avoid enum mismatch (bnc#1012382).
    
      - netfilter: nf_nat_h323: fix logical-not-parentheses
        warning (bnc#1012382).
    
      - netfilter: x_tables: add and use xt_check_proc_name
        (bnc#1012382).
    
      - net: fix deadlock while clearing neighbor proxy table
        (bnc#1012382).
    
      - net: fix possible out-of-bound read in
        skb_network_protocol() (bnc#1012382).
    
      - net: fix rtnh_ok() (bnc#1012382).
    
      - net: fix uninit-value in __hw_addr_add_ex()
        (bnc#1012382).
    
      - net: fool proof dev_valid_name() (bnc#1012382).
    
      - net: freescale: fix potential NULL pointer dereference
        (bnc#1012382).
    
      - net: hns: Fix ethtool private flags (bnc#1012382
        bsc#1085511).
    
      - net: hns: Fix ethtool private flags (bsc#1085511).
    
      - net: ieee802154: fix net_device reference release too
        early (bnc#1012382).
    
      - net: initialize skb->peeked when cloning (bnc#1012382).
    
      - net/ipv6: Fix route leaking between VRFs (bnc#1012382).
    
      - net/ipv6: Increment OUTxxx counters after netfilter hook
        (bnc#1012382).
    
      - netlink: fix uninit-value in netlink_sendmsg
        (bnc#1012382).
    
      - netlink: make sure nladdr has correct size in
        netlink_connect() (bnc#1012382).
    
      - net: llc: add lock_sock in llc_ui_bind to avoid a race
        condition (bnc#1012382).
    
      - net/mlx4: Check if Granular QoS per VF has been enabled
        before updating QP qos_vport (bnc#1012382).
    
      - net/mlx4_core: Fix memory leak while delete slave's
        resources (bsc#966191 FATE#320230 bsc#966186
        FATE#320228).
    
      - net/mlx4_en: Avoid adding steering rules with invalid
        ring (bnc#1012382).
    
      - net/mlx4_en: Fix mixed PFC and Global pause user control
        requests (bsc#1015336 FATE#321685 bsc#1015337
        FATE#321686 bsc#1015340 FATE#321687).
    
      - net/mlx4: Fix the check in attaching steering rules
        (bnc#1012382).
    
      - net/mlx5: avoid build warning for uniprocessor
        (bnc#1012382).
    
      - net/mlx5e: Add error print in ETS init (bsc#966170
        FATE#320225 bsc#966172 FATE#320226).
    
      - net/mlx5e: Check support before TC swap in ETS init
        (bsc#966170 FATE#320225 bsc#966172 FATE#320226).
    
      - net/mlx5e: E-Switch, Use the name of static array
        instead of its address (bsc#1015342 FATE#321688
        bsc#1015343 FATE#321689).
    
      - net/mlx5e: Remove unused define
        MLX5_MPWRQ_STRIDES_PER_PAGE (bsc#1015342 FATE#321688
        bsc#1015343 FATE#321689).
    
      - net/mlx5: Fix error handling in load one (bsc#1015342
        FATE#321688 bsc#1015343 FATE#321689).
    
      - net/mlx5: Fix ingress/egress naming mistake (bsc#1015342
        FATE#321688 bsc#1015343 FATE#321689).
    
      - net/mlx5: Tolerate irq_set_affinity_hint() failures
        (bnc#1012382).
    
      - net: move somaxconn init from sysctl code (bnc#1012382).
    
      - net: phy: avoid genphy_aneg_done() for PHYs without
        clause 22 support (bnc#1012382).
    
      - net: qca_spi: Fix alignment issues in rx path
        (bnc#1012382).
    
      - net sched actions: fix dumping which requires several
        messages to user space (bnc#1012382).
    
      - net/sched: fix NULL dereference in the error path of
        tcf_bpf_init() (bnc#1012382).
    
      - net: usb: qmi_wwan: add support for ublox R410M PID
        0x90b2 (bnc#1012382).
    
      - net: validate attribute sizes in neigh_dump_table()
        (bnc#1012382).
    
      - net: x25: fix one potential use-after-free issue
        (bnc#1012382).
    
      - net: xfrm: use preempt-safe this_cpu_read() in
        ipcomp_alloc_tfms() (bnc#1012382).
    
      - nfsv4.1: RECLAIM_COMPLETE must handle
        NFS4ERR_CONN_NOT_BOUND_TO_SESSION (bnc#1012382).
    
      - nfsv4.1: Work around a Linux server bug.. (bnc#1012382).
    
      - nospec: Kill array_index_nospec_mask_check()
        (bnc#1012382).
    
      - nospec: Move array_index_nospec() parameter checking
        into separate macro (bnc#1012382).
    
      - nvme: target: fix buffer overflow (FATE#321732
        FATE#321590 bsc#993388).
    
      - ocfs2/dlm: Fix up kABI in dlm_ctxt (bsc#1070404).
    
      - ocfs2/dlm: wait for dlm recovery done when migrating all
        lock resources (bsc#1070404).
    
      - ovl: filter trusted xattr for non-admin (bnc#1012382).
    
      - packet: fix bitfield update race (bnc#1012382).
    
      - parisc: Fix out of array access in match_pci_device()
        (bnc#1012382).
    
      - parport_pc: Add support for WCH CH382L PCI-E single
        parallel port card (bnc#1012382).
    
      - partitions/msdos: Unable to mount UFS 44bsd partitions
        (bnc#1012382).
    
      - PCI/ACPI: Fix bus range comparison in pci_mcfg_lookup()
        (bsc#1084699).
    
      - PCI/cxgb4: Extend T3 PCI quirk to T4+ devices
        (bsc#981348).
    
      - PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant
        (bnc#1012382).
    
      - percpu: include linux/sched.h for cond_resched()
        (bnc#1012382).
    
      - perf/core: Correct event creation with PERF_FORMAT_GROUP
        (bnc#1012382).
    
      - perf/core: Fix locking for children siblings group read
        (git-fixes).
    
      - perf/core: Fix possible Spectre-v1 indexing for
        ->aux_pages[] (bnc#1012382).
    
      - perf/core: Fix the perf_cpu_time_max_percent check
        (bnc#1012382).
    
      - perf header: Set proper module name when build-id event
        found (bnc#1012382).
    
      - perf/hwbp: Simplify the perf-hwbp code, fix
        documentation (bnc#1012382).
    
      - perf intel-pt: Fix error recovery from missing TIP
        packet (bnc#1012382).
    
      - perf intel-pt: Fix overlap detection to identify
        consecutive buffers correctly (bnc#1012382).
    
      - perf intel-pt: Fix sync_switch (bnc#1012382).
    
      - perf intel-pt: Fix timestamp following overflow
        (bnc#1012382).
    
      - perf probe: Add warning message if there is unexpected
        event name (bnc#1012382).
    
      - perf: Remove superfluous allocation error check
        (bnc#1012382).
    
      - perf report: Ensure the perf DSO mapping matches what
        libdw sees (bnc#1012382).
    
      - perf: Return proper values for user stack errors
        (bnc#1012382).
    
      - perf tests: Decompress kernel module before objdump
        (bnc#1012382).
    
      - perf tools: Fix copyfile_offset update of output offset
        (bnc#1012382).
    
      - perf trace: Add mmap alias for s390 (bnc#1012382).
    
      - perf/x86/cstate: Fix possible Spectre-v1 indexing for
        pkg_msr (bnc#1012382).
    
      - perf/x86: Fix possible Spectre-v1 indexing for
        hw_perf_event cache_* (bnc#1012382).
    
      - perf/x86: Fix possible Spectre-v1 indexing for
        x86_pmu::event_map() (bnc#1012382).
    
      - perf/x86/msr: Fix possible Spectre-v1 indexing in the
        MSR driver (bnc#1012382).
    
      - pidns: disable pid allocation if pid_ns_prepare_proc()
        is failed in alloc_pid() (bnc#1012382).
    
      - platform/x86: ideapad-laptop: Add MIIX 720-12IKB to
        no_hw_rfkill (bsc#1093035).
    
      - pNFS/flexfiles: missing error code in
        ff_layout_alloc_lseg() (bnc#1012382).
    
      - powerpc/64: Fix smp_wmb barrier definition use use
        lwsync consistently (bnc#1012382).
    
      - powerpc/64s: Add barrier_nospec (bsc#1068032,
        bsc#1080157).
    
      - powerpc/64s: Add support for ori barrier_nospec patching
        (bsc#1068032, bsc#1080157).
    
      - powerpc/64s: Enable barrier_nospec based on firmware
        settings (bsc#1068032, bsc#1080157).
    
      - powerpc/64s: Enhance the information in
        cpu_show_meltdown() (bsc#1068032, bsc#1075087,
        bsc#1091041).
    
      - powerpc/64s: Enhance the information in
        cpu_show_spectre_v1() (bsc#1068032).
    
      - powerpc/64s: Fix section mismatch warnings from
        setup_rfi_flush() (bsc#1068032, bsc#1075087,
        bsc#1091041).
    
      - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032,
        bsc#1075087, bsc#1091041).
    
      - powerpc/64s: Patch barrier_nospec in modules
        (bsc#1068032, bsc#1080157).
    
      - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032,
        bsc#1075087, bsc#1091041).
    
      - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032,
        bsc#1075087, bsc#1091041).
    
      - powerpc/64: Use barrier_nospec in syscall entry
        (bsc#1068032, bsc#1080157).
    
      - powerpc: Add security feature flags for Spectre/Meltdown
        (bsc#1068032, bsc#1075087, bsc#1091041).
    
      - powerpc/[booke|4xx]: Do not clobber TCR[WP] when setting
        TCR[DIE] (bnc#1012382).
    
      - powerpc: conditionally compile platform-specific serial
        drivers (bsc#1066223).
    
      - powerpc/crash: Remove the test for cpu_online in the IPI
        callback (bsc#1088242).
    
      - powerpc: Do not send system reset request through the
        oops path (bsc#1088242).
    
      - powerpc/eeh: Fix enabling bridge MMIO windows
        (bnc#1012382).
    
      - powerpc/fadump: Do not use hugepages when fadump is
        active (bsc#1092772).
    
      - powerpc/fadump: exclude memory holes while reserving
        memory in second kernel (bsc#1092772).
    
      - powerpc/lib: Fix off-by-one in alternate feature
        patching (bnc#1012382).
    
      - powerpc/mm: allow memory hotplug into a memoryless node
        (bsc#1090663).
    
      - powerpc/mm: Allow memory hotplug into an offline node
        (bsc#1090663).
    
      - powerpc: Move default security feature flags
        (bsc#1068032, bsc#1075087, bsc#1091041).
    
      - powerpc/powernv: define a standard delay for OPAL_BUSY
        type retry loops (bnc#1012382).
    
      - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops
        (bnc#1012382).
    
      - powerpc/powernv: Handle unknown OPAL errors in
        opal_nvram_write() (bnc#1012382).
    
      - powerpc/powernv: Set or clear security feature flags
        (bsc#1068032, bsc#1075087, bsc#1091041).
    
      - powerpc/powernv: Use the security flags in
        pnv_setup_rfi_flush() (bsc#1068032, bsc#1075087,
        bsc#1091041).
    
      - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
        (bsc#1068032, bsc#1075087, bsc#1091041).
    
      - powerpc/pseries: Fix clearing of security feature flags
        (bsc#1068032, bsc#1075087, bsc#1091041).
    
      - powerpc/pseries: Restore default security feature flags
        on setup (bsc#1068032, bsc#1075087, bsc#1091041).
    
      - powerpc/pseries: Set or clear security feature flags
        (bsc#1068032, bsc#1075087, bsc#1091041).
    
      - powerpc/pseries: Use the security flags in
        pseries_setup_rfi_flush() (bsc#1068032, bsc#1075087,
        bsc#1091041).
    
      - powerpc/rfi-flush: Always enable fallback flush on
        pseries (bsc#1068032, bsc#1075087, bsc#1091041).
    
      - powerpc/rfi-flush: Differentiate enabled and patched
        flush types (bsc#1068032, bsc#1075087, bsc#1091041).
    
      - powerpc/rfi-flush: Make it possible to call
        setup_rfi_flush() again (bsc#1068032, bsc#1075087,
        bsc#1091041).
    
      - powerpc: signals: Discard transaction state from signal
        frames (bsc#1094059).
    
      - powerpc/spufs: Fix coredump of SPU contexts
        (bnc#1012382).
    
      - powerpc: System reset avoid interleaving oops using die
        synchronisation (bsc#1088242).
    
      - powerpc: Use barrier_nospec in copy_from_user()
        (bsc#1068032, bsc#1080157).
    
      - pppoe: check sockaddr length in pppoe_connect()
        (bnc#1012382).
    
      - pptp: remove a buggy dst release in pptp_connect()
        (bnc#1012382).
    
      - qlge: Avoid reading past end of buffer (bnc#1012382).
    
      - r8152: add Linksys USB3GIGV1 id (bnc#1012382).
    
      - r8169: fix setting driver_data after register_netdev
        (bnc#1012382).
    
      - radeon: hide pointless #warning when compile testing
        (bnc#1012382).
    
      - random: use a tighter cap in credit_entropy_bits_safe()
        (bnc#1012382).
    
      - random: use lockless method of accessing and updating
        f->reg_idx (bnc#1012382).
    
      - ray_cs: Avoid reading past end of buffer (bnc#1012382).
    
      - rdma/core: Avoid that ib_drain_qp() triggers an
        out-of-bounds stack access (FATE#321732).
    
      - rdma/mlx5: Protect from NULL pointer derefence
        (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689).
    
      - rdma/mlx5: Protect from shift operand overflow
        (bnc#1012382).
    
      - rdma/qedr: fix QP's ack timeout configuration
        (bsc#1022604 FATE#321747).
    
      - rdma/qedr: Fix QP state initialization race (bsc#1022604
        FATE#321747).
    
      - rdma/qedr: Fix rc initialization on CNQ allocation
        failure (bsc#1022604 FATE#321747).
    
      - rdma/rxe: Fix an out-of-bounds read (FATE#322149).
    
      - rdma/ucma: Allow resolving address w/o specifying source
        address (bnc#1012382).
    
      - rdma/ucma: Check AF family prior resolving address
        (bnc#1012382).
    
      - rdma/ucma: Check that device exists prior to accessing
        it (bnc#1012382).
    
      - rdma/ucma: Check that device is connected prior to
        access it (bnc#1012382).
    
      - rdma/ucma: Do not allow join attempts for unsupported AF
        family (bnc#1012382).
    
      - rdma/ucma: Do not allow setting RDMA_OPTION_IB_PATH
        without an RDMA device (bnc#1012382).
    
      - rdma/ucma: Ensure that CM_ID exists prior to access it
        (bnc#1012382).
    
      - rdma/ucma: Fix use-after-free access in ucma_close
        (bnc#1012382).
    
      - rdma/ucma: Introduce safer rdma_addr_size() variants
        (bnc#1012382).
    
      - rds; Reset rs->rs_bound_addr in rds_add_bound() failure
        path (bnc#1012382).
    
      - regulator: gpio: Fix some error handling paths in
        'gpio_regulator_probe()' (bsc#1091960).
    
      - resource: fix integer overflow at reallocation
        (bnc#1012382).
    
      - Revert 'alsa: pcm: Fix mutex unbalance in OSS emulation
        ioctls' (kabi).
    
      - Revert 'alsa: pcm: Return -EBUSY for OSS ioctls changing
        busy streams' (kabi).
    
      - Revert 'arm: dts: am335x-pepper: Fix the audio CODEC's
        reset pin' (bnc#1012382).
    
      - Revert 'arm: dts: omap3-n900: Fix the audio CODEC's
        reset pin' (bnc#1012382).
    
      - Revert 'ath10k: rebuild crypto header in rx data frames'
        (kabi).
    
      - Revert 'ath10k: send (re)assoc peer command when NSS
        changed' (bnc#1012382).
    
      - Revert 'Bluetooth: btusb: Fix quirk for Atheros
        1525/QCA6174' (bnc#1012382).
    
      - Revert 'cpufreq: Fix governor module removal race'
        (bnc#1012382).
    
      - Revert 'ip6_vti: adjust vti mtu according to mtu of
        lower device' (bnc#1012382).
    
      - Revert 'kvm: Fix stack-out-of-bounds read in write_mmio'
        (bnc#1083635).
    
      - Revert 'mac80211: Add RX flag to indicate ICV stripped'
        (kabi).
    
      - Revert 'mac80211: allow not sending MIC up from driver
        for HW crypto' (kabi).
    
      - Revert 'mac80211: allow same PN for AMSDU sub-frames'
        (kabi).
    
      - Revert 'mtd: cfi: cmdset_0001: Do not allow read/write
        to suspend erase block.' (kabi).
    
      - Revert 'mtd: cfi: cmdset_0001: Workaround Micron Erase
        suspend bug.' (kabi).
    
      - Revert 'mtd: cfi: cmdset_0002: Do not allow read/write
        to suspend erase block.' (kabi).
    
      - Revert 'mtip32xx: use runtime tag to initialize command
        header' (bnc#1012382).
    
      - Revert 'PCI/MSI: Stop disabling MSI/MSI-X in
        pci_device_shutdown()' (bnc#1012382).
    
      - Revert 'perf tests: Decompress kernel module before
        objdump' (bnc#1012382).
    
      - Revert 'xhci: plat: Register shutdown for xhci_plat'
        (bnc#1012382).
    
      - rfkill: gpio: fix memory leak in probe error path
        (bnc#1012382).
    
      - rpc_pipefs: fix double-dput() (bnc#1012382).
    
      - rpm/config.sh: build against SP3 in OBS as well.
    
      - rtc: interface: Validate alarm-time before handling
        rollover (bnc#1012382).
    
      - rtc: opal: Handle disabled TPO in opal_get_tpo_time()
        (bnc#1012382).
    
      - rtc: snvs: fix an incorrect check of return value
        (bnc#1012382).
    
      - rtl8187: Fix NULL pointer dereference in
        priv->conf_mutex (bnc#1012382).
    
      - rxrpc: check return value of skb_to_sgvec always
        (bnc#1012382).
    
      - s390: add automatic detection of the spectre defense
        (bnc#1012382).
    
      - s390: add optimized array_index_mask_nospec
        (bnc#1012382).
    
      - s390: add options to change branch prediction behaviour
        for the kernel (bnc#1012382 bsc#1068032).
    
      - s390: add sysfs attributes for spectre (bnc#1012382).
    
      - s390/alternative: use a copy of the facility bit mask
        (bnc#1012382).
    
      - s390/cio: update chpid descriptor after resource
        accessibility event (bnc#1012382).
    
      - s390: correct module section names for expoline code
        revert (bnc#1012382).
    
      - s390: correct nospec auto detection init order
        (bnc#1012382).
    
      - s390/dasd: fix hanging safe offline (bnc#1012382).
    
      - s390/dasd: fix IO error for newly defined devices
        (bnc#1093144, LTC#167398).
    
      - s390: do not bypass BPENTER for interrupt system calls
        (bnc#1012382).
    
      - s390: enable CPU alternatives unconditionally
        (bnc#1012382).
    
      - s390/entry.S: fix spurious zeroing of r0 (bnc#1012382).
    
      - s390: introduce execute-trampolines for branches
        (bnc#1012382).
    
      - s390/ipl: ensure loadparm valid flag is set
        (bnc#1012382).
    
      - s390: move nobp parameter functions to nospec-branch.c
        (bnc#1012382).
    
      - s390: move _text symbol to address higher than zero
        (bnc#1012382).
    
      - s390/qdio: do not merge ERROR output buffers
        (bnc#1012382).
    
      - s390/qdio: do not retry EQBS after CCQ 96 (bnc#1012382).
    
      - s390/qeth: consolidate errno translation (bnc#1093144,
        LTC#167507).
    
      - s390/qeth: fix MAC address update sequence (bnc#1093144,
        LTC#167609).
    
      - s390/qeth: translate SETVLAN/DELVLAN errors
        (bnc#1093144, LTC#167507).
    
      - s390: Replace IS_ENABLED(EXPOLINE_*) with
        IS_ENABLED(CONFIG_EXPOLINE_*) (bnc#1012382).
    
      - s390: report spectre mitigation via syslog
        (bnc#1012382).
    
      - s390: run user space and KVM guests with modified branch
        prediction (bnc#1012382).
    
      - s390: scrub registers on kernel entry and KVM exit
        (bnc#1012382).
    
      - s390/uprobes: implement arch_uretprobe_is_alive()
        (bnc#1012382).
    
      - sched/numa: Use down_read_trylock() for the mmap_sem
        (bnc#1012382).
    
      - scsi: bnx2fc: fix race condition in
        bnx2fc_get_host_stats() (bnc#1012382).
    
      - scsi: libiscsi: Allow sd_shutdown on bad transport
        (bnc#1012382).
    
      - scsi: libsas: initialize sas_phy status according to
        response of DISCOVER (bnc#1012382).
    
      - scsi: lpfc: Add per io channel NVME IO statistics
        (bsc#1088865).
    
      - scsi: lpfc: Correct missing remoteport registration
        during link bounces (bsc#1088865).
    
      - scsi: lpfc: Correct target queue depth application
        changes (bsc#1088865).
    
      - scsi: lpfc: Enlarge nvmet asynchronous receive buffer
        counts (bsc#1088865).
    
      - scsi: lpfc: Fix Abort request WQ selection
        (bsc#1088865).
    
      - scsi: lpfc: Fix driver not recovering NVME rports during
        target link faults (bsc#1088865).
    
      - scsi: lpfc: Fix lingering lpfc_wq resource after driver
        unload (bsc#1088865).
    
      - scsi: lpfc: Fix multiple PRLI completion error path
        (bsc#1088865).
    
      - scsi: lpfc: Fix NULL pointer access in
        lpfc_nvme_info_show (bsc#1088865).
    
      - scsi: lpfc: Fix NULL pointer reference when resetting
        adapter (bsc#1088865).
    
      - scsi: lpfc: Fix nvme remoteport registration race
        conditions (bsc#1088865).
    
      - scsi: lpfc: Fix WQ/CQ creation for older asic's
        (bsc#1088865).
    
      - scsi: lpfc: update driver version to 11.4.0.7-2
        (bsc#1088865).
    
      - scsi: mpt3sas: Proper handling of set/clear of 'ATA
        command pending' flag (bnc#1012382).
    
      - scsi: mptsas: Disable WRITE SAME (bnc#1012382).
    
      - scsi: sd: Defer spinning up drive while SANITIZE is in
        progress (bnc#1012382).
    
      - sctp: do not check port in sctp_inet6_cmp_addr
        (bnc#1012382).
    
      - sctp: do not leak kernel memory to user space
        (bnc#1012382).
    
      - sctp: fix recursive locking warning in sctp_do_peeloff
        (bnc#1012382).
    
      - sctp: sctp_sockaddr_af must check minimal addr length
        for AF_INET6 (bnc#1012382).
    
      - selftests/powerpc: Fix TM resched DSCR test with some
        compilers (bnc#1012382).
    
      - selinux: do not check open permission on sockets
        (bnc#1012382).
    
      - selinux: Remove redundant check for unknown labeling
        behavior (bnc#1012382).
    
      - selinux: Remove unnecessary check of array base in
        selinux_set_mapping() (bnc#1012382).
    
      - serial: 8250: omap: Disable DMA for console UART
        (bnc#1012382).
    
      - serial: mctrl_gpio: Add missing module license
        (bnc#1012382).
    
      - serial: mctrl_gpio: export mctrl_gpio_disable_ms and
        mctrl_gpio_init (bnc#1012382).
    
      - serial: sh-sci: Fix race condition causing garbage
        during shutdown (bnc#1012382).
    
      - sh_eth: Use platform device for printing before
        register_netdev() (bnc#1012382).
    
      - sit: reload iphdr in ipip6_rcv (bnc#1012382).
    
      - skbuff: only inherit relevant tx_flags (bnc#1012382).
    
      - skbuff: return -EMSGSIZE in skb_to_sgvec to prevent
        overflow (bnc#1012382).
    
      - sky2: Increase D3 delay to sky2 stops working after
        suspend (bnc#1012382).
    
      - slip: Check if rstate is initialized before
        uncompressing (bnc#1012382).
    
      - soreuseport: initialise timewait reuseport field
        (bnc#1012382).
    
      - sparc64: ldc abort during vds iso boot (bnc#1012382).
    
      - spi: davinci: fix up dma_mapping_error() incorrect patch
        (bnc#1012382).
    
      - staging: comedi: ni_mio_common: ack ai fifo error
        interrupts (bnc#1012382).
    
      - staging: ion : Donnot wakeup kswapd in ion system alloc
        (bnc#1012382).
    
      - staging: wlan-ng: prism2mgmt.c: fixed a double endian
        conversion before calling hfa384x_drvr_setconfig16, also
        fixes relative sparse warning (bnc#1012382).
    
      - stop_machine, sched: Fix migrate_swap() vs.
        active_balance() deadlock (bsc#1088810).
    
      - swap: divide-by-zero when zero length swap file on ssd
        (bsc#1082153).
    
      - tags: honor COMPILED_SOURCE with apart output directory
        (bnc#1012382).
    
      - target: prefer dbroot of /etc/target over /var/target
        (bsc#1087274).
    
      - target: transport should handle st FM/EOM/ILI reads
        (bsc#1081599).
    
      - tcp: better validation of received ack sequences
        (bnc#1012382).
    
      - tcp: do not read out-of-bounds opsize (bnc#1012382).
    
      - tcp: fix TCP_REPAIR_QUEUE bound checking (bnc#1012382).
    
      - tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on
        established sockets (bnc#1012382).
    
      - team: avoid adding twice the same option to the event
        list (bnc#1012382).
    
      - team: fix netconsole setup over team (bnc#1012382).
    
      - test_firmware: fix setting old custom fw path back on
        exit, second try (bnc#1012382).
    
      - thermal: imx: Fix race condition in imx_thermal_probe()
        (bnc#1012382).
    
      - thermal: power_allocator: fix one race condition issue
        for thermal_instances list (bnc#1012382).
    
      - thunderbolt: Resume control channel after hibernation
        image is created (bnc#1012382).
    
      - tipc: add policy for TIPC_NLA_NET_ADDR (bnc#1012382).
    
      - tracepoint: Do not warn on ENOMEM (bnc#1012382).
    
      - tracing: Fix regex_match_front() to not over compare the
        test string (bnc#1012382).
    
      - tracing/uprobe_event: Fix strncpy corner case
        (bnc#1012382).
    
      - tty: Do not call panic() at tty_ldisc_init()
        (bnc#1012382).
    
      - tty: make n_tty_read() always abort if hangup is in
        progress (bnc#1012382).
    
      - tty: n_gsm: Allow ADM response in addition to UA for
        control dlci (bnc#1012382).
    
      - tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2
        is not set (bnc#1012382).
    
      - tty: n_gsm: Fix long delays with control frame timeouts
        in ADM mode (bnc#1012382).
    
      - tty: provide tty_name() even without CONFIG_TTY
        (bnc#1012382).
    
      - tty: Use __GFP_NOFAIL for tty_ldisc_get() (bnc#1012382).
    
      - ubi: fastmap: Do not flush fastmap work on detach
        (bnc#1012382).
    
      - ubi: Fix error for write access (bnc#1012382).
    
      - ubifs: Check ubifs_wbuf_sync() return code
        (bnc#1012382).
    
      - ubi: Reject MLC NAND (bnc#1012382).
    
      - um: Use POSIX ucontext_t instead of struct ucontext
        (bnc#1012382).
    
      - Update config files, add expoline for s390x
        (bsc#1089393).
    
      - Update
        patches.fixes/0001-md-raid10-fix-NULL-deference-in-handl
        e_write_complet.patch (bsc#1056415).
    
      - Update
        patches.fixes/xfs-refactor-log-record-unpack-and-data-pr
        ocessing.patch (bsc#1043598, bsc#1036215).
    
      - Update
        patches.suse/powerpc-powernv-Support-firmware-disable-of
        -RFI-flus.patch (bsc#1068032, bsc#1075087, bsc#1091041).
    
      - Update
        patches.suse/powerpc-pseries-Support-firmware-disable-of
        -RFI-flus.patch (bsc#1068032, bsc#1075087, bsc#1091041).
    
      - Update
        patches.suse/powerpc-rfi-flush-Move-the-logic-to-avoid-a
        -redo-int.patch (bsc#1068032, bsc#1075087, bsc#1091041).
    
      - Update
        patches.suse/x86-nospectre_v2-means-nospec-too.patch
        (bsc#1075994 bsc#1075091 bnc#1085958).
    
      - usb: Accept bulk endpoints with 1024-byte maxpacket
        (bnc#1012382 bsc#1092888).
    
      - usb: Accept bulk endpoints with 1024-byte maxpacket
        (bsc#1092888).
    
      - usb: chipidea: properly handle host or gadget
        initialization failure (bnc#1012382).
    
      - usb: core: Add quirk for HP v222w 16GB Mini
        (bnc#1012382).
    
      - usb: dwc2: Improve gadget state disconnection handling
        (bnc#1012382).
    
      - usb: dwc3: keystone: check return value (bnc#1012382).
    
      - usb: dwc3: pci: Properly cleanup resource (bnc#1012382).
    
      - usb: ene_usb6250: fix first command execution
        (bnc#1012382).
    
      - usb: ene_usb6250: fix SCSI residue overwriting
        (bnc#1012382).
    
      - usb:fix USB3 devices behind USB3 hubs not resuming at
        hibernate thaw (bnc#1012382).
    
      - usb: gadget: align buffer size when allocating for OUT
        endpoint (bnc#1012382).
    
      - usb: gadget: change len to size_t on alloc_ep_req()
        (bnc#1012382).
    
      - usb: gadget: define free_ep_req as universal function
        (bnc#1012382).
    
      - usb: gadget: f_hid: fix: Prevent accessing released
        memory (bnc#1012382).
    
      - usb: gadget: fix request length error for isoc transfer
        (git-fixes).
    
      - usb: gadget: fix usb_ep_align_maybe endianness and new
        usb_ep_align (bnc#1012382).
    
      - usb: Increment wakeup count on remote wakeup
        (bnc#1012382).
    
      - usbip: usbip_host: fix to hold parent lock for
        device_attach() calls (bnc#1012382).
    
      - usbip: vhci_hcd: Fix usb device and sockfd leaks
        (bnc#1012382).
    
      - usb: musb: gadget: misplaced out of bounds check
        (bnc#1012382).
    
      - usb: musb: host: fix potential NULL pointer dereference
        (bnc#1012382).
    
      - usb: serial: cp210x: add ELDAT Easywave RX09 id
        (bnc#1012382).
    
      - usb: serial: cp210x: add ID for NI USB serial console
        (bnc#1012382).
    
      - usb: serial: ftdi_sio: add RT Systems VX-8 cable
        (bnc#1012382).
    
      - usb: serial: ftdi_sio: add support for Harman
        FirmwareHubEmulator (bnc#1012382).
    
      - usb: serial: ftdi_sio: use jtag quirk for Arrow USB
        Blaster (bnc#1012382).
    
      - usb: serial: option: adding support for ublox R410M
        (bnc#1012382).
    
      - usb: serial: option: Add support for Quectel EP06
        (bnc#1012382).
    
      - usb: serial: option: reimplement interface masking
        (bnc#1012382).
    
      - usb: serial: simple: add libtransistor console
        (bnc#1012382).
    
      - usb: serial: visor: handle potential invalid device
        configuration (bnc#1012382).
    
      - vfb: fix video mode and line_length being set when
        loaded (bnc#1012382).
    
      - vfio/pci: Virtualize Maximum Payload Size (bnc#1012382).
    
      - vfio/pci: Virtualize Maximum Read Request Size
        (bnc#1012382).
    
      - vfio-pci: Virtualize PCIe & AF FLR (bnc#1012382).
    
      - vhost: correctly remove wait queue during poll failure
        (bnc#1012382).
    
      - virtio: add ability to iterate over vqs (bnc#1012382).
    
      - virtio_console: free buffers after reset (bnc#1012382).
    
      - virtio_net: check return value of skb_to_sgvec always
        (bnc#1012382).
    
      - virtio_net: check return value of skb_to_sgvec in one
        more location (bnc#1012382).
    
      - vlan: also check phy_driver ts_info for vlan's real
        device (bnc#1012382).
    
      - vlan: Fix reading memory beyond skb->tail in
        skb_vlan_tagged_multi (bnc#1012382).
    
      - vmxnet3: ensure that adapter is in proper state during
        force_close (bnc#1012382).
    
      - vrf: Fix use after free and double free in
        vrf_finish_output (bnc#1012382).
    
      - vt: change SGR 21 to follow the standards (bnc#1012382).
    
      - vti6: better validate user provided tunnel names
        (bnc#1012382).
    
      - vxlan: dont migrate permanent fdb entries during learn
        (bnc#1012382).
    
      - watchdog: f71808e_wdt: Fix WD_EN register read
        (bnc#1012382).
    
      - watchdog: hpwdt: Remove legacy NMI sourcing
        (bsc#1085185).
    
      - watchdog: sbsa: use 32-bit read for WCV (bsc#1085679).
    
      - wl1251: check return from call to
        wl1251_acx_arp_ip_filter (bnc#1012382).
    
      - writeback: fix the wrong congested state variable
        definition (bnc#1012382).
    
      - writeback: safer lock nesting (bnc#1012382).
    
      - x86/asm: Do not use RBP as a temporary register in
        csum_partial_copy_generic() (bnc#1012382).
    
      - x86/bugs: correctly force-disable IBRS on !SKL systems
        (bsc#1092497).
    
      - x86/bugs: Make sure that _TIF_SSBD does not end up in
        _TIF_ALLWORK_MASK (bsc#1093215).
    
      - x86/bugs: Respect retpoline command line option
        (bsc#1068032).
    
      - x86/hweight: Do not clobber %rdi (bnc#1012382).
    
      - x86/hweight: Get rid of the special calling convention
        (bnc#1012382).
    
      - x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
        (bnc#1012382).
    
      - x86/platform/UV: Add references to access fixed UV4A HUB
        MMRs (bsc#1076263 #fate#322814).
    
      - x86/platform/uv/BAU: Replace hard-coded values with MMR
        definitions (bsc#1076263 #fate#322814).
    
      - x86/platform/UV: Fix critical UV MMR address error
        (bsc#1076263
    
      - x86/platform/UV: Fix GAM MMR changes in UV4A
        (bsc#1076263 #fate#322814).
    
      - x86/platform/UV: Fix GAM MMR references in the UV x2apic
        code (bsc#1076263 #fate#322814).
    
      - x86/platform/UV: Fix GAM Range Table entries less than
        1GB (bsc#1091325).
    
      - x86/platform/UV: Fix UV4A BAU MMRs (bsc#1076263
        #fate#322814).
    
      - x86/platform/UV: Fix UV4A support on new Intel
        Processors (bsc#1076263 #fate#322814).
    
      - x86/platform/uv: Skip UV runtime services mapping in the
        efi_runtime_disabled case (bsc#1089925).
    
      - x86/platform/UV: Update uv_mmrs.h to prepare for UV4A
        fixes (bsc#1076263 #fate#322814).
    
      - x86/smpboot: Do not use mwait_play_dead() on AMD systems
        (bnc#1012382).
    
      - x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
        (bnc#1012382).
    
      - x86/tsc: Provide 'tsc=unstable' boot parameter
        (bnc#1012382).
    
      - xen: avoid type warning in xchg_xen_ulong (bnc#1012382).
    
      - xen-netfront: Fix hang on device removal (bnc#1012382).
    
      - xfrm: fix state migration copy replay sequence numbers
        (bnc#1012382).
    
      - xfrm: Refuse to insert 32 bit userspace socket policies
        on 64 bit systems (bnc#1012382).
    
      - xfrm_user: fix return value from xfrm_user_rcv_msg
        (bnc#1012382).
    
      - xfrm_user: uncoditionally validate esn replay attribute
        struct (bnc#1012382).
    
      - xfs: always verify the log tail during recovery
        (bsc#1036215).
    
      - xfs: detect and handle invalid iclog size set by mkfs
        (bsc#1043598).
    
      - xfs: detect and trim torn writes during log recovery
        (bsc#1036215).
    
      - xfs: fix log recovery corruption error due to tail
        overwrite (bsc#1036215).
    
      - xfs: fix recovery failure when log record header wraps
        log end (bsc#1036215).
    
      - xfs: handle -EFSCORRUPTED during head/tail verification
        (bsc#1036215).
    
      - xfs: prevent creating negative-sized file via
        INSERT_RANGE (bnc#1012382).
    
      - xfs: refactor and open code log record crc check
        (bsc#1036215).
    
      - xfs: refactor log record start detection into a new
        helper (bsc#1036215).
    
      - xfs: return start block of first bad log record during
        recovery (bsc#1036215).
    
      - xfs: support a crc verification only log record pass
        (bsc#1036215).
    
      - x86/bugs: make intel_rds_mask() honor X86_FEATURE_SSBD
        (bsc#1094019).
    
      - watchdog: hpwdt: condition early return of NMI handler
        on iLO5 (bsc#1085185).
    
      - watchdog: hpwdt: Modify to use watchdog core
        (bsc#1085185).
    
      - watchdog: hpwdt: Update nmi_panic message (bsc#1085185).
    
      - watchdog: hpwdt: Update Module info and copyright
        (bsc#1085185)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005780"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005781"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1009062"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015336"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015337"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015340"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015342"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1015343"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022604"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022743"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1024296"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031492"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1036215"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1043598"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1044596"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056415"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056427"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1060799"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1066223"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068032"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1070404"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1073059"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1075087"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1075091"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1075994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1076263"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1076805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1080157"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1081599"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082153"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082299"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082485"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082962"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083125"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083635"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083650"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083900"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084610"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084699"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084721"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085058"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085185"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085511"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085679"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085958"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087274"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088050"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088242"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088267"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088313"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088684"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088810"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088865"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088871"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089023"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089115"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089198"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089393"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089608"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089644"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089752"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089895"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089925"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090225"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090643"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090658"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090663"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090708"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090718"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090734"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090953"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1091041"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1091325"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1091728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1091960"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092289"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092497"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092566"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092772"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092904"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092975"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1093008"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1093035"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1093144"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1093215"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1093990"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094019"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094033"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094059"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=802154"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=966170"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=966172"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=966186"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=966191"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=969476"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=969477"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=981348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=993388"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kselftests-kmp-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kselftests-kmp-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kselftests-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kselftests-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/25");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-base-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-base-debuginfo-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-debuginfo-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-debugsource-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-devel-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-devel-debuginfo-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-base-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-base-debuginfo-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-debuginfo-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-debugsource-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-devel-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-devel-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-docs-html-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-docs-pdf-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-macros-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-build-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-build-debugsource-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-qa-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-source-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-source-vanilla-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-syms-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-base-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-base-debuginfo-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-debuginfo-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-debugsource-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-devel-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kselftests-kmp-debug-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kselftests-kmp-debug-debuginfo-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kselftests-kmp-default-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kselftests-kmp-default-debuginfo-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kselftests-kmp-vanilla-4.4.132-53.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"kselftests-kmp-vanilla-debuginfo-4.4.132-53.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-devel / kernel-macros / kernel-source / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3653-2.NASL
    descriptionUSN-3653-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203) It was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110047
    published2018-05-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110047
    titleUbuntu 16.04 LTS : linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities (USN-3653-2) (Spectre)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3653-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110047);
      script_version("1.10");
      script_cvs_date("Date: 2019/09/18 12:31:48");
    
      script_cve_id("CVE-2017-17449", "CVE-2017-17975", "CVE-2017-18203", "CVE-2017-18208", "CVE-2018-3639", "CVE-2018-8822");
      script_xref(name:"USN", value:"3653-2");
    
      script_name(english:"Ubuntu 16.04 LTS : linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities (USN-3653-2) (Spectre)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-3653-1 fixed vulnerabilities and added mitigations in the Linux
    kernel for Ubuntu 17.10. This update provides the corresponding
    updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu
    17.10 for Ubuntu 16.04 LTS.
    
    Jann Horn and Ken Johnson discovered that microprocessors utilizing
    speculative execution of a memory read may allow unauthorized memory
    reads via a sidechannel attack. This flaw is known as Spectre Variant
    4. A local attacker could use this to expose sensitive information,
    including kernel memory. (CVE-2018-3639)
    
    It was discovered that the netlink subsystem in the Linux kernel did
    not properly restrict observations of netlink messages to the
    appropriate net namespace. A local attacker could use this to expose
    sensitive information (kernel netlink traffic). (CVE-2017-17449)
    
    Tuba Yavuz discovered that a double-free error existed in the USBTV007
    driver of the Linux kernel. A local attacker could use this to cause a
    denial of service (system crash) or possibly execute arbitrary code.
    (CVE-2017-17975)
    
    It was discovered that a race condition existed in the Device Mapper
    component of the Linux kernel. A local attacker could use this to
    cause a denial of service (system crash). (CVE-2017-18203)
    
    It was discovered that an infinite loop could occur in the madvise(2)
    implementation in the Linux kernel in certain circumstances. A local
    attacker could use this to cause a denial of service (system hang).
    (CVE-2017-18208)
    
    Silvio Cesare discovered a buffer overwrite existed in the NCPFS
    implementation in the Linux kernel. A remote attacker controlling a
    malicious NCPFS server could use this to cause a denial of service
    (system crash) or possibly execute arbitrary code. (CVE-2018-8822).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3653-2/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-oem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/23");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2017-17449", "CVE-2017-17975", "CVE-2017-18203", "CVE-2017-18208", "CVE-2018-3639", "CVE-2018-8822");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3653-2");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.13.0-1017-gcp", pkgver:"4.13.0-1017.21")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.13.0-1018-azure", pkgver:"4.13.0-1018.21")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.13.0-1028-oem", pkgver:"4.13.0-1028.31")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.13.0-43-generic", pkgver:"4.13.0-43.48~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.13.0-43-generic-lpae", pkgver:"4.13.0-43.48~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.13.0-43-lowlatency", pkgver:"4.13.0-43.48~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-azure", pkgver:"4.13.0.1018.19")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-gcp", pkgver:"4.13.0.1017.19")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-hwe-16.04", pkgver:"4.13.0.43.62")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-lpae-hwe-16.04", pkgver:"4.13.0.43.62")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-gke", pkgver:"4.13.0.1017.19")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-lowlatency-hwe-16.04", pkgver:"4.13.0.43.62")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-oem", pkgver:"4.13.0.1028.33")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.13-azure / linux-image-4.13-gcp / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1080-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). Enhancements and bugfixes over the previous fixes have been added to this kernel. - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). - CVE-2018-7566: There was a buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bnc#1083483). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver. (bnc#1072865). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allowed local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). - CVE-2017-16911: The vhci_hcd driver allowed allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP (bnc#1078674). - CVE-2017-18208: The madvise_willneed function in mm/madvise.c local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2018-6927: The futex_requeue function in kernel/futex.c in the Linux kernel might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757). - CVE-2017-16914: The
    last seen2020-06-01
    modified2020-06-02
    plugin id109360
    published2018-04-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109360
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2018:1080-1) (Spectre)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:1080-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(109360);
      script_version("1.7");
      script_cvs_date("Date: 2019/09/10 13:51:47");
    
      script_cve_id("CVE-2015-5156", "CVE-2016-7915", "CVE-2017-0861", "CVE-2017-12190", "CVE-2017-13166", "CVE-2017-16644", "CVE-2017-16911", "CVE-2017-16912", "CVE-2017-16913", "CVE-2017-16914", "CVE-2017-18203", "CVE-2017-18208", "CVE-2017-5715", "CVE-2018-10087", "CVE-2018-6927", "CVE-2018-7566", "CVE-2018-7757", "CVE-2018-8822");
      script_xref(name:"IAVA", value:"2018-A-0020");
    
      script_name(english:"SUSE SLES11 Security Update : kernel (SUSE-SU-2018:1080-1) (Spectre)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
    security and bugfixes. The following security bugs were fixed :
    
      - CVE-2017-5715: Systems with microprocessors utilizing
        speculative execution and indirect branch prediction may
        allow unauthorized disclosure of information to an
        attacker with local user access via a side-channel
        analysis (bnc#1068032). Enhancements and bugfixes over
        the previous fixes have been added to this kernel.
    
      - CVE-2018-10087: The kernel_wait4 function in
        kernel/exit.c might have allowed local users to cause a
        denial of service by triggering an attempted use of the
        -INT_MIN value (bnc#1089608).
    
      - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events
        function in drivers/scsi/libsas/sas_expander.c allowed
        local users to cause a denial of service (memory
        consumption) via many read accesses to files in the
        /sys/class/sas_phy directory, as demonstrated by the
        /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file
        (bnc#1084536).
    
      - CVE-2018-7566: There was a buffer overflow via an
        SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to
        /dev/snd/seq by a local user (bnc#1083483).
    
      - CVE-2017-0861: Use-after-free vulnerability in the
        snd_pcm_info function in the ALSA subsystem allowed
        attackers to gain privileges via unspecified vectors
        (bnc#1088260).
    
      - CVE-2018-8822: Incorrect buffer length handling in the
        ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c
        could be exploited by malicious NCPFS servers to crash
        the kernel or execute code (bnc#1086162).
    
      - CVE-2017-13166: An elevation of privilege vulnerability
        in the kernel v4l2 video driver. (bnc#1072865).
    
      - CVE-2017-18203: The dm_get_from_kobject function in
        drivers/md/dm.c allowed local users to cause a denial of
        service (BUG) by leveraging a race condition with
        __dm_destroy during creation and removal of DM devices
        (bnc#1083242).
    
      - CVE-2017-16911: The vhci_hcd driver allowed allows local
        attackers to disclose kernel memory addresses.
        Successful exploitation requires that a USB device is
        attached over IP (bnc#1078674).
    
      - CVE-2017-18208: The madvise_willneed function in
        mm/madvise.c local users to cause a denial of service
        (infinite loop) by triggering use of MADVISE_WILLNEED
        for a DAX mapping (bnc#1083494).
    
      - CVE-2017-16644: The hdpvr_probe function in
        drivers/media/usb/hdpvr/hdpvr-core.c allowed local users
        to cause a denial of service (improper error handling
        and system crash) or possibly have unspecified other
        impact via a crafted USB device (bnc#1067118).
    
      - CVE-2018-6927: The futex_requeue function in
        kernel/futex.c in the Linux kernel might allow attackers
        to cause a denial of service (integer overflow) or
        possibly have unspecified other impact by triggering a
        negative wake or requeue value (bnc#1080757).
    
      - CVE-2017-16914: The 'stub_send_ret_submit()' function
        (drivers/usb/usbip/stub_tx.c) allowed attackers to cause
        a denial of service (NULL pointer dereference) via a
        specially crafted USB over IP packet (bnc#1078669).
    
      - CVE-2016-7915: The hid_input_field function in
        drivers/hid/hid-core.c allowed physically proximate
        attackers to obtain sensitive information from kernel
        memory or cause a denial of service (out-of-bounds read)
        by connecting a device, as demonstrated by a Logitech DJ
        receiver (bnc#1010470).
    
      - CVE-2015-5156: The virtnet_probe function in
        drivers/net/virtio_net.c attempted to support a FRAGLIST
        feature without proper memory allocation, which allowed
        guest OS users to cause a denial of service (buffer
        overflow and memory corruption) via a crafted sequence
        of fragmented packets (bnc#940776).
    
      - CVE-2017-12190: The bio_map_user_iov and bio_unmap_user
        functions in block/bio.c did unbalanced refcounting when
        a SCSI I/O vector has small consecutive buffers
        belonging to the same page. The bio_add_pc_page function
        merges them into one, but the page reference is never
        dropped. This causes a memory leak and possible system
        lockup (exploitable against the host OS by a guest OS
        user, if a SCSI disk is passed through to a virtual
        machine) due to an out-of-memory condition
        (bnc#1062568).
    
      - CVE-2017-16912: The 'get_pipe()' function
        (drivers/usb/usbip/stub_rx.c) allowed attackers to cause
        a denial of service (out-of-bounds read) via a specially
        crafted USB over IP packet (bnc#1078673).
    
      - CVE-2017-16913: The 'stub_recv_cmd_submit()' function
        (drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT
        packets allowed attackers to cause a denial of service
        (arbitrary memory allocation) via a specially crafted
        USB over IP packet (bnc#1078672).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1010470"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1013018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052943"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062568"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062840"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063416"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063516"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1065999"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1067118"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1067912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1068032"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1072689"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1072865"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1075088"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1075091"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1075994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1078669"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1078672"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1078673"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1078674"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1080464"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1080757"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1080813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1081358"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1082091"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1082424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083242"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083275"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083483"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083494"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1084536"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085113"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085331"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085513"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1087092"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1087260"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1087762"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1088147"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1088260"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1089608"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=909077"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=940776"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=943786"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-5156/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-7915/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-0861/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12190/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-13166/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16644/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16911/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16912/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16913/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16914/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18203/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18208/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-5715/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10087/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-6927/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-7566/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-7757/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-8822/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20181080-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1ffcd0fc"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
    patch sdksp4-kernel-source-20180417-13574=1
    
    SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
    slessp4-kernel-source-20180417-13574=1
    
    SUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch
    slexsp3-kernel-source-20180417-13574=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
    dbgsp4-kernel-source-20180417-13574=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/26");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"kernel-default-man-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-base-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-devel-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-source-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-syms-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-base-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-devel-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-base-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-devel-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-base-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-devel-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-base-3.0.101-108.38.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-devel-3.0.101-108.38.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1369.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-0861 Robb Glasser reported a potential use-after-free in the ALSA (sound) PCM core. We believe this was not possible in practice. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the
    last seen2020-03-17
    modified2018-05-03
    plugin id109531
    published2018-05-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109531
    titleDebian DLA-1369-1 : linux security update (Spectre)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1369-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(109531);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2017-0861", "CVE-2017-13166", "CVE-2017-16526", "CVE-2017-16911", "CVE-2017-16912", "CVE-2017-16913", "CVE-2017-16914", "CVE-2017-18017", "CVE-2017-18203", "CVE-2017-18216", "CVE-2017-5715", "CVE-2018-1000004", "CVE-2018-1000199", "CVE-2018-1068", "CVE-2018-1092", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-6927", "CVE-2018-7492", "CVE-2018-7566", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8781", "CVE-2018-8822");
      script_xref(name:"IAVA", value:"2018-A-0020");
    
      script_name(english:"Debian DLA-1369-1 : linux security update (Spectre)");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or information
    leaks.
    
    CVE-2017-0861
    
    Robb Glasser reported a potential use-after-free in the ALSA (sound)
    PCM core. We believe this was not possible in practice.
    
    CVE-2017-5715
    
    Multiple researchers have discovered a vulnerability in various
    processors supporting speculative execution, enabling an attacker
    controlling an unprivileged process to read memory from arbitrary
    addresses, including from the kernel and all other processes running
    on the system.
    
    This specific attack has been named Spectre variant 2
    (branch target injection) and is mitigated for the x86
    architecture (amd64 and i386) by using the 'retpoline'
    compiler feature which allows indirect branches to be
    isolated from speculative execution.
    
    CVE-2017-13166
    
    A bug in the 32-bit compatibility layer of the v4l2 ioctl handling
    code has been found. Memory protections ensuring user-provided buffers
    always point to userland memory were disabled, allowing destination
    addresses to be in kernel space. On a 64-bit kernel (amd64 flavour) a
    local user with access to a suitable video device can exploit this to
    overwrite kernel memory, leading to privilege escalation.
    
    CVE-2017-16526
    
    Andrey Konovalov reported that the UWB subsystem may dereference an
    invalid pointer in an error case. A local user might be able to use
    this for denial of service.
    
    CVE-2017-16911
    
    Secunia Research reported that the USB/IP vhci_hcd driver exposed
    kernel heap addresses to local users. This information could aid the
    exploitation of other vulnerabilities.
    
    CVE-2017-16912
    
    Secunia Research reported that the USB/IP stub driver failed to
    perform a range check on a received packet header field, leading to an
    out-of-bounds read. A remote user able to connect to the USB/IP server
    could use this for denial of service.
    
    CVE-2017-16913
    
    Secunia Research reported that the USB/IP stub driver failed to
    perform a range check on a received packet header field, leading to
    excessive memory allocation. A remote user able to connect to the
    USB/IP server could use this for denial of service.
    
    CVE-2017-16914
    
    Secunia Research reported that the USB/IP stub driver failed to check
    for an invalid combination of fields in a recieved packet, leading to
    a NULL pointer dereference. A remote user able to connect to the
    USB/IP server could use this for denial of service.
    
    CVE-2017-18017
    
    Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module
    failed to validate TCP header lengths, potentially leading to a
    use-after-free. If this module is loaded, it could be used by a remote
    attacker for denial of service or possibly for code execution.
    
    CVE-2017-18203
    
    Hou Tao reported that there was a race condition in creation and
    deletion of device-mapper (DM) devices. A local user could potentially
    use this for denial of service.
    
    CVE-2017-18216
    
    Alex Chen reported that the OCFS2 filesystem failed to hold a
    necessary lock during nodemanager sysfs file operations, potentially
    leading to a NULL pointer dereference. A local user could use this for
    denial of service.
    
    CVE-2018-1068
    
    The syzkaller tool found that the 32-bit compatibility layer of
    ebtables did not sufficiently validate offset values. On a 64-bit
    kernel (amd64 flavour), a local user with the CAP_NET_ADMIN capability
    could use this to overwrite kernel memory, possibly leading to
    privilege escalation.
    
    CVE-2018-1092
    
    Wen Xu reported that a crafted ext4 filesystem image would trigger a
    null dereference when mounted. A local user able to mount arbitrary
    filesystems could use this for denial of service.
    
    CVE-2018-5332
    
    Mohamed Ghannam reported that the RDS protocol did not sufficiently
    validate RDMA requests, leading to an out-of-bounds write. A local
    attacker on a system with the rds module loaded could use this for
    denial of service or possibly for privilege escalation.
    
    CVE-2018-5333
    
    Mohamed Ghannam reported that the RDS protocol did not properly handle
    an error case, leading to a NULL pointer dereference. A local attacker
    on a system with the rds module loaded could possibly use this for
    denial of service.
    
    CVE-2018-5750
    
    Wang Qize reported that the ACPI sbshc driver logged a kernel heap
    address. This information could aid the exploitation of other
    vulnerabilities.
    
    CVE-2018-5803
    
    Alexey Kodanev reported that the SCTP protocol did not range-check the
    length of chunks to be created. A local or remote user could use this
    to cause a denial of service.
    
    CVE-2018-6927
    
    Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did not
    check for negative parameter values, which might lead to a denial of
    service or other security impact.
    
    CVE-2018-7492
    
    The syzkaller tool found that the RDS protocol was lacking a NULL pointer check. A local attacker on a system with the rds module loaded
    could use this for denial of service.
    
    CVE-2018-7566
    
    &#x8303;&#x9F99;&#x98DE; (Fan LongFei) reported a race condition in
    the ALSA (sound) sequencer core, between write and ioctl operations.
    This could lead to an out-of-bounds access or use-after-free. A local
    user with access to a sequencer device could use this for denial of
    service or possibly for privilege escalation.
    
    CVE-2018-7740
    
    Nic Losby reported that the hugetlbfs filesystem's mmap operation did
    not properly range-check the file offset. A local user with access to
    files on a hugetlbfs filesystem could use this to cause a denial of
    service.
    
    CVE-2018-7757
    
    Jason Yan reported a memory leak in the SAS (Serial-Attached SCSI)
    subsystem. A local user on a system with SAS devices could use this to
    cause a denial of service.
    
    CVE-2018-7995
    
    Seunghun Han reported a race condition in the x86 MCE (Machine Check
    Exception) driver. This is unlikely to have any security impact.
    
    CVE-2018-8781
    
    Eyal Itkin reported that the udl (DisplayLink) driver's mmap operation
    did not properly range-check the file offset. A local user with access
    to a udl framebuffer device could exploit this to overwrite kernel
    memory, leading to privilege escalation.
    
    CVE-2018-8822
    
    Dr Silvio Cesare of InfoSect reported that the ncpfs client
    implementation did not validate reply lengths from the server. An
    ncpfs server could use this to cause a denial of service or remote
    code execution in the client.
    
    CVE-2018-1000004
    
    Luo Quan reported a race condition in the ALSA (sound) sequencer core,
    between multiple ioctl operations. This could lead to a deadlock or
    use-after-free. A local user with access to a sequencer device could
    use this for denial of service or possibly for privilege escalation.
    
    CVE-2018-1000199
    
    Andy Lutomirski discovered that the ptrace subsystem did not
    sufficiently validate hardware breakpoint settings. Local users can
    use this to cause a denial of service, or possibly for privilege
    escalation, on x86 (amd64 and i386) and possibly other architectures.
    
    Additionally, some mitigations for CVE-2017-5753 are included in this
    release :
    
    CVE-2017-5753
    
    Multiple researchers have discovered a vulnerability in various
    processors supporting speculative execution, enabling an attacker
    controlling an unprivileged process to read memory from arbitrary
    addresses, including from the kernel and all other processes running
    on the system.
    
    This specific attack has been named Spectre variant 1
    (bounds-check bypass) and is mitigated by identifying
    vulnerable code sections (array bounds checking followed by
    array access) and replacing the array access with the
    speculation-safe array_index_nospec() function.
    
    More use sites will be added over time.
    
    For Debian 7 'Wheezy', these problems have been fixed in version
    3.2.101-1. This version also includes bug fixes from upstream versions
    up to and including 3.2.101. It also fixes a regression in the procfs
    hidepid option in the previous version (Debian bug #887106).
    
    We recommend that you upgrade your linux packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/linux"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-doc-3.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-486");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-4kc-malta");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-5kc-malta");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-armel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-armhf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-i386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-ia64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-mips");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-mipsel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-powerpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-s390");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-sparc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-common-rt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-iop32x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-itanium");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-ixp4xx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-kirkwood");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-loongson-2f");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-mckinley");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-mv78xx0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-mx5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-octeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-omap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-orion5x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-powerpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-powerpc-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-powerpc64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-r4k-ip22");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-r5k-cobalt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-r5k-ip32");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-rt-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-rt-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-sb1-bcm91250a");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-sb1a-bcm91480b");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-sparc64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-sparc64-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-versatile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-vexpress");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-486");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-4kc-malta");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-5kc-malta");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-686-pae-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-amd64-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-iop32x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-itanium");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-ixp4xx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-kirkwood");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-loongson-2f");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-mckinley");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-mv78xx0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-mx5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-octeon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-omap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-orion5x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-powerpc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-powerpc-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-powerpc64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-r4k-ip22");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-r5k-cobalt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-r5k-ip32");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-rt-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-rt-686-pae-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-rt-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-rt-amd64-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-s390x-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-s390x-tape");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-sb1-bcm91250a");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-sb1a-bcm91480b");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-sparc64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-sparc64-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-versatile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-vexpress");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-libc-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-manual-3.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-source-3.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-support-3.2.0-4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-linux-system-3.2.0-4-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-linux-system-3.2.0-4-amd64");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/02");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/03");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    # Temp disable
    exit(1, "Temporarily disabled.");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"linux-doc-3.2", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-486", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-4kc-malta", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-5kc-malta", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-686-pae", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-all", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-all-amd64", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-all-armel", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-all-armhf", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-all-i386", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-all-ia64", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-all-mips", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-all-mipsel", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-all-powerpc", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-all-s390", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-all-s390x", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-all-sparc", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-amd64", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-common", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-common-rt", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-iop32x", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-itanium", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-ixp4xx", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-kirkwood", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-loongson-2f", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-mckinley", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-mv78xx0", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-mx5", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-octeon", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-omap", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-orion5x", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-powerpc", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-powerpc-smp", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-powerpc64", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-r4k-ip22", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-r5k-cobalt", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-r5k-ip32", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-rt-686-pae", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-rt-amd64", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-s390x", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-sb1-bcm91250a", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-sb1a-bcm91480b", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-sparc64", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-sparc64-smp", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-versatile", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-headers-3.2.0-4-vexpress", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-486", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-4kc-malta", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-5kc-malta", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-686-pae", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-686-pae-dbg", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-amd64", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-amd64-dbg", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-iop32x", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-itanium", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-ixp4xx", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-kirkwood", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-loongson-2f", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-mckinley", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-mv78xx0", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-mx5", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-octeon", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-omap", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-orion5x", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-powerpc", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-powerpc-smp", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-powerpc64", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-r4k-ip22", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-r5k-cobalt", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-r5k-ip32", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-rt-686-pae", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-rt-686-pae-dbg", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-rt-amd64", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-rt-amd64-dbg", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-s390x", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-s390x-dbg", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-s390x-tape", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-sb1-bcm91250a", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-sb1a-bcm91480b", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-sparc64", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-sparc64-smp", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-versatile", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-image-3.2.0-4-vexpress", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-libc-dev", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-manual-3.2", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-source-3.2", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"linux-support-3.2.0-4", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"xen-linux-system-3.2.0-4-686-pae", reference:"3.2.101-1")) flag++;
    if (deb_check(release:"7.0", prefix:"xen-linux-system-3.2.0-4-amd64", reference:"3.2.101-1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1173-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability that allowed local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241) - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109647
    published2018-05-09
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109647
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:1173-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0132_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121837
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121837
    titlePhoton OS 1.0: Linux PHSA-2018-1.0-0132
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1173-2.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability that allowed local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752). CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241) CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118252
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118252
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:1173-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3654-1.NASL
    descriptionJann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the F2FS implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18193) It was discovered that a buffer overflow existed in the Hisilicon HNS Ethernet Device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18222) It was discovered that the netfilter subsystem in the Linux kernel did not validate that rules containing jumps contained user-defined chains. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1065) It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) It was discovered that a NULL pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130) It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803) It was discovered that a double free error existed in the block layer subsystem of the Linux kernel when setting up a request queue. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7480) It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757) It was discovered that a race condition existed in the x86 machine check handler in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7995) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110048
    published2018-05-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110048
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm, vulnerabilities (USN-3654-1) (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1476.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A use-after-free vulnerability was found in DCCP socket code affecting the Linux kernel since 2.6.16. This vulnerability could allow an attacker to their escalate privileges.(CVE-2017-8824i1/4%0 - The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.(CVE-2015-4004i1/4%0 - Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call.(CVE-2016-2061i1/4%0 - A denial of service flaw was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-05-13
    plugin id124800
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124800
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1476)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1048-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.126 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service (bnc#1087231). - CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353). - CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829). - CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241) - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109310
    published2018-04-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109310
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:1048-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0037-A_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121933
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121933
    titlePhoton OS 2.0: Linux PHSA-2018-2.0-0037-(a)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0037-A.NASL
    descriptionAn update of {'linux-aws','linux-esx', 'linux-secure', 'linux'} packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111296
    published2018-07-24
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111296
    titlePhoton OS 2.0 : linux-aws / linux-esx / linux-secure / linux (PhotonOS-PHSA-2018-2.0-0037-(a)) (deprecated)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3656-1.NASL
    descriptionTuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the F2FS implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18193) It was discovered that a buffer overflow existed in the Hisilicon HNS Ethernet Device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18222) It was discovered that the netfilter subsystem in the Linux kernel did not validate that rules containing jumps contained user-defined chains. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1065) It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) It was discovered that a NULL pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130) It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803) It was discovered that a double free error existed in the block layer subsystem of the Linux kernel when setting up a request queue. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7480) It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757) It was discovered that a race condition existed in the x86 machine check handler in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7995) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110051
    published2018-05-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110051
    titleUbuntu 16.04 LTS : linux-raspi2, linux-snapdragon vulnerabilities (USN-3656-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4187.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2015-9016 Ming Lei reported a race condition in the multiqueue block layer (blk-mq). On a system with a driver using blk-mq (mtip32xx, null_blk, or virtio_blk), a local user might be able to use this for denial of service or possibly for privilege escalation. - CVE-2017-0861 Robb Glasser reported a potential use-after-free in the ALSA (sound) PCM core. We believe this was not possible in practice. - CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the
    last seen2020-06-01
    modified2020-06-02
    plugin id109517
    published2018-05-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109517
    titleDebian DSA-4187-1 : linux - security update (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1221-1.NASL
    descriptionThe SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536 1087209). - CVE-2017-13220: An elevation of privilege vulnerability in the Upstream kernel bluez was fixed. (bnc#1076537). - CVE-2017-11089: A buffer overread was observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes (bnc#1088261). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109758
    published2018-05-14
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109758
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:1221-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1172-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) - CVE-2018-10124: The kill_something_info function in kernel/signal.c might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536 1087209). - CVE-2018-7566: A Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user was fixed (bnc#1083483). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver. (bnc#1072865). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). - CVE-2017-16911: The vhci_hcd driver allowed allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP (bnc#1078674). - CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2018-6927: The futex_requeue function in kernel/futex.c might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757). - CVE-2017-16914: The
    last seen2020-06-01
    modified2020-06-02
    plugin id109646
    published2018-05-09
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109646
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2018:1172-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3657-1.NASL
    descriptionIt was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203) It was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110052
    published2018-05-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110052
    titleUbuntu 17.10 : linux-raspi2 vulnerabilities (USN-3657-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1220-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088) - CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088) - CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643). - CVE-2018-10124: The kill_something_info function in kernel/signal.c might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752). - CVE-2018-10087: The kernel_wait4 function in kernel/exit.c in might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608). - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536). - CVE-2017-13220: An elevation of privilege vulnerability in the Upstream kernel bluez was fixed. (bnc#1076537). - CVE-2017-11089: A buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes (bnc#1088261). - CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260). - CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162). - CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allowed local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109757
    published2018-05-14
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109757
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:1220-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3654-2.NASL
    descriptionUSN-3654-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the F2FS implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18193) It was discovered that a buffer overflow existed in the Hisilicon HNS Ethernet Device driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18222) It was discovered that the netfilter subsystem in the Linux kernel did not validate that rules containing jumps contained user-defined chains. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1065) It was discovered that the netfilter subsystem of the Linux kernel did not properly validate ebtables offsets. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-1068) It was discovered that a NULL pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1130) It was discovered that the SCTP Protocol implementation in the Linux kernel did not properly validate userspace provided payload lengths in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5803) It was discovered that a double free error existed in the block layer subsystem of the Linux kernel when setting up a request queue. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7480) It was discovered that a memory leak existed in the SAS driver subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-7757) It was discovered that a race condition existed in the x86 machine check handler in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7995) Eyal Itkin discovered that the USB displaylink video adapter driver in the Linux kernel did not properly validate mmap offsets sent from userspace. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2018-8781) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110049
    published2018-05-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110049
    titleUbuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3654-2) (Spectre)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3653-1.NASL
    descriptionJann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17975) It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203) It was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110046
    published2018-05-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110046
    titleUbuntu 17.10 : linux vulnerabilities (USN-3653-1) (Spectre)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3655-1.NASL
    descriptionJann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Jan H. Schonherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service (host crash) or possibly gain administrative privileges in the host. (CVE-2017-12134) It was discovered that the Bluetooth HIP Protocol implementation in the Linux kernel did not properly validate HID connection setup information. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-13220) It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2017-13305) It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) It was discovered that a race condition existed in the i8042 serial device driver implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18079) It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203) It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204) It was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208) Kefeng Wang discovered that a race condition existed in the memory locking implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18221) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110050
    published2018-05-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110050
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-3655-1) (Spectre)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4188.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the
    last seen2020-06-01
    modified2020-06-02
    plugin id109518
    published2018-05-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109518
    titleDebian DSA-4188-1 : linux - security update (Spectre)