Vulnerabilities > CVE-2019-11815 - Use After Free vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0160_KEEPALIVED.NASL description An update of the keepalived package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 125394 published 2019-05-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125394 title Photon OS 2.0: Keepalived PHSA-2019-2.0-0160 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-2.0-0160. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(125394); script_version("1.2"); script_cvs_date("Date: 2020/01/13"); script_cve_id("CVE-2018-19045", "CVE-2018-19046"); script_name(english:"Photon OS 2.0: Keepalived PHSA-2019-2.0-0160"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the keepalived package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-160.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11815"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/28"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:keepalived"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-2.0", reference:"keepalived-2.0.16-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"keepalived-debuginfo-2.0.16-1.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "keepalived"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1527-1.NASL description The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586) CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: It was possible to send a crafted sequence of SACKs which will fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843). CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (bnc#1135603) CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. (bnc#1131543) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a last seen 2020-06-01 modified 2020-06-02 plugin id 125990 published 2019-06-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125990 title SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1527-1) (SACK Panic) (SACK Slowness) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:1527-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(125990); script_version("1.4"); script_cvs_date("Date: 2020/01/10"); script_cve_id("CVE-2013-4343", "CVE-2018-17972", "CVE-2018-7191", "CVE-2019-11190", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-3846", "CVE-2019-5489"); script_bugtraq_id(62360); script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1527-1) (SACK Panic) (SACK Slowness)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586) CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: It was possible to send a crafted sequence of SACKs which will fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843). CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (bnc#1135603) CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. (bnc#1131543) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (bnc#1110785) CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel has multiple race conditions. (bnc#1133188) The following new features were implemented: Updated the Chelsio cxgb4vf driver with the latest upstream patches. (fate#321660) Backported changes into e1000e kernel module to support systems using the Intel I219-LM NIC chip. (fate#326719) Import QLogic/Cavium qedr driver (RDMA) into the kernel. (fate#321747) Update the QLogic/Cavium qed driver (NET). (fate#321703) Update the QLogic/Cavium qede driver (NET). (fate#321702) Update the Chelsio iw_cxgb4 driver with the latest upstream patches. (fate#321661) Update the Chelsio cxgb4 driver with the latest upstream patches. (fate#321658) Update support for Intel Omni Path (OPA) kernel driver. (fate#321473) Update the QIB driver to the latest upstream version for up-to-date functionality and hardware support. (fate#321231) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1005778" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1005780" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1005781" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1019695" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1019696" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1022604" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1053043" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1063638" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1066223" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085535" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085539" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1090888" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1099658" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1100132" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1106110" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1106284" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1106929" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1108293" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1108838" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1110785" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1110946" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1112063" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1112178" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1116803" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1117562" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1119086" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1120642" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1120843" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1120885" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1120902" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1122776" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1125580" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1126040" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1126356" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1128052" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1129138" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1129770" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1130972" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131107" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131488" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131543" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131565" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1132212" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1132374" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1132472" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1133188" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1133874" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134160" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134162" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134338" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134537" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134564" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134565" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134566" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134651" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134760" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134806" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134813" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134848" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135013" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135014" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135015" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135100" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135120" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135281" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135603" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135642" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135661" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135878" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136424" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136438" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136446" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136448" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136449" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136451" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136452" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136455" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136458" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136539" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136573" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136575" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136586" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136590" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136623" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136810" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136935" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136990" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137142" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137162" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137586" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137739" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137752" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=843419" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-4343/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-17972/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7191/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11190/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11477/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11478/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11479/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11486/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11815/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11833/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11884/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12382/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-3846/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-5489/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20191527-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0e04b4ee" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1527=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11815"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms-azure"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-4.4.180-4.31.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-base-4.4.180-4.31.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-base-debuginfo-4.4.180-4.31.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-debuginfo-4.4.180-4.31.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-debugsource-4.4.180-4.31.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-devel-4.4.180-4.31.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-syms-azure-4.4.180-4.31.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4068-2.NASL description USN-4068-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 for Ubuntu 16.04 LTS. Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126949 published 2019-07-23 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126949 title Ubuntu 16.04 LTS : linux-hwe, linux-gcp vulnerabilities (USN-4068-2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4068-2. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(126949); script_version("1.3"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2019-11085", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884"); script_xref(name:"USN", value:"4068-2"); script_name(english:"Ubuntu 16.04 LTS : linux-hwe, linux-gcp vulnerabilities (USN-4068-2)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "USN-4068-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 for Ubuntu 16.04 LTS. Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4068-2/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2019-11085", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4068-2"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-1037-gcp", pkgver:"4.15.0-1037.39~16.04.1")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-55-generic", pkgver:"4.15.0-55.60~16.04.2")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-55-generic-lpae", pkgver:"4.15.0-55.60~16.04.2")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-55-lowlatency", pkgver:"4.15.0-55.60~16.04.2")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-gcp", pkgver:"4.15.0.1037.51")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-hwe-16.04", pkgver:"4.15.0.55.76")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-lpae-hwe-16.04", pkgver:"4.15.0.55.76")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-gke", pkgver:"4.15.0.1037.51")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-lowlatency-hwe-16.04", pkgver:"4.15.0.55.76")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-oem", pkgver:"4.15.0.55.76")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-virtual-hwe-16.04", pkgver:"4.15.0.55.76")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.15-gcp / linux-image-4.15-generic / etc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4465.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi (mwifiex) driver, which a local user could use to cause denial of service or the execution of arbitrary code. - CVE-2019-5489 Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, and Anders Fogh discovered that local users could use the mincore() system call to obtain sensitive information from other processes that access the same memory-mapped file. - CVE-2019-9500, CVE-2019-9503 Hugues Anguelkov discovered a buffer overflow and missing access validation in the Broadcom FullMAC wifi driver (brcmfmac), which a attacker on the same wifi network could use to cause denial of service or the execution of arbitrary code. - CVE-2019-11477 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) allows a remotely triggerable kernel panic. - CVE-2019-11478 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) will fragment the TCP retransmission queue, allowing an attacker to cause excessive resource usage. - CVE-2019-11479 Jonathan Looney reported that an attacker could force the Linux kernel to segment its responses into multiple TCP segments, each of which contains only 8 bytes of data, drastically increasing the bandwidth required to deliver the same amount of data. This update introduces a new sysctl value to control the minimal MSS (net.ipv4.tcp_min_snd_mss), which by default uses the formerly hard coded value of 48. We recommend raising this to 536 unless you know that your network requires a lower value. - CVE-2019-11486 Jann Horn of Google reported numerous race conditions in the Siemens R3964 line discipline. A local user could use these to cause unspecified security impact. This module has therefore been disabled. - CVE-2019-11599 Jann Horn of Google reported a race condition in the core dump implementation which could lead to a use-after-free. A local user could use this to read sensitive information, to cause a denial of service (memory corruption), or for privilege escalation. - CVE-2019-11815 It was discovered that a use-after-free in the Reliable Datagram Sockets protocol could result in denial of service and potentially privilege escalation. This protocol module (rds) is not auto loaded on Debian systems, so this issue only affects systems where it is explicitly loaded. - CVE-2019-11833 It was discovered that the ext4 filesystem implementation writes uninitialised data from kernel memory to new extent blocks. A local user able to write to an ext4 filesystem and then read the filesystem image, for example using a removable drive, might be able to use this to obtain sensitive information. - CVE-2019-11884 It was discovered that the Bluetooth HIDP implementation did not ensure that new connection names were null-terminated. A local user with CAP_NET_ADMIN capability might be able to use this to obtain sensitive information from the kernel stack. last seen 2020-06-01 modified 2020-06-02 plugin id 125959 published 2019-06-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125959 title Debian DSA-4465-1 : linux - security update (SACK Panic) (SACK Slowness) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4465. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(125959); script_version("1.4"); script_cvs_date("Date: 2020/01/10"); script_cve_id("CVE-2019-10126", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11599", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-3846", "CVE-2019-5489", "CVE-2019-9500", "CVE-2019-9503"); script_xref(name:"DSA", value:"4465"); script_name(english:"Debian DSA-4465-1 : linux - security update (SACK Panic) (SACK Slowness)"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi (mwifiex) driver, which a local user could use to cause denial of service or the execution of arbitrary code. - CVE-2019-5489 Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, and Anders Fogh discovered that local users could use the mincore() system call to obtain sensitive information from other processes that access the same memory-mapped file. - CVE-2019-9500, CVE-2019-9503 Hugues Anguelkov discovered a buffer overflow and missing access validation in the Broadcom FullMAC wifi driver (brcmfmac), which a attacker on the same wifi network could use to cause denial of service or the execution of arbitrary code. - CVE-2019-11477 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) allows a remotely triggerable kernel panic. - CVE-2019-11478 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) will fragment the TCP retransmission queue, allowing an attacker to cause excessive resource usage. - CVE-2019-11479 Jonathan Looney reported that an attacker could force the Linux kernel to segment its responses into multiple TCP segments, each of which contains only 8 bytes of data, drastically increasing the bandwidth required to deliver the same amount of data. This update introduces a new sysctl value to control the minimal MSS (net.ipv4.tcp_min_snd_mss), which by default uses the formerly hard coded value of 48. We recommend raising this to 536 unless you know that your network requires a lower value. - CVE-2019-11486 Jann Horn of Google reported numerous race conditions in the Siemens R3964 line discipline. A local user could use these to cause unspecified security impact. This module has therefore been disabled. - CVE-2019-11599 Jann Horn of Google reported a race condition in the core dump implementation which could lead to a use-after-free. A local user could use this to read sensitive information, to cause a denial of service (memory corruption), or for privilege escalation. - CVE-2019-11815 It was discovered that a use-after-free in the Reliable Datagram Sockets protocol could result in denial of service and potentially privilege escalation. This protocol module (rds) is not auto loaded on Debian systems, so this issue only affects systems where it is explicitly loaded. - CVE-2019-11833 It was discovered that the ext4 filesystem implementation writes uninitialised data from kernel memory to new extent blocks. A local user able to write to an ext4 filesystem and then read the filesystem image, for example using a removable drive, might be able to use this to obtain sensitive information. - CVE-2019-11884 It was discovered that the Bluetooth HIDP implementation did not ensure that new connection names were null-terminated. A local user with CAP_NET_ADMIN capability might be able to use this to obtain sensitive information from the kernel stack." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928989" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-3846" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-10126" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-5489" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-9500" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-9503" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-11477" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-11478" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-11479" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-11486" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-11599" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-11815" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-11833" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-11884" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/linux" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/linux" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2019/dsa-4465" ); script_set_attribute( attribute:"solution", value: "Upgrade the linux packages. For the stable distribution (stretch), these problems have been fixed in version 4.9.168-1+deb9u3." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11815"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/07"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"9.0", prefix:"hyperv-daemons", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"libcpupower-dev", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"libcpupower1", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"libusbip-dev", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-compiler-gcc-6-arm", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-compiler-gcc-6-s390", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-compiler-gcc-6-x86", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-cpupower", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-doc-4.9", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-4kc-malta", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-5kc-malta", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-686", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-686-pae", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-amd64", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-arm64", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-armel", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-armhf", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-i386", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-mips", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-mips64el", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-mipsel", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-ppc64el", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-s390x", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-amd64", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-arm64", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-armmp", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-armmp-lpae", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-common", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-common-rt", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-loongson-3", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-marvell", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-octeon", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-powerpc64le", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-rt-686-pae", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-rt-amd64", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-s390x", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-4kc-malta", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-4kc-malta-dbg", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-5kc-malta", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-5kc-malta-dbg", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686-dbg", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686-pae", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686-pae-dbg", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-amd64", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-amd64-dbg", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-arm64", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-arm64-dbg", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp-dbg", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp-lpae", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp-lpae-dbg", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-loongson-3", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-loongson-3-dbg", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-marvell", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-marvell-dbg", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-octeon", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-octeon-dbg", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-powerpc64le", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-powerpc64le-dbg", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-686-pae", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-686-pae-dbg", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-amd64", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-amd64-dbg", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-s390x", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-s390x-dbg", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-kbuild-4.9", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-libc-dev", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-manual-4.9", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-perf-4.9", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-source-4.9", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"linux-support-4.9.0-9", reference:"4.9.168-1+deb9u3")) flag++; if (deb_check(release:"9.0", prefix:"usbip", reference:"4.9.168-1+deb9u3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1532-1.NASL description The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() was called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check had a race condition when reading /proc/pid/stat. (bnc#1132472) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a last seen 2020-06-01 modified 2020-06-02 plugin id 125993 published 2019-06-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125993 title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1532-1) (SACK Panic) (SACK Slowness) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:1532-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(125993); script_version("1.4"); script_cvs_date("Date: 2020/01/10"); script_cve_id("CVE-2018-17972", "CVE-2018-7191", "CVE-2019-11190", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-3846", "CVE-2019-5489"); script_name(english:"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1532-1) (SACK Panic) (SACK Slowness)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() was called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check had a race condition when reading /proc/pid/stat. (bnc#1132472) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel It did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (bnc#1110785) CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1005778" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1005780" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1005781" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1019695" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1019696" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1022604" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1063638" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085535" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085539" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1090888" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1099658" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1100132" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1106110" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1106284" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1106929" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1108293" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1108838" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1110785" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1110946" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1112063" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1112178" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1116803" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1117562" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1119086" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1120642" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1120843" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1120902" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1122776" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1126040" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1126356" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1128052" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1129138" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1129770" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1130972" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131107" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131488" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131565" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1132212" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1132472" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1133188" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1133874" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134160" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134162" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134338" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134537" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134564" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134565" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134566" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134651" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134760" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134806" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134813" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134848" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135013" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135014" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135015" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135100" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135120" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135281" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135603" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135642" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135661" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135878" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136424" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136438" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136448" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136449" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136451" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136452" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136455" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136458" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136539" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136573" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136575" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136586" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136590" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136623" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136810" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136935" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136990" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137142" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137162" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137586" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=843419" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-17972/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7191/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11190/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11477/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11478/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11479/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11486/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11815/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11833/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11884/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12382/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-3846/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-5489/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20191532-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2393585c" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch SUSE-SLE-WE-12-SP3-2019-1532=1 SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1532=1 SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1532=1 SUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-1532=1 SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch SUSE-SLE-HA-12-SP3-2019-1532=1 SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1532=1 SUSE CaaS Platform ALL : To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. SUSE CaaS Platform 3.0 : To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11815"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"3", cpu:"s390x", reference:"kernel-default-man-4.4.180-94.97.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-4.4.180-94.97.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-4.4.180-94.97.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-debuginfo-4.4.180-94.97.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debuginfo-4.4.180-94.97.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debugsource-4.4.180-94.97.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-devel-4.4.180-94.97.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-syms-4.4.180-94.97.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-4.4.180-94.97.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-debuginfo-4.4.180-94.97.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-debugsource-4.4.180-94.97.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-devel-4.4.180-94.97.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-4.4.180-94.97.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-debuginfo-4.4.180-94.97.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-syms-4.4.180-94.97.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1529-1.NASL description The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a last seen 2020-06-01 modified 2020-06-02 plugin id 125991 published 2019-06-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125991 title SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1529-1) (SACK Panic) (SACK Slowness) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:1529-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(125991); script_version("1.4"); script_cvs_date("Date: 2020/01/10"); script_cve_id("CVE-2018-7191", "CVE-2019-10124", "CVE-2019-11085", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11487", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-3846", "CVE-2019-5489"); script_name(english:"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1529-1) (SACK Panic) (SACK Slowness)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. (bnc#1134848) CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions. (bnc#1133188) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1050242" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1051510" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1053043" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1055186" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1056787" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1058115" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1063638" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1064802" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1065729" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1066129" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1068546" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1071995" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1075020" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1082387" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083647" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1085535" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1099658" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1103992" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1104353" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1104427" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1106011" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1106284" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1108193" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1108838" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1108937" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1110946" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1111696" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1112063" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1113722" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1114427" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1115688" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1117158" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1117561" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1118139" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1119843" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1120091" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1120423" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1120566" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1120843" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1120902" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1122776" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1123454" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1123663" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1124503" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1124839" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1126356" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1127616" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1128052" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1128904" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1128979" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1129138" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1129273" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1129497" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1129693" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1129770" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1130579" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1130699" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1130972" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131326" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131451" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131488" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131565" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1131673" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1132044" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1133176" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1133188" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1133190" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1133320" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1133612" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1133616" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134160" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134162" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134199" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134200" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134201" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134202" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134203" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134204" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134205" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134354" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134393" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134459" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134460" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134461" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134537" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134597" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134651" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134671" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134760" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134806" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134810" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134813" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134848" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134936" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135006" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135007" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135008" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135056" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135100" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135120" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135278" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135281" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135309" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135312" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135314" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135315" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135316" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135320" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135323" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135330" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135492" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135542" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135556" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135603" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135642" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135661" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135758" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136206" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136424" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136428" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136430" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136432" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136434" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136435" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136438" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136439" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136477" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136478" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136573" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136586" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136881" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136935" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136990" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137151" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137152" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137153" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137162" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137372" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137444" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137586" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137739" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137752" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7191/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-10124/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11085/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11477/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11478/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11479/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11486/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11487/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11815/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11833/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11884/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12382/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-3846/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-5489/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20191529-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?364f5e0a" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Workstation Extension 15:zypper in -t patch SUSE-SLE-Product-WE-15-2019-1529=1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1529=1 SUSE Linux Enterprise Module for Live Patching 15:zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-1529=1 SUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-1529=1 SUSE Linux Enterprise Module for Development Tools 15:zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-1529=1 SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1529=1 SUSE Linux Enterprise High Availability 15:zypper in -t patch SUSE-SLE-Product-HA-15-2019-1529=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11815"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-qa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/07"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-default-man-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-base-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-base-debuginfo-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-qa-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kselftests-kmp-default-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kselftests-kmp-default-debuginfo-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"reiserfs-kmp-default-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"reiserfs-kmp-default-debuginfo-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-build-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-build-debugsource-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-syms-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-base-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-base-debuginfo-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-debuginfo-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-debugsource-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-base-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-devel-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-devel-debuginfo-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-default-man-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-base-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-base-debuginfo-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-qa-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kselftests-kmp-default-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kselftests-kmp-default-debuginfo-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-build-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-build-debugsource-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-syms-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-base-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-base-debuginfo-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-debuginfo-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-debugsource-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-base-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-devel-4.12.14-150.22.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-devel-debuginfo-4.12.14-150.22.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4008-1.NASL description Robert Swiecki discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid elf binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid elf binary. (CVE-2019-11190) It was discovered that a NULL pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. (CVE-2019-11191) As a hardening measure, this update disables a.out support. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125726 published 2019-06-05 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125726 title Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4008-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4008-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(125726); script_version("1.3"); script_cvs_date("Date: 2020/01/10"); script_cve_id("CVE-2019-11190", "CVE-2019-11191", "CVE-2019-11810", "CVE-2019-11815"); script_xref(name:"USN", value:"4008-1"); script_name(english:"Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4008-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Robert Swiecki discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid elf binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid elf binary. (CVE-2019-11190) It was discovered that a NULL pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. (CVE-2019-11191) As a hardening measure, this update disables a.out support. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4008-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/12"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2019-11190", "CVE-2019-11191", "CVE-2019-11810", "CVE-2019-11815"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4008-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1047-kvm", pkgver:"4.4.0-1047.53")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1084-aws", pkgver:"4.4.0-1084.94")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1110-raspi2", pkgver:"4.4.0-1110.118")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1114-snapdragon", pkgver:"4.4.0-1114.119")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-150-generic", pkgver:"4.4.0-150.176")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-150-generic-lpae", pkgver:"4.4.0-150.176")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-150-lowlatency", pkgver:"4.4.0-150.176")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-aws", pkgver:"4.4.0.1084.87")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic", pkgver:"4.4.0.150.158")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-lpae", pkgver:"4.4.0.150.158")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-kvm", pkgver:"4.4.0.1047.47")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-lowlatency", pkgver:"4.4.0.150.158")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-raspi2", pkgver:"4.4.0.1110.110")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-snapdragon", pkgver:"4.4.0.1114.106")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-virtual", pkgver:"4.4.0.150.158")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.4-aws / linux-image-4.4-generic / etc"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1407.NASL description The openSUSE Leap 42.3 kernel was updated to 4.4.179 to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed : - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). - CVE-2018-10853: A flaw was found in the way Linux kernel KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest (bnc#1097104). - CVE-2018-15594: arch/x86/kernel/paravirt.c in the Linux kernel mishandled certain indirect calls, which made it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests (bnc#1105348 1119974). - CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c that did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents (bnc#1110785). - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c had multiple race conditions (bnc#1133188). It has been disabled. - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c, a race condition leading to a use-after-free was fixed, related to net namespace cleanup (bnc#1134537). - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a last seen 2020-06-01 modified 2020-06-02 plugin id 125303 published 2019-05-21 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125303 title openSUSE Security Update : the Linux Kernel (openSUSE-2019-1407) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1407. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(125303); script_version("1.3"); script_cvs_date("Date: 2020/01/15"); script_cve_id("CVE-2018-1000204", "CVE-2018-10853", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-15594", "CVE-2018-17972", "CVE-2018-5814", "CVE-2019-11091", "CVE-2019-11486", "CVE-2019-11815", "CVE-2019-11884", "CVE-2019-3882", "CVE-2019-9503"); script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2019-1407) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)"); script_summary(english:"Check for the openSUSE-2019-1407 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The openSUSE Leap 42.3 kernel was updated to 4.4.179 to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed : - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). - CVE-2018-10853: A flaw was found in the way Linux kernel KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest (bnc#1097104). - CVE-2018-15594: arch/x86/kernel/paravirt.c in the Linux kernel mishandled certain indirect calls, which made it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests (bnc#1105348 1119974). - CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c that did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents (bnc#1110785). - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c had multiple race conditions (bnc#1133188). It has been disabled. - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c, a race condition leading to a use-after-free was fixed, related to net namespace cleanup (bnc#1134537). - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character (bnc#1134848). - CVE-2019-3882: A flaw was found vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). (bnc#1131416 bnc#1131427). - CVE-2019-9503: Multiple brcmfmac frame validation bypasses have been fixed (bnc#1132828). The following non-security bugs were fixed : - 9p: do not trust pdu content for stat item size (bnc#1012382). - 9p locks: add mount option for lock retry interval (bnc#1012382). - 9p/net: fix memory leak in p9_client_create (bnc#1012382). - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bnc#1012382). - acpi: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399). - acpi / bus: Only call dmi_check_system() on X86 (git-fixes). - acpi / button: make module loadable when booted in non-ACPI mode (bsc#1051510). - acpi / device_sysfs: Avoid OF modalias creation for removed device (bnc#1012382). - acpi / SBS: Fix GPE storm on recent MacBookPro's (bnc#1012382). - Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net) (bnc#1012382). - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bnc#1012382). - alsa: compress: add support for 32bit calls in a 64bit kernel (bnc#1012382). - alsa: compress: prevent potential divide by zero bugs (bnc#1012382). - alsa: core: Fix card races between register and disconnect (bnc#1012382). - alsa: echoaudio: add a check for ioremap_nocache (bnc#1012382). - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bnc#1012382). - alsa: hda - Record the current power state before suspend/resume calls (bnc#1012382). - alsa: info: Fix racy addition/deletion of nodes (bnc#1012382). - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bnc#1012382). - alsa: PCM: check if ops are defined before suspending PCM (bnc#1012382). - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bnc#1012382). - alsa: pcm: Fix possible OOB access in PCM oss plugins (bnc#1012382). - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bnc#1012382). - alsa: sb8: add a check for request_region (bnc#1012382). - alsa: seq: Fix OOB-reads from strlcpy (bnc#1012382). - alsa: seq: oss: Fix Spectre v1 vulnerability (bnc#1012382). - appletalk: Fix compile regression (bnc#1012382). - appletalk: Fix use-after-free in atalk_proc_exit (bnc#1012382). - applicom: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - arc: fix __ffs return value to avoid build warnings (bnc#1012382). - arc: uacces: remove lp_start, lp_end from clobber list (bnc#1012382). - arcv2: Enable unaligned access in early ASM code (bnc#1012382). - arm64: Add helper to decode register from instruction (bsc#1126040). - arm64: debug: Do not propagate UNKNOWN FAR into si_code for debug signals (bnc#1012382). - arm64: debug: Ensure debug handlers check triggering exception level (bnc#1012382). - arm64: fix COMPAT_SHMLBA definition for large pages (bnc#1012382). - arm64: Fix NUMA build error when !CONFIG_ACPI (fate#319981, git-fixes). - arm64: Fix NUMA build error when !CONFIG_ACPI (git-fixes). - arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value (bnc#1012382). - arm64: futex: Restore oldval initialization to work around buggy compilers (bnc#1012382). - arm64: hide __efistub_ aliases from kallsyms (bnc#1012382). - arm64: kconfig: drop CONFIG_RTC_LIB dependency (bnc#1012382). - arm64/kernel: do not ban ADRP to work around Cortex-A53 erratum #843419 (bsc#1126040). - arm64/kernel: fix incorrect EL0 check in inv_entry macro (bnc#1012382). - arm64/kernel: rename module_emit_adrp_veneer->module_emit_veneer_for_adrp (bsc#1126040). - arm64: mm: Add trace_irqflags annotations to do_debug_exception() (bnc#1012382). - arm64: module: do not BUG when exceeding preallocated PLT count (bsc#1126040). - arm64: module-plts: factor out PLT generation code for ftrace (bsc#1126040). - arm64: module: split core and init PLT sections (bsc#1126040). - arm64: Relax GIC version check during early boot (bnc#1012382). - arm64: support keyctl() system call in 32-bit mode (bnc#1012382). - arm64: traps: disable irq in die() (bnc#1012382). - arm: 8458/1: bL_switcher: add GIC dependency (bnc#1012382). - arm: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor (bnc#1012382). - arm: 8510/1: rework ARM_CPU_SUSPEND dependencies (bnc#1012382). - arm: 8824/1: fix a migrating irq bug when hotplug cpu (bnc#1012382). - arm: 8833/1: Ensure that NEON code always compiles with Clang (bnc#1012382). - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t (bnc#1012382). - arm: 8840/1: use a raw_spinlock_t in unwind (bnc#1012382). - arm: avoid Cortex-A9 livelock on tight dmb loops (bnc#1012382). - arm: dts: at91: Fix typo in ISC_D0 on PC9 (bnc#1012382). - arm: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU (bnc#1012382). - arm: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420 (bnc#1012382). - arm: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bnc#1012382). - arm: OMAP2+: Variable 'reg' in function omap4_dsi_mux_pads() could be uninitialized (bnc#1012382). - arm: pxa: ssp: unneeded to free devm_ allocated data (bnc#1012382). - arm: s3c24xx: Fix boolean expressions in osiris_dvs_notify (bnc#1012382). - arm: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms (bnc#1012382). - ASoC: dapm: change snprintf to scnprintf for possible overflow (bnc#1012382). - ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe (bnc#1012382). - ASoC: fsl_esai: fix channel swap issue when stream starts (bnc#1012382). - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bnc#1012382). - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bnc#1012382). - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bnc#1012382). - ASoC: topology: free created components in tplg load error (bnc#1012382). - assoc_array: Fix shortcut creation (bnc#1012382). - ath10k: avoid possible string overflow (bnc#1012382). - ath9k_htc: Add a sanity check in ath9k_htc_ampdu_action() (bsc#1087092). - atm: he: fix sign-extension overflow on large shift (bnc#1012382). - autofs: drop dentry reference only when it is never used (bnc#1012382). - autofs: fix error return in autofs_fill_super() (bnc#1012382). - batman-adv: Avoid endless loop in bat-on-bat netdevice check (git-fixes). - batman-adv: Fix lockdep annotation of batadv_tlv_container_remove (git-fixes). - batman-adv: fix uninit-value in batadv_interface_tx() (bnc#1012382). - batman-adv: Only put gw_node list reference when removed (git-fixes). - batman-adv: Only put orig_node_vlan list reference when removed (git-fixes). - bcache: account size of buckets used in uuid write to ca->meta_sectors_written (bsc#1130972). - bcache: add a comment in super.c (bsc#1130972). - bcache: add code comments for bset.c (bsc#1130972). - bcache: add comment for cache_set->fill_iter (bsc#1130972). - bcache: add identifier names to arguments of function definitions (bsc#1130972). - bcache: add missing SPDX header (bsc#1130972). - bcache: add MODULE_DESCRIPTION information (bsc#1130972). - bcache: add separate workqueue for journal_write to avoid deadlock (bsc#1130972). - bcache: add static const prefix to char * array declarations (bsc#1130972). - bcache: add sysfs_strtoul_bool() for setting bit-field variables (bsc#1130972). - bcache: add the missing comments for smp_mb()/smp_wmb() (bsc#1130972). - bcache: cannot set writeback_running via sysfs if no writeback kthread created (bsc#1130972). - bcache: comment on direct access to bvec table (bsc#1130972). - bcache: correct dirty data statistics (bsc#1130972). - bcache: do not assign in if condition in bcache_device_init() (bsc#1130972). - bcache: do not assign in if condition in bcache_init() (bsc#1130972). - bcache: do not assign in if condition register_bcache() (bsc#1130972). - bcache: do not check if debug dentry is ERR or NULL explicitly on remove (bsc#1130972). - bcache: do not check NULL pointer before calling kmem_cache_destroy (bsc#1130972). - bcache: do not clone bio in bch_data_verify (bsc#1130972). - bcache: do not mark writeback_running too early (bsc#1130972). - bcache: export backing_dev_name via sysfs (bsc#1130972). - bcache: export backing_dev_uuid via sysfs (bsc#1130972). - bcache: fix code comments style (bsc#1130972). - bcache: fix indentation issue, remove tabs on a hunk of code (bsc#1130972). - bcache: fix indent by replacing blank by tabs (bsc#1130972). - bcache: fix input integer overflow of congested threshold (bsc#1130972). - bcache: fix input overflow to cache set sysfs file io_error_halflife (bnc#1012382). - bcache: fix input overflow to journal_delay_ms (bsc#1130972). - bcache: fix input overflow to sequential_cutoff (bnc#1012382). - bcache: fix input overflow to writeback_delay (bsc#1130972). - bcache: fix input overflow to writeback_rate_minimum (bsc#1130972). - bcache: fix ioctl in flash device (bsc#1130972). - bcache: fix mistaken code comments in bcache.h (bsc#1130972). - bcache: fix mistaken comments in request.c (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_i_term_inverse (bsc#1130972). - bcache: fix potential div-zero error of writeback_rate_p_term_inverse (bsc#1130972). - bcache: fix typo in code comments of closure_return_with_destructor() (bsc#1130972). - bcache: fix typo 'succesfully' to 'successfully' (bsc#1130972). - bcache: improve sysfs_strtoul_clamp() (bnc#1012382). - bcache: introduce force_wake_up_gc() (bsc#1130972). - bcache: make cutoff_writeback and cutoff_writeback_sync tunable (bsc#1130972). - bcache: Move couple of functions to sysfs.c (bsc#1130972). - bcache: Move couple of string arrays to sysfs.c (bsc#1130972). - bcache: move open brace at end of function definitions to next line (bsc#1130972). - bcache: never writeback a discard operation (bsc#1130972). - bcache: not use hard coded memset size in bch_cache_accounting_clear() (bsc#1130972). - bcache: option to automatically run gc thread after writeback (bsc#1130972). - bcache: panic fix for making cache device (bsc#1130972). - bcache: Populate writeback_rate_minimum attribute (bsc#1130972). - bcache: prefer 'help' in Kconfig (bsc#1130972). - bcache: print number of keys in trace_bcache_journal_write (bsc#1130972). - bcache: recal cached_dev_sectors on detach (bsc#1130972). - bcache: remove unnecessary space before ioctl function pointer arguments (bsc#1130972). - bcache: remove unused bch_passthrough_cache (bsc#1130972). - bcache: remove useless parameter of bch_debug_init() (bsc#1130972). - bcache: replace hard coded number with BUCKET_GC_GEN_MAX (bsc#1130972). - bcache: replace '%pF' by '%pS' in seq_printf() (bsc#1130972). - bcache: replace printk() by pr_*() routines (bsc#1130972). - bcache: replace Symbolic permissions by octal permission numbers (bsc#1130972). - bcache: set writeback_percent in a flexible range (bsc#1130972). - bcache: split combined if-condition code into separate ones (bsc#1130972). - bcache: stop using the deprecated get_seconds() (bsc#1130972). - bcache: style fixes for lines over 80 characters (bsc#1130972). - bcache: style fix to add a blank line after declarations (bsc#1130972). - bcache: style fix to replace 'unsigned' by 'unsigned int' (bsc#1130972). - bcache: trace missed reading by cache_missed (bsc#1130972). - bcache: treat stale && dirty keys as bad keys (bsc#1130972). - bcache: trivial - remove tailing backslash in macro BTREE_FLAG (bsc#1130972). - bcache: update comment for bch_data_insert (bsc#1130972). - bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set (bsc#1130972). - bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata (bsc#1130972). - bcache: use REQ_PRIO to indicate bio for metadata (bsc#1130972). - bcache: use routines from lib/crc64.c for CRC64 calculation (bsc#1130972). - bcache: use sysfs_strtoul_bool() to set bit-field variables (bsc#1130972). - bcache: writeback: properly order backing device IO (bsc#1130972). - binfmt_elf: switch to new creds when switching to new mm (bnc#1012382). - block: check_events: do not bother with events if unsupported (bsc#1110946). - block: disk_events: introduce event flags (bsc#1110946). - block: do not leak memory in bio_copy_user_iov() (bnc#1012382). - bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bnc#1012382). - bluetooth: Fix decrementing reference count twice in releasing socket (bnc#1012382). - bnxt_en: Drop oversize TX packets to prevent errors (bnc#1012382). - bonding: fix event handling for stacked bonds (bnc#1012382). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (git-fixes). - btrfs: Do not panic when we can't find a root key (bsc#1112063). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (pending fix for bsc#1063638). - btrfs: fix corruption reading shared and compressed extents after hole punching (bnc#1012382). - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638). - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638). - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638). - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638). - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency). - btrfs: qgroup: Move reserved data accounting from btrfs_delayed_ref_head to btrfs_qgroup_extent_record (bsc#1134162). - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638). - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638). - btrfs: qgroup: Remove duplicated trace points for qgroup_rsv_add/release (bsc#1134160). - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326). - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638). - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638). - btrfs: raid56: properly unmap parity page in finish_parity_scrub() (bnc#1012382). - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638). - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1134651). - btrfs: remove WARN_ON in log_dir_items (bnc#1012382). - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1129770). - cdrom: Fix race condition in cdrom_sysctl_register (bnc#1012382). - ceph: ensure d_name stability in ceph_dentry_hash() (bsc#1134564). - ceph: fix ci->i_head_snapc leak (bsc#1122776). - ceph: fix use-after-free on symlink traversal (bsc#1134565). - ceph: only use d_name directly when parent is locked (bsc#1134566). - cfg80211: extend range deviation for DMG (bnc#1012382). - cfg80211: size various nl80211 messages correctly (bnc#1012382). - cifs: fallback to older infolevels on findfirst queryinfo retry (bnc#1012382). - cifs: fix computation for MAX_SMB2_HDR_SIZE (bnc#1012382). - cifs: Fix NULL pointer dereference of devname (bnc#1012382). - cifs: fix POSIX lock leak and invalid ptr deref (bsc#1114542). - cifs: Fix read after write for files with read caching (bnc#1012382). - cifs: use correct format characters (bnc#1012382). - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bnc#1012382). - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bnc#1012382). - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bnc#1012382). - cls_bpf: reset class and reuse major in da (git-fixes). - coresight: coresight_unregister() function cleanup (bnc#1012382). - coresight: 'DEVICE_ATTR_RO' should defined as static (bnc#1012382). - coresight: etm4x: Add support to enable ETMv4.2 (bnc#1012382). - coresight: etm4x: Check every parameter used by dma_xx_coherent (bnc#1012382). - coresight: fixing lockdep error (bnc#1012382). - coresight: release reference taken by 'bus_find_device()' (bnc#1012382). - coresight: remove csdev's link from topology (bnc#1012382). - coresight: removing bind/unbind options from sysfs (bnc#1012382). - cpufreq: pxa2xx: remove incorrect __init annotation (bnc#1012382). - cpufreq: tegra124: add missing of_node_put() (bnc#1012382). - cpufreq: Use struct kobj_attribute instead of struct global_attr (bnc#1012382). - cpu/hotplug: Handle unbalanced hotplug enable/disable (bnc#1012382). - cpu/speculation: Add 'mitigations=' cmdline option (bsc#1112178). - crypto: ahash - fix another early termination in hash walk (bnc#1012382). - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bnc#1012382). - crypto: caam - fixed handling of sg list (bnc#1012382). - crypto: crypto4xx - properly set IV after de- and encrypt (bnc#1012382). - crypto: pcbc - remove bogus memcpy()s with src == dest (bnc#1012382). - crypto: qat - remove unused and redundant pointer vf_info (bsc#1085539). - crypto: sha256/arm - fix crash bug in Thumb2 build (bnc#1012382). - crypto: sha512/arm - fix crash bug in Thumb2 build (bnc#1012382). - crypto: tgr192 - fix unaligned memory access (bsc#1129770). - crypto: x86/poly1305 - fix overflow during partial reduction (bnc#1012382). - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1129770). - dccp: do not use ipv6 header for ipv4 flow (bnc#1012382). - device_cgroup: fix RCU imbalance in error case (bnc#1012382). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bnc#1012382). - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bnc#1012382). - dmaengine: dmatest: Abort test in case of mapping error (bnc#1012382). - dmaengine: imx-dma: fix warning comparison of distinct pointer types (bnc#1012382). - dmaengine: tegra: avoid overflow of byte tracking (bnc#1012382). - dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit (bnc#1012382). - dm: disable DISCARD if the underlying storage no longer supports it (bsc#1114638). - dm: fix to_sector() for 32bit (bnc#1012382). - dm thin: add sanity checks to thin-pool and external snapshot creation (bnc#1012382). - Drivers: hv: vmbus: Fix bugs in rescind handling (bsc#1130567). - Drivers: hv: vmbus: Fix ring buffer signaling (bsc#1118506). - Drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer() (bsc#1130567). - Drivers: hv: vmbus: Offload the handling of channels to two workqueues (bsc#1130567). - Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1130567). - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers (bnc#1012382). - drm/fb-helper: dpms_legacy(): Only set on connectors in use (bnc#1106929) - drm/i915: Fix I915_EXEC_RING_MASK (bnc#1106929) - drm/msm: Unblock writer if reader closes file (bnc#1012382). - drm/ttm: Remove warning about inconsistent mapping information (bnc#1131488) - drm/vc4: Account for interrupts in flight (bsc#1106929) - drm/vc4: Allocate the right amount of space for boot-time CRTC state. (bsc#1106929) - drm/vc4: fix a bounds check (bsc#1106929) - drm/vc4: Fix a couple error codes in vc4_cl_lookup_bos() (bsc#1106929) - drm/vc4: Fix compilation error reported by kbuild test bot (bsc#1106929) - drm/vc4: Fix memory leak during gpu reset. (bsc#1106929) - drm/vc4: Fix memory leak of the CRTC state. (bsc#1106929) - drm/vc4: Fix NULL pointer dereference in vc4_save_hang_state() (bsc#1106929) - drm/vc4: Fix OOPSes from trying to cache a partially constructed BO. (bsc#1106929) - drm/vc4: Fix oops when userspace hands in a bad BO. (bsc#1106929) - drm/vc4: Fix overflow mem unreferencing when the binner runs dry. (bsc#1106929) - drm/vc4: Fix races when the CS reads from render targets. (bsc#1106929) - drm/vc4: Fix scaling of uni-planar formats (bsc#1106929) - drm/vc4: Fix the 'no scaling' case on multi-planar YUV formats (bsc#1106929) - drm/vc4: Flush the caches before the bin jobs, as well. (bsc#1106929) - drm/vc4: Free hang state before destroying BO cache. (bsc#1106929) - drm/vc4: Move IRQ enable to PM path (bsc#1106929) - drm/vc4: Reset ->(x, y)_scaling[1] when dealing with uniplanar (bsc#1106929) - drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1106929) - drm/vc4: Use drm_free_large() on handles to match its allocation. (bsc#1106929) - drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1106929) - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1106929) - e1000e: Add Support for 38.4MHZ frequency (bsc#1108293 ). - e1000e: Add Support for 38.4MHZ frequency (bsc#1108293 fate#326719). - e1000e: Add Support for CannonLake (bsc#1108293). - e1000e: Add Support for CannonLake (bsc#1108293 fate#326719). - e1000e: Fix -Wformat-truncation warnings (bnc#1012382). - e1000e: Initial Support for CannonLake (bsc#1108293 ). - e1000e: Initial Support for CannonLake (bsc#1108293 fate#326719). - efi: stub: define DISABLE_BRANCH_PROFILING for all architectures (bnc#1012382). - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bnc#1012382). - ext2: Fix underflow in ext2_max_size() (bnc#1012382). - ext4: add missing brelse() in add_new_gdb_meta_bg() (bnc#1012382). - ext4: Avoid panic during forced reboot (bsc#1126356). - ext4: brelse all indirect buffer in ext4_ind_remove_space() (bnc#1012382). - ext4: cleanup bh release code in ext4_ind_remove_space() (bnc#1012382). - ext4: fix data corruption caused by unaligned direct AIO (bnc#1012382). - ext4: fix NULL pointer dereference while journal is aborted (bnc#1012382). - ext4: prohibit fstrim in norecovery mode (bnc#1012382). - ext4: report real fs size after failed resize (bnc#1012382). - extcon: usb-gpio: Do not miss event during suspend/resume (bnc#1012382). - f2fs: do not use mutex lock in atomic context (bnc#1012382). - f2fs: fix to do sanity check with current segment number (bnc#1012382). - fbdev: fbmem: fix memory access if logo is bigger than the screen (bnc#1012382). - firmware: dmi: Optimize dmi_matches (git-fixes). - fix incorrect error code mapping for OBJECTID_NOT_FOUND (bnc#1012382). - floppy: check_events callback should not return a negative number (git-fixes). - flow_dissector: Check for IP fragmentation even if not using IPv4 address (git-fixes). - fs/9p: use fscache mutex rather than spinlock (bnc#1012382). - fs/file.c: initialize init_files.resize_wait (bnc#1012382). - fs: fix guard_bio_eod to check for real EOD errors (bnc#1012382). - fs/nfs: Fix nfs_parse_devname to not modify it's argument (git-fixes). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bnc#1012382). - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (git-fixes). - fuse: fix possibly missed wake-up after abort (git-fixes). - futex: Ensure that futex address is aligned in handle_futex_death() (bnc#1012382). - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (git-fixes). - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() (bnc#1012382). - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() (bnc#1012382). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bnc#1012382). - gpio: gpio-omap: fix level interrupt idling (bnc#1012382). - gpio: vf610: Mask all GPIO interrupts (bnc#1012382). - gro_cells: make sure device is up in gro_cells_receive() (bnc#1012382). - h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux- (bnc#1012382). - hid-sensor-hub.c: fix wrong do_div() usage (bnc#1012382). - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (bsc#1129770). - hugetlbfs: fix races and page leaks during migration (bnc#1012382). - hv_netvsc: Fix napi reschedule while receive completion is busy (bsc#1118506). - hv_netvsc: fix race in napi poll when rescheduling (bsc#1118506). - hv_netvsc: Fix the return status in RX path (bsc#1118506). - hv_netvsc: use napi_schedule_irqoff (bsc#1118506). - hv: v4.12 API for hyperv-iommu (bsc#1122822). - hv: v4.12 API for hyperv-iommu (fate#327171, bsc#1122822). - hwrng: virtio - Avoid repeated init of completion (bnc#1012382). - i2c: cadence: Fix the hold bit setting (bnc#1012382). - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA (bnc#1012382). - i2c: tegra: fix maximum transfer size (bnc#1012382). - IB/(hfi1, qib): Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bnc#1012382). - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bnc#1012382). - IB/mlx4: Increase the timeout for CM cache (bnc#1012382). - ibmvnic: Enable GRO (bsc#1132227). - ibmvnic: Fix completion structure initialization (bsc#1131659). - ibmvnic: Fix netdev feature clobbering during a reset (bsc#1132227). - iio: adc: at91: disable adc channel interrupt in timeout case (bnc#1012382). - iio: ad_sigma_delta: select channel when reading register (bnc#1012382). - iio/gyro/bmg160: Use millidegrees for temperature scale (bnc#1012382). - Include ACPI button driver in base kernel (bsc#1062056). - include/linux/bitrev.h: fix constant bitrev (bnc#1012382). - include/linux/swap.h: use offsetof() instead of custom __swapoffset macro (bnc#1012382). - Input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bnc#1012382). - Input: matrix_keypad - use flush_delayed_work() (bnc#1012382). - Input: st-keyscan - fix potential zalloc NULL dereference (bnc#1012382). - Input: wacom_serial4 - add support for Wacom ArtPad II tablet (bnc#1012382). - intel_th: Do not reference unassigned outputs (bnc#1012382). - intel_th: gth: Fix an off-by-one in output unassigning (git-fixes). - io: accel: kxcjk1013: restore the range after resume (bnc#1012382). - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130345). - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130346). - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425). - iommu/amd: Set exclusion range correctly (bsc#1130425). - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130). - iommu/hyper-v: Add Hyper-V stub IOMMU driver (bsc#1122822). - iommu/hyper-v: Add Hyper-V stub IOMMU driver (fate#327171, bsc#1122822). - iommu/vt-d: Check capability before disabling protected memory (bsc#1130347). - iommu/vt-d: Do not request page request irq under dmar_global_lock (bsc#1135013). - iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU (bsc#1135014). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bsc#1135015). - ip6: fix PMTU discovery when using /127 subnets (git-fixes). - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (bnc#1012382). - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (bnc#1012382). - ip_tunnel: fix ip tunnel lookup in collect_md mode (git-fixes). - ipv4: add sanity checks in ipv4_link_failure() (git-fixes). - ipv4: ensure rcu_read_lock() in ipv4_link_failure() (bnc#1012382). - ipv4: recompile ip options in ipv4_link_failure (bnc#1012382). - ipv6: Fix dangling pointer when ipv6 fragment (bnc#1012382). - ipv6: sit: reset ip header pointer in ipip6_rcv (bnc#1012382). - ipvlan: disallow userns cap_net_admin to change global mode/flags (bnc#1012382). - ipvs: Fix signed integer overflow when setsockopt timeout (bnc#1012382). - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bnc#1012382). - iscsi_ibft: Fix missing break in switch statement (bnc#1012382). - isdn: avm: Fix string plus integer warning from Clang (bnc#1012382). - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bnc#1012382). - isdn: isdn_tty: fix build warning of strncpy (bnc#1012382). - It's wrong to add len to sector_nr in raid10 reshape twice (bnc#1012382). - iwlwifi: dbg: do not crash if the firmware crashes in the middle of a debug dump (bsc#1119086). - jbd2: clear dirty flag when revoking a buffer from an older transaction (bnc#1012382). - jbd2: fix compile warning when using JBUFFER_TRACE (bnc#1012382). - kabi: arm64: fix kabi breakage on arch specific module (bsc#1126040) - kabi fixup gendisk disk_devt revert (bsc#1020989). - kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD (bnc#1012382). - kbuild: setlocalversion: print error to STDERR (bnc#1012382). - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv (bnc#1012382). - kernel/sysctl.c: fix out-of-bounds access when setting file-max (bnc#1012382). - keys: allow reaching the keys quotas exactly (bnc#1012382). - keys: always initialize keyring_index_key::desc_len (bnc#1012382). - keys: restrict /proc/keys by credentials at open time (bnc#1012382). - keys: user: Align the payload buffer (bnc#1012382). - kprobes: Fix error check when reusing optimized probes (bnc#1012382). - kprobes: Mark ftrace mcount handler functions nokprobe (bnc#1012382). - kprobes: Prohibit probing on bsearch() (bnc#1012382). - kvm: Call kvm_arch_memslots_updated() before updating memslots (bsc#1132634). - kvm: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 (bnc#1012382). - kvm: nVMX: Apply addr size mask to effective address for VMX instructions (bsc#1132635). - kvm: nVMX: Ignore limit checks on VMX instructions using flat segments (bnc#1012382). - kvm: nVMX: Sign extend displacements of VMX instr's mem operands (bnc#1012382). - kvm: Reject device ioctls from processes other than the VM's creator (bnc#1012382). - kvm: VMX: Compare only a single byte for VMCS' 'launched' in vCPU-run (bsc#1132636). - kvm: VMX: Zero out *all* general purpose registers after VM-Exit (bsc#1132637). - kvm: x86: Do not clear EFER during SMM transitions for 32-bit vCPU (bnc#1012382). - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bsc#1132534). - kvm: X86: Fix residual mmio emulation request to userspace (bnc#1012382). - kvm: x86/mmu: Do not cache MMIO accesses while memslots are in flux (bsc#1132638). - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes). - leds: lp5523: fix a missing check of return value of lp55xx_read (bnc#1012382). - leds: lp55xx: fix null deref on firmware load failure (bnc#1012382). - lib: add crc64 calculation routines (bsc#1130972). - lib/div64.c: off by one in shift (bnc#1012382). - lib: do not depend on linux headers being installed (bsc#1130972). - libertas: call into generic suspend code before turning off power (bsc#1106110). - libertas: fix suspend and resume for SDIO connected cards (bsc#1106110). - lib/int_sqrt: optimize initial value compute (bnc#1012382). - lib/int_sqrt: optimize small argument (bnc#1012382). - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1131857). - lib/string.c: implement a basic bcmp (bnc#1012382). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bnc#1012382). - locking/static_keys: Improve uninitialized key warning (bsc#1106913). - lpfc: validate command in lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138). - m68k: Add -ffreestanding to CFLAGS (bnc#1012382). - mac80211: do not call driver wake_tx_queue op during reconfig (bnc#1012382). - mac80211: do not initiate TDLS connection if station is not associated to AP (bnc#1012382). - mac80211: fix miscounting of ttl-dropped frames (bnc#1012382). - mac80211: fix 'warning: target metric may be used uninitialized' (bnc#1012382). - mac80211_hwsim: propagate genlmsg_reply return code (bnc#1012382). - mac8390: Fix mmio access size probe (bnc#1012382). - md: Fix failed allocation of md_register_thread (bnc#1012382). - mdio_bus: Fix use-after-free on device_register fails (bnc#1012382 git-fixes). - md/raid1: do not clear bitmap bits on interrupted recovery (git-fixes). - md: use mddev_suspend/resume instead of ->quiesce() (bsc#1132212). - media: cx88: Get rid of spurious call to cx8800_start_vbi_dma() (bsc#1100132). - media: mt9m111: set initial frame size other than 0x0 (bnc#1012382). - media: mx2_emmaprp: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: s5p-g2d: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bnc#1012382). - media: s5p-jpeg: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: sh_veu: Correct return type for mem2mem buffer helpers (bnc#1012382). - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bnc#1012382). - media: uvcvideo: Fix 'type' check leading to overflow (bnc#1012382). - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1119086). - media: v4l2-ctrls.c/uvc: zero v4l2_event (bnc#1012382). - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1120902). - media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() (bnc#1012382). - media: vivid: potential integer overflow in vidioc_g_edid() (bsc#11001132). - mfd: ab8500-core: Return zero in get_register_interruptible() (bnc#1012382). - mfd: db8500-prcmu: Fix some section annotations (bnc#1012382). - mfd: mc13xxx: Fix a missing check of a register-read failure (bnc#1012382). - mfd: qcom_rpm: write fw_version to CTRL_REG (bnc#1012382). - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bnc#1012382). - mfd: twl-core: Fix section annotations on (,un)protect_pm_master (bnc#1012382). - mfd: wm5110: Add missing ASRC rate register (bnc#1012382). - mips: ath79: Enable OF serial ports in the default config (bnc#1012382). - mips: Fix kernel crash for R6 in jump label branch function (bnc#1012382). - mips: irq: Allocate accurate order pages for irq stack (bnc#1012382). - mips: jazz: fix 64bit build (bnc#1012382). - mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to 'cascade' irqaction (bnc#1012382). - mips: Remove function size check in get_frame_info() (bnc#1012382). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bnc#1012382). - missing barriers in some of unix_sock ->addr and ->path accesses (bnc#1012382). - mmc: bcm2835: reset host on timeout (bsc#1070872). - mmc: block: Allow more than 8 partitions per card (bnc#1012382). - mmc: core: fix using wrong io voltage if mmc_select_hs200 fails (bnc#1012382). - mmc: core: shut up 'voltage-ranges unspecified' pr_info() (bnc#1012382). - mmc: davinci: remove extraneous __init annotation (bnc#1012382). - mmc: debugfs: Add a restriction to mmc debugfs clock setting (bnc#1012382). - mm/cma.c: cma_declare_contiguous: correct err handling (bnc#1012382). - mmc: make MAN_BKOPS_EN message a debug (bnc#1012382). - mmc: mmc: fix switch timeout issue caused by jiffies precision (bnc#1012382). - mmc: omap: fix the maximum timeout setting (bnc#1012382). - mmc: pwrseq_simple: Make reset-gpios optional to match doc (bnc#1012382). - mmc: pxamci: fix enum type confusion (bnc#1012382). - mmc: sanitize 'bus width' in debug output (bnc#1012382). - mmc: spi: Fix card detection during probe (bnc#1012382). - mmc: tmio_mmc_core: do not claim spurious interrupts (bnc#1012382). - mm/debug.c: fix __dump_page when mapping->host is not set (bsc#1131934). - mm, memory_hotplug: fix off-by-one in is_pageblock_removable (git-fixes). - mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone (bnc#1012382). - mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone (bnc#1012382). - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified (bnc#1012382). - mm: move is_pageblock_removable_nolock() to mm/memory_hotplug.c (git-fixes prerequisity). - mm/page_ext.c: fix an imbalance with kmemleak (bnc#1012382). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bsc#1131935) - mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON (bnc#1012382). - mm/slab.c: kmemleak no scan alien caches (bnc#1012382). - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! (bnc#1012382). - mm/vmalloc: fix size check for remap_vmalloc_range_partial() (bnc#1012382). - mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n (bnc#1012382). - modpost: file2alias: check prototype of handler (bnc#1012382). - modpost: file2alias: go back to simple devtable lookup (bnc#1012382). - move power_up_on_resume flag to end of structure for kABI (bsc#1106110). - mt7601u: bump supported EEPROM version (bnc#1012382). - mtd: Fix comparison in map_word_andequal() (git-fixes). - mwifiex: pcie: tighten a check in mwifiex_pcie_process_event_ready() (bsc#1100132). - ncpfs: fix build warning of strncpy (bnc#1012382). - net: add description for len argument of dev_get_phys_port_name (git-fixes). - net: Add __icmp_send helper (bnc#1012382). - net: altera_tse: fix connect_local_phy error path (bnc#1012382). - net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case (bnc#1012382). - net: atm: Fix potential Spectre v1 vulnerabilities (bnc#1012382). - net: avoid use IPCB in cipso_v4_error (bnc#1012382). - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier (bnc#1012382). - net: diag: support v4mapped sockets in inet_diag_find_one_icsk() (bnc#1012382). - net: do not decrement kobj reference count on init failure (git-fixes). - net: dsa: mv88e6xxx: Fix u64 statistics (bnc#1012382). - net: ena: fix race between link up and device initalization (bsc#1129278). - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129278). - net: ethtool: not call vzalloc for zero sized memory request (bnc#1012382). - netfilter: ipt_CLUSTERIP: fix use-after-free of proc entry (git-fixes). - netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options (bnc#1012382). - netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters (bnc#1012382). - netfilter: nfnetlink_log: just returns error for unknown command (bnc#1012382). - netfilter: nfnetlink: use original skbuff when acking batches (git-fixes). - netfilter: physdev: relax br_netfilter dependency (bnc#1012382). - netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (bnc#1012382). - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv (bnc#1012382). - net: hns: Fix use after free identified by SLUB debug (bnc#1012382). - net: hns: Fix wrong read accesses via Clause 45 MDIO protocol (bnc#1012382). - net: hsr: fix memory leak in hsr_dev_finalize() (bnc#1012382). - net/hsr: fix possible crash in add_timer() (bnc#1012382). - net/ibmvnic: Update carrier state after link state change (bsc#1135100). - net/ibmvnic: Update MAC address settings after adapter reset (bsc#1134760). - netlabel: fix out-of-bounds memory accesses (bnc#1012382). - net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames (bnc#1012382). - net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() (bnc#1012382). - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails (bnc#1012382). - netns: provide pure entropy for net_hash_mix() (bnc#1012382). - net/packet: fix 4gb buffer limit due to overflow check (bnc#1012382). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (bnc#1012382). - net: phy: Micrel KSZ8061: link failure after cable connect (bnc#1012382). - net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock() (bnc#1012382). - net: rose: fix a possible stack overflow (bnc#1012382). - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 (bnc#1012382). - net: set static variable an initial value in atl2_probe() (bnc#1012382). - net: sit: fix UBSAN Undefined behaviour in check_6rd (bnc#1012382). - net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() (bnc#1012382). - net-sysfs: call dev_hold if kobject_init_and_add success (git-fixes). - net-sysfs: Fix mem leak in netdev_register_kobject (bnc#1012382). - net: systemport: Fix reception of BPDUs (bnc#1012382). - net: tcp_memcontrol: properly detect ancestor socket pressure (git-fixes). - net/x25: fix a race in x25_bind() (bnc#1012382). - net/x25: fix use-after-free in x25_device_event() (bnc#1012382). - net/x25: reset state in x25_connect() (bnc#1012382). - NFC: nci: memory leak in nci_core_conn_create() (git-fixes). - nfs41: pop some layoutget errors to application (bnc#1012382). - nfs: Add missing encode / decode sequence_maxsz to v4.2 operations (git-fixes). - nfs: clean up rest of reqs when failing to add one (git-fixes). - nfsd: fix memory corruption caused by readdir (bsc#1127445). - nfsd: fix wrong check in write_v4_end_grace() (git-fixes). - nfs: Do not recoalesce on error in nfs_pageio_complete_mirror() (git-fixes). - nfs: Fix an I/O request leakage in nfs_do_recoalesce (git-fixes). - nfs: Fix dentry revalidation on NFSv4 lookup (bsc#1132618). - nfs: Fix I/O request leakages (git-fixes). - nfs: fix mount/umount race in nlmclnt (git-fixes). - nfs: Fix NULL pointer dereference of dev_name (bnc#1012382). - nfs/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount (git-fixes). - nfsv4.x: always serialize open/close operations (bsc#1114893). - numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES (bnc#1012382). - nvme-fc: resolve io failures during connect (bsc#1116803). - ocfs2: fix a panic problem caused by o2cb_ctl (bnc#1012382). - openvswitch: fix flow actions reallocation (bnc#1012382). - packets: Always register packet sk in the same order (bnc#1012382). - parport_pc: fix find_superio io compare code, should use equal test (bnc#1012382). - pci: Add function 1 DMA alias quirk for Marvell 9170 SATA controller (bnc#1012382). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822). - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (fate#327171, bsc#1122822). - pci: xilinx-nwl: Add missing of_node_put() (bsc#1100132). - perf auxtrace: Define auxtrace record alignment (bnc#1012382). - perf bench: Copy kernel files needed to build mem(cpy,set) x86_64 benchmarks (bnc#1012382). - perf/core: Restore mmap record type correctly (bnc#1012382). - perf evsel: Free evsel->counts in perf_evsel__exit() (bnc#1012382). - perf intel-pt: Fix CYC timestamp calculation after OVF (bnc#1012382). - perf intel-pt: Fix overlap calculation for padding (bnc#1012382). - perf intel-pt: Fix TSC slip (bnc#1012382). - perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops (bnc#1012382). - perf symbols: Filter out hidden symbols from labels (bnc#1012382). - perf: Synchronously free aux pages in case of allocation failure (bnc#1012382). - perf test: Fix failure of 'evsel-tp-sched' test on s390 (bnc#1012382). - perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test() (bnc#1012382). - perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test (bnc#1012382). - perf tools: Handle TOPOLOGY headers with no CPU (bnc#1012382). - perf top: Fix error handling in cmd_top() (bnc#1012382). - perf/x86/amd: Add event map for AMD Family 17h (bsc#1114648). - phonet: fix building with clang (bnc#1012382). - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bnc#1012382). - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bnc#1012382). - PM / Hibernate: Call flush_icache_range() on pages restored in-place (bnc#1012382). - PM / wakeup: Rework wakeup source timer cancellation (bnc#1012382). - pNFS: Skip invalid stateids when doing a bulk destroy (git-fixes). - powerpc/32: Clear on-stack exception marker upon exception return (bnc#1012382). - powerpc/64: Call setup_barrier_nospec() from setup_arch() (bsc#1131107). - powerpc/64: Disable the speculation barrier from the command line (bsc#1131107). - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (bsc#1131107). - powerpc/64s: Add new security feature flags for count cache flush (bsc#1131107). - powerpc/64s: Add support for software count cache flush (bsc#1131107). - powerpc/83xx: Also save/restore SPRG4-7 during suspend (bnc#1012382). - powerpc: Always initialize input array when calling epapr_hypercall() (bnc#1012382). - powerpc/asm: Add a patch_site macro & helpers for patching instructions (bsc#1131107). - powerpc/fsl: Fix spectre_v2 mitigations reporting (bsc#1131107). - powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search (bsc#1131900). - powerpc/numa: document topology_updates_enabled, disable by default (bsc#1133584). - powerpc/numa: improve control of topology updates (bsc#1133584). - powerpc/perf: Fix unit_sel/cache_sel checks (bsc#1053043). - powerpc/perf: Remove l2 bus events from HW cache event array (bsc#1053043). - powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1053043, git-fixes). - powerpc/powernv/cpuidle: Init all present cpus for deep states (bsc#1066223). - powerpc/powernv: Make opal log only readable by root (bnc#1012382). - powerpc/powernv: Query firmware for count cache flush settings (bsc#1131107). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes). - powerpc/pseries: Query hypervisor for count cache flush settings (bsc#1131107). - powerpc/security: Fix spectre_v2 reporting (bsc#1131107). - powerpc/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - powerpc/tm: Add commandline option to disable hardware transactional memory (bsc#1118338). - powerpc/tm: Add TM Unavailable Exception (bsc#1118338). - powerpc/tm: Flip the HTM switch default to disabled (bsc#1125580). - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bsc#1131587). - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038 (bsc#1131587). - powerpc/wii: properly disable use of BATs when requested (bnc#1012382). - qmi_wwan: add Olicard 600 (bnc#1012382). - ravb: Decrease TxFIFO depth of Q3 and Q2 to one (bnc#1012382). - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (bnc#1012382). - RDMA/core: Do not expose unsupported counters (bsc#994770). - RDMA/srp: Rework SCSI device reset handling (bnc#1012382). - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bnc#1012382). - regulator: s2mpa01: Fix step values for some LDOs (bnc#1012382). - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bnc#1012382). - Revert 'block: unexport DISK_EVENT_MEDIA_CHANGE for legacy/fringe drivers' (bsc#1110946). - Revert 'bridge: do not add port to router list when receives query with source 0.0.0.0' (bnc#1012382). - Revert 'ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd and ide-cd' (bsc#1110946). - Revert 'ipv4: keep skb->dst around in presence of IP options' (git-fixes). - Revert 'kbuild: use -Oz instead of -Os when using clang' (bnc#1012382). - Revert 'KEYS: restrict /proc/keys by credentials at open time' (kabi). - Revert 'locking/lockdep: Add debug_locks check in __lock_downgrade()' (bnc#1012382). - Revert 'mmc: block: do not use parameter prefix if built as module' (bnc#1012382). - Revert 'netns: provide pure entropy for net_hash_mix()' (kabi). - Revert 'scsi, block: fix duplicate bdi name registration crashes' (bsc#1020989). - Revert 'USB: core: only clean up what we allocated' (bnc#1012382). - Revert 'x86/kprobes: Verify stack frame on kretprobe' (kabi). - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (bnc#1012382). - rsi: fix a dereference on adapter before it has been null checked (bsc#1085539). - rsi: improve kernel thread handling to fix kernel panic (bnc#1012382). - rtc: Fix overflow when converting time64_t to rtc_time (bnc#1012382). - rtl8xxxu: Fix missing break in switch (bsc#1120902). - s390/dasd: fix panic for failed online processing (bsc#1132589). - s390/dasd: fix using offset into zero size array error (bnc#1012382). - s390: Prevent hotplug rwsem recursion (bsc#1131980). - s390/qeth: fix use-after-free in error path (bnc#1012382). - s390/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - s390/virtio: handle find on invalid queue gracefully (bnc#1012382). - sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913). - sched/fair: Do not re-read ->h_load_next during hierarchical load calculation (bnc#1012382). - sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup (bnc#1012382). - sched/smt: Expose sched_smt_present static key (bsc#1106913). - sched/smt: Make sched_smt_present track topology (bsc#1106913). - scripts/git_sort/git_sort.py: Add fixes branch from mkp/scsi.git. - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c (bnc#1012382). - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() (bnc#1012382). - scsi: isci: initialize shost fully before calling scsi_add_host() (bnc#1012382). - scsi: libfc: free skb when receiving invalid flogi resp (bnc#1012382). - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bnc#1012382). - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached (bnc#1012382). - scsi: megaraid_sas: return error when create DMA pool failed (bnc#1012382). - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param (bnc#1012382). - scsi: sd: Fix a race between closing an sd device and sd I/O (bnc#1012382). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (). - scsi: storvsc: Fix a race in sub-channel creation that can cause panic (fate#323887). - scsi: storvsc: Reduce default ring buffer size to 128 Kbytes (). - scsi: storvsc: Reduce default ring buffer size to 128 Kbytes (fate#323887). - scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock (bnc#1012382). - scsi: virtio_scsi: do not send sc payload with tmfs (bnc#1012382). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bnc#1012382). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bnc#1012382). - sctp: fix the transports round robin issue when init is retransmitted (git-fixes). - sctp: get sctphdr by offset in sctp_compute_cksum (bnc#1012382). - sctp: initialize _pad of sockaddr_in before copying to user memory (bnc#1012382). - serial: 8250_pci: Fix number of ports for ACCES serial cards (bnc#1012382). - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bnc#1012382). - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bnc#1012382). - serial: max310x: Fix to avoid potential NULL pointer dereference (bnc#1012382). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bnc#1012382). - serial: sprd: adjust TIMEOUT to a big value (bnc#1012382). - serial: sprd: clear timeout interrupt only rather than all interrupts (bnc#1012382). - serial: uartps: console_setup() can't be placed to init section (bnc#1012382). - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() (bnc#1012382). - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bnc#1012382). - SoC: imx-sgtl5000: add missing put_device() (bnc#1012382). - sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names (bnc#1012382). - soc: qcom: gsbi: Fix error handling in gsbi_probe() (bnc#1012382). - soc/tegra: fuse: Fix illegal free of IO base address (bnc#1012382). - staging: ashmem: Add missing include (bnc#1012382). - staging: ashmem: Avoid deadlock with mmap/shrink (bnc#1012382). - staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf (bnc#1012382). - staging: comedi: ni_usb6501: Fix use of uninitialized mutex (bnc#1012382). - staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf (bnc#1012382). - staging: comedi: vmk80xx: Fix use of uninitialized semaphore (bnc#1012382). - staging: goldfish: audio: fix compiliation on arm (bnc#1012382). - staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT (bnc#1012382). - staging: lustre: fix buffer overflow of string buffer (bnc#1012382). - staging: rtl8188eu: avoid a null dereference on pmlmepriv (bsc#1085539). - staging: vt6655: Fix interrupt race condition on device start up (bnc#1012382). - staging: vt6655: Remove vif check from vnt_interrupt (bnc#1012382). - stm class: Do not leak the chrdev in error path (bnc#1012382). - stm class: Fix an endless loop in channel allocation (bnc#1012382). - stm class: Fix a race in unlinking (bnc#1012382). - stm class: Fix link list locking (bnc#1012382). - stm class: Fix locking in unbinding policy path (bnc#1012382). - stm class: Fix stm device initialization order (bnc#1012382). - stm class: Fix unbalanced module/device refcounting (bnc#1012382). - stm class: Fix unlocking braino in the error path (bnc#1012382). - stm class: Guard output assignment against concurrency (bnc#1012382). - stm class: Hide STM-specific options if STM is disabled (bnc#1012382). - stm class: Prevent division by zero (bnc#1012382). - stm class: Prevent user-controllable allocations (bnc#1012382). - stm class: Support devices with multiple instances (bnc#1012382). - stmmac: copy unicast mac address to MAC registers (bnc#1012382). - stop_machine: Provide stop_machine_cpuslocked() (bsc#1131980). - sunrpc: do not mark uninitialised items as VALID (bsc#1130737). - sunrpc: init xdr_stream for zero iov_len, page_len (bsc#11303356). - supported.conf: add lib/crc64 because bcache uses it - svm/avic: Fix invalidate logical APIC id entry (bsc#1132727). - svm: Fix AVIC DFR and LDR handling (bsc#1130343). - svm: Fix improper check when deactivate AVIC (bsc#1130344). - sysctl: handle overflow for file-max (bnc#1012382). - tcp/dccp: drop SYN packets if accept queue is full (bnc#1012382). - tcp/dccp: remove reqsk_put() from inet_child_forget() (git-fixes). - tcp: do not use ipv6 header for ipv4 flow (bnc#1012382). - tcp: Ensure DCTCP reacts to losses (bnc#1012382). - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes). - tcp: tcp_grow_window() needs to respect tcp_space() (bnc#1012382). - thermal/int340x_thermal: Add additional UUIDs (bnc#1012382). - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check (bnc#1012382). - thermal/int340x_thermal: fix mode setting (bnc#1012382). - time: Introduce jiffies64_to_nsecs() (bsc#1113399). - tmpfs: fix link accounting when a tmpfile is linked in (bnc#1012382). - tmpfs: fix uninitialized return value in shmem_link (bnc#1012382). - tools lib traceevent: Fix buffer overflow in arg_eval (bnc#1012382). - tools/power turbostat: return the exit status of a command (bnc#1012382). - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1020645). - tpm: Fix the type of the return value in calc_tpm2_event_size() (bsc#1020645, git-fixes). - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bnc#1012382). - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete (bnc#1012382). - tpm: tpm-interface.c drop unused macros (bsc#1020645). - tracing: kdb: Fix ftdump to not sleep (bnc#1012382). - tty: atmel_serial: fix a potential NULL pointer dereference (bnc#1012382). - tty: increase the default flip buffer limit to 2*640K (bnc#1012382). - tty: ldisc: add sysctl to prevent autoloading of ldiscs (bnc#1012382). - tty/serial: atmel: Add is_half_duplex helper (bnc#1012382). - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped (bnc#1012382). - uas: fix alignment of scatter/gather segments (bsc#1129770). - udf: Fix crash on IO error during truncate (bnc#1012382). - Update config files: add CONFIG_CRC64=m - usb: Add new USB LPM helpers (bsc#1129770). - usb: chipidea: Grab the (legacy) USB PHY by phandle first (bnc#1012382). - usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1129770). - usb: core: only clean up what we allocated (bnc#1012382). - usb: dwc2: Fix DMA alignment to start at allocated boundary (bsc#1100132). - usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub (bsc#1100132). - usb: dwc3: gadget: Fix suspend/resume during device mode (bnc#1012382). - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bnc#1012382). - usb: gadget: Add the gserial port checking in gs_start_tx() (bnc#1012382). - usb: gadget: composite: fix dereference after null check coverify warning (bnc#1012382). - usb: gadget: configfs: add mutex lock before unregister gadget (bnc#1012382). - usb: gadget: Potential NULL dereference on allocation error (bnc#1012382). - usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG (bnc#1012382). - usb: renesas_usbhs: gadget: fix unused-but-set-variable warning (bnc#1012382). - usb: serial: cp210x: add ID for Ingenico 3070 (bnc#1012382). - usb: serial: cp210x: add new device id (bnc#1012382). - usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1119086). - usb: serial: ftdi_sio: add additional NovaTech products (bnc#1012382). - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bnc#1012382). - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770). - usb: serial: option: add Olicard 600 (bnc#1012382). - usb: serial: option: add Telit ME910 ECM composition (bnc#1012382). - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770). - video: fbdev: Set pixclock = 0 in goldfishfb (bnc#1012382). - vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel (bnc#1012382). - vxlan: Do not call gro_cells_destroy() before device is unregistered (bnc#1012382). - vxlan: Fix GRO cells race condition between receive and link delete (bnc#1012382). - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (bnc#1012382). - wlcore: Fix memory leak in case wl12xx_fetch_firmware failure (bnc#1012382). - wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1120902). - x.509: unpack RSA signatureValue field from BIT STRING (git-fixes). - x86_64: increase stack size for KASAN_EXTRA (bnc#1012382). - x86/apic: Provide apic_ack_irq() (bsc#1122822). - x86/apic: Provide apic_ack_irq() (fate#327171, bsc#1122822). - x86/build: Mark per-CPU symbols as absolute explicitly for LLD (bnc#1012382). - x86/build: Specify elf_i386 linker emulation explicitly for i386 objects (bnc#1012382). - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bnc#1012382). - x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors (bnc#1012382). - x86/hpet: Prevent potential NULL pointer dereference (bnc#1012382). - x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error (bnc#1012382). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822). - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (fate#327171, bsc#1122822). - x86/kexec: Do not setup EFI info if EFI runtime is not enabled (bnc#1012382). - x86/kprobes: Verify stack frame on kretprobe (bnc#1012382). - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114648). - x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y (bnc#1012382). - x86/speculation: Remove redundant arch_smt_update() invocation (bsc#1111331). - x86/speculation: Support 'mitigations=' cmdline option (bsc#1112178). - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114648). - x86/vdso: Add VCLOCK_HVCLOCK vDSO clock read method (bsc#1133308). - x86/vdso: Drop implicit common-page-size linker flag (bnc#1012382). - x86/vdso: Pass --eh-frame-hdr to the linker (git-fixes). - x86: vdso: Use $LD instead of $CC to link (bnc#1012382). - xen-netback: fix occasional leak of grant ref mappings under memory pressure (bnc#1012382). - xen: Prevent buffer overflow in privcmd ioctl (bnc#1012382). - xfrm_user: fix info leak in build_aevent() (git-fixes). - xfrm_user: fix info leak in xfrm_notify_sa() (git-fixes). - xhci: Do not let USB3 ports stuck in polling state prevent suspend (bsc#1047487). - xhci: Fix port resume done detection for SS ports with LPM enabled (bnc#1012382). - xtensa: fix return_address (bnc#1012382). - xtensa: SMP: fix ccount_timer_shutdown (bnc#1012382). - xtensa: SMP: fix secondary CPU initialization (bnc#1012382). - xtensa: SMP: limit number of possible CPUs by NR_CPUS (bnc#1012382). - xtensa: SMP: mark each possible CPU as present (bnc#1012382). - xtensa: smp_lx200_defconfig: fix vectors clash (bnc#1012382)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1020645" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1020989" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031492" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047487" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053043" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1062056" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1063638" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064388" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1066223" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1070872" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085539" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087092" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094244" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1096480" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1096728" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097104" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100132" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103186" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1105348" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106110" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106913" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106929" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108293" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110785" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110946" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111331" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112063" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112178" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113399" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114542" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114638" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114648" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114893" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1116803" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118338" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118506" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119086" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119974" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122776" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122822" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1125580" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1126040" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1126356" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1127445" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129138" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129278" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129326" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129770" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130130" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130343" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130344" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130345" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130346" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130347" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130356" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130425" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130567" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130737" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130972" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131107" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131416" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131427" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131488" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131587" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131659" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131857" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131900" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131934" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131935" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131980" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132212" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132227" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132534" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132589" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132618" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132619" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132634" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132635" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132636" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132637" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132638" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132727" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132828" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133188" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133308" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133584" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134160" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134162" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134537" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134564" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134565" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134566" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134651" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134760" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134848" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135013" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135014" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135015" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135100" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=843419" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=994770" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/support/kb/doc/?id=7023736" ); script_set_attribute( attribute:"solution", value:"Update the affected the Linux Kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/12"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/21"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-base-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-base-debuginfo-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-debuginfo-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-debugsource-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-devel-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-devel-debuginfo-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-base-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-base-debuginfo-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-debuginfo-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-debugsource-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-devel-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-devel-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-docs-html-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-docs-pdf-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-macros-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-build-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-build-debugsource-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-qa-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-source-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-source-vanilla-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-syms-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-base-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-base-debuginfo-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-debuginfo-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-debugsource-4.4.179-99.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-devel-4.4.179-99.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-devel / kernel-macros / kernel-source / etc"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4118-1.NASL description It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that the Intel wifi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (wifi disconnect). (CVE-2019-0136) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Amit Klein and Benny Pinkas discovered that the location of kernel addresses could exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639) Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that a NULL pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Tuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) pro possibly execute arbitrary code. (CVE-2019-15214) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) It was discovered that a use-after-free vulnerability existed in the Appletalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physicall proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511) It was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 128478 published 2019-09-03 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128478 title Ubuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4118-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(128478); script_version("1.4"); script_cvs_date("Date: 2019/10/24 11:30:51"); script_cve_id("CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13098", "CVE-2018-13099", "CVE-2018-13100", "CVE-2018-14609", "CVE-2018-14610", "CVE-2018-14611", "CVE-2018-14612", "CVE-2018-14613", "CVE-2018-14614", "CVE-2018-14615", "CVE-2018-14616", "CVE-2018-14617", "CVE-2018-16862", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-20784", "CVE-2018-20856", "CVE-2018-5383", "CVE-2019-0136", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11085", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-12984", "CVE-2019-13233", "CVE-2019-13272", "CVE-2019-13631", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-2024", "CVE-2019-2101", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3846", "CVE-2019-3900", "CVE-2019-9506"); script_xref(name:"USN", value:"4118-1"); script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that the Intel wifi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (wifi disconnect). (CVE-2019-0136) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Amit Klein and Benny Pinkas discovered that the location of kernel addresses could exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639) Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that a NULL pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Tuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) pro possibly execute arbitrary code. (CVE-2019-15214) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) It was discovered that a use-after-free vulnerability existed in the Appletalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physicall proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511) It was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4118-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected linux-image-4.15-aws, linux-image-aws and / or linux-image-aws-hwe packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04|18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13098", "CVE-2018-13099", "CVE-2018-13100", "CVE-2018-14609", "CVE-2018-14610", "CVE-2018-14611", "CVE-2018-14612", "CVE-2018-14613", "CVE-2018-14614", "CVE-2018-14615", "CVE-2018-14616", "CVE-2018-14617", "CVE-2018-16862", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-20784", "CVE-2018-20856", "CVE-2018-5383", "CVE-2019-0136", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11085", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-12984", "CVE-2019-13233", "CVE-2019-13272", "CVE-2019-13631", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-2024", "CVE-2019-2101", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3846", "CVE-2019-3900", "CVE-2019-9506"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4118-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-1047-aws", pkgver:"4.15.0-1047.49~16.04.1")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"linux-image-aws-hwe", pkgver:"4.15.0.1047.47")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1047-aws", pkgver:"4.15.0-1047.49")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"linux-image-aws", pkgver:"4.15.0.1047.46")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.15-aws / linux-image-aws / linux-image-aws-hwe"); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0236_POLKIT.NASL description An update of the polkit package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126122 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126122 title Photon OS 1.0: Polkit PHSA-2019-1.0-0236 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-1.0-0236. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(126122); script_version("1.2"); script_cvs_date("Date: 2020/01/09"); script_cve_id("CVE-2019-6133"); script_bugtraq_id(106537); script_name(english:"Photon OS 1.0: Polkit PHSA-2019-1.0-0236"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the polkit package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-236.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11815"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/04"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:polkit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", reference:"polkit-0.113-3.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"polkit-debuginfo-0.113-3.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"polkit-devel-0.113-3.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "polkit"); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0015_ELFUTILS.NASL description An update of the elfutils package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126111 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126111 title Photon OS 3.0: Elfutils PHSA-2019-3.0-0015 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-3.0-0015. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(126111); script_version("1.2"); script_cvs_date("Date: 2020/01/09"); script_cve_id("CVE-2018-18520", "CVE-2018-18521"); script_name(english:"Photon OS 3.0: Elfutils PHSA-2019-3.0-0015"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the elfutils package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0015.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11815"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/19"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:elfutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 3\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-3.0", reference:"elfutils-0.174-3.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"elfutils-debuginfo-0.174-3.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"elfutils-devel-0.174-3.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"elfutils-devel-static-0.174-3.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"elfutils-libelf-0.174-3.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"elfutils-libelf-devel-0.174-3.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"elfutils-libelf-devel-static-0.174-3.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"elfutils-libelf-lang-0.174-3.ph3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "elfutils"); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0015_KEEPALIVED.NASL description An update of the keepalived package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126112 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126112 title Photon OS 3.0: Keepalived PHSA-2019-3.0-0015 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-3.0-0015. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(126112); script_version("1.2"); script_cvs_date("Date: 2020/01/09"); script_cve_id("CVE-2018-19044", "CVE-2018-19046"); script_name(english:"Photon OS 3.0: Keepalived PHSA-2019-3.0-0015"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the keepalived package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0015.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11815"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/19"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:keepalived"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 3\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-3.0", reference:"keepalived-2.0.16-1.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", reference:"keepalived-debuginfo-2.0.16-1.ph3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "keepalived"); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0236_LINUX.NASL description An update of the linux package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126121 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126121 title Photon OS 1.0: Linux PHSA-2019-1.0-0236 NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2019-1212.NASL description A flaw was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 125314 published 2019-05-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125314 title Amazon Linux AMI : kernel (ALAS-2019-1212) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0160_MYSQL.NASL description An update of the mysql package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 125398 published 2019-05-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125398 title Photon OS 2.0: Mysql PHSA-2019-2.0-0160 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0160_SNAPPY.NASL description An update of the snappy package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 125399 published 2019-05-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125399 title Photon OS 2.0: Snappy PHSA-2019-2.0-0160 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0015_LIBARCHIVE.NASL description An update of the libarchive package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126114 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126114 title Photon OS 3.0: Libarchive PHSA-2019-3.0-0015 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4008-3.NASL description USN-4008-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Robert Swiecki discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid elf binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid elf binary. (CVE-2019-11190) It was discovered that a NULL pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. (CVE-2019-11191) As a hardening measure, this update disables a.out support. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125768 published 2019-06-07 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125768 title Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-4008-3) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0160_MERCURIAL.NASL description An update of the mercurial package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 125397 published 2019-05-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125397 title Photon OS 2.0: Mercurial PHSA-2019-2.0-0160 NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1550-1.NASL description The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-12819: The function __mdiobus_register() called put_device(), which triggered a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bsc#1138291) CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This used to affect nfc_llcp_build_gb in net/nfc/llcp_core.c. (bsc#1138293) CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bsc#1136424) CVE-2019-10124: An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker could cause a denial of service (bsc#1130699, CVE-2019-10124). CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bsc#1136586) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests. (bbsc#1133190) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bsc#1120843) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bsc#1135281) CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here : https://www.intel.com/content/dam/www/public/us/en/documents/corporate -info rmation/SA00233-microcode-update-guidance_05132019. (bsc##1111331) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bsc#1135603) CVE-2018-12126 CVE-2018-12127 CVE-2018-12130: Microarchitectural Store Buffer Data Sampling (MSBDS): Stored buffers on some microprocessors utilizing speculative execution which may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here : https://www.intel.com/content/dam/www/public/us/en/documents/corporate -info rmation/SA00233-microcode-update-guidance_05132019. (bsc#1103186) CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bsc#1135278) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bsc#1135278) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a last seen 2020-05-12 modified 2019-06-19 plugin id 126045 published 2019-06-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126045 title SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1550-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1530-1.NASL description The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a last seen 2020-06-01 modified 2020-06-02 plugin id 125992 published 2019-06-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125992 title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1530-1) (SACK Panic) (SACK Slowness) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1479.NASL description The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-7191: In the tun subsystem dev_get_valid_name xwas not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343 (bnc#1135603). - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access (bnc#1135278). - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions (bnc#1133188). It was disabled by default. - CVE-2019-11811: There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c (bnc#1134397). - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c kernel. There is a race condition leading to a use-after-free, related to net namespace cleanup (bnc#1134537). - CVE-2019-11833: fs/ext4/extents.c did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem (bnc#1135281). - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a last seen 2020-06-01 modified 2020-06-02 plugin id 125667 published 2019-06-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125667 title openSUSE Security Update : the Linux Kernel (openSUSE-2019-1479) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1186.NASL description According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.(CVE-2012-3400)The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.(CVE-2013-2164)The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.(CVE-2013-2206)The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.(CVE-2013-6282)An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.(CVE-2018-20836)The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.(CVE-2019-11486)The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.(CVE-2019-11487)The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.(CVE-2019-11599)A n issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.(CVE-2019-11810)An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.(CVE-2019-11811)A flaw was found in the Linux kernel last seen 2020-05-03 modified 2020-03-11 plugin id 134387 published 2020-03-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134387 title EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4068-1.NASL description Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126948 published 2019-07-23 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126948 title Ubuntu 18.04 LTS : linux, linux-aws, linux-gcp, linux-kvm, linux-oracle, linux-raspi2, (USN-4068-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1404.NASL description The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed : - CVE-2018-16880: A flaw was found in handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767). - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c had multiple race conditions (bnc#1133188). It has been disabled. - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c. There is a race condition leading to a use-after-free, related to net namespace cleanup (bnc#1134537). - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a last seen 2020-06-01 modified 2020-06-02 plugin id 125243 published 2019-05-17 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125243 title openSUSE Security Update : the Linux Kernel (openSUSE-2019-1404) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1534-1.NASL description The SUSE Linux Enterprise 12 SP2 kernel version 4.4.121 was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There is an unchecked kstrdup of fwstr, which may have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (bnc#1135603) CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check had a race condition when reading /proc/pid/stat. (bnc#1131543) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not have ended with a last seen 2020-06-01 modified 2020-06-02 plugin id 125995 published 2019-06-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125995 title SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1534-1) (SACK Panic) (SACK Slowness) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4008-2.NASL description USN-4008-1 fixed multiple security issues in the Linux kernel. This update provides the corresponding changes to AppArmor policy for correctly operating under the Linux kernel with fixes for CVE-2019-11190. Without these changes, some profile transitions may be unintentionally denied due to missing mmap ( last seen 2020-06-01 modified 2020-06-02 plugin id 125767 published 2019-06-07 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125767 title Ubuntu 16.04 LTS : apparmor update (USN-4008-2) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2019-169-01.NASL description New kernel packages are available for Slackware 14.2 and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126031 published 2019-06-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126031 title Slackware 14.2 / current : kernel (SSA:2019-169-01) (SACK Panic) (SACK Slowness) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2430-1.NASL description The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130: Microarchitectural Store Buffer Data Sampling (MSBDS): Stored buffers on some microprocessors utilizing speculative execution which may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here : https://www.intel.com/content/dam/www/public/us/en/documents/corporate -info rmation/SA00233-microcode-update-guidance_05132019. (bsc#1103186)CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here : https://www.intel.com/content/dam/www/public/us/en/documents/corporate -info rmation/SA00233-microcode-update-guidance_05132019. (bsc#1111331)CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bsc#1136586) CVE-2019-10124: An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker could cause a denial of service (bsc#1130699). CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel has multiple race conditions. (bsc#1133188) CVE-2019-11811: An issue was discovered in the Linux kernel There was a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module was removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (bsc#1134397) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests. (bsc#1133190) CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This used to affect nfc_llcp_build_gb in net/nfc/llcp_core.c. (bsc#1138293) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bsc#1135281) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bsc#1120843) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bsc#1135603) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a last seen 2020-05-12 modified 2019-09-24 plugin id 129284 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129284 title SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0160_LINUX.NASL description An update of the linux package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 125396 published 2019-05-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125396 title Photon OS 2.0: Linux PHSA-2019-2.0-0160 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0015_MYSQL.NASL description An update of the mysql package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126117 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126117 title Photon OS 3.0: Mysql PHSA-2019-3.0-0015 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0236_LIBSOUP.NASL description An update of the libsoup package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126120 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126120 title Photon OS 1.0: Libsoup PHSA-2019-1.0-0236 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-4685.NASL description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s). last seen 2020-06-01 modified 2020-06-02 plugin id 125964 published 2019-06-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125964 title Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4685) (SACK Panic) (SACK Slowness) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1612.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges.(CVE-2019-6133) - A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls.(CVE-2019-3901) - A race condition was found between between mmget_not_zero()/get_task_mm() when core dumping tasks. A local attacker is able to exploit race condition where locking of semaphore would allow an attacker to leak kernel memory to userspace.(CVE-2019-3892) - A flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service (DoS), or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls.(CVE-2019-11599) - An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.(CVE-2018-20836) - A flaw was found in the Linux kernel, prior to version 5.0.7, in drivers/scsi/megaraid/megaraid_sas_base.c, where a NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds(). An attacker can crash the system if they were able to load the megaraid_sas kernel module and groom memory beforehand, leading to a denial of service (DoS), related to a use-after-free.(CVE-2019-11810) - A flaw was found in the Linux kernel last seen 2020-03-19 modified 2019-05-30 plugin id 125564 published 2019-05-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125564 title EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1612) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1536-1.NASL description The SUSE Linux Enterprise 12 SP4 kernel was updated to 4.12.14 to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a last seen 2020-06-01 modified 2020-06-02 plugin id 125997 published 2019-06-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125997 title SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1536-1) (SACK Panic) (SACK Slowness) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1824.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi (mwifiex) driver, which a local user could use to cause denial of service or the execution of arbitrary code. CVE-2019-5489 Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, and Anders Fogh discovered that local users could use the mincore() system call to obtain sensitive information from other processes that access the same memory-mapped file. CVE-2019-9500, CVE-2019-9503 Hugues Anguelkov discovered a buffer overflow and missing access validation in the Broadcom FullMAC wifi driver (brcmfmac), which a attacker on the same wifi network could use to cause denial of service or the execution of arbitrary code. CVE-2019-11477 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) allows a remotely triggerable kernel panic. CVE-2019-11478 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) will fragment the TCP retransmission queue, allowing an attacker to cause excessive resource usage. CVE-2019-11479 Jonathan Looney reported that an attacker could force the Linux kernel to segment its responses into multiple TCP segments, each of which contains only 8 bytes of data, drastically increasing the bandwidth required to deliver the same amount of data. This update introduces a new sysctl value to control the minimal MSS (net.ipv4.tcp_min_snd_mss), which by default uses the formerly hard- coded value of 48. We recommend raising this to 536 unless you know that your network requires a lower value. CVE-2019-11486 Jann Horn of Google reported numerous race conditions in the Siemens R3964 line discipline. A local user could use these to cause unspecified security impact. This module has therefore been disabled. CVE-2019-11599 Jann Horn of Google reported a race condition in the core dump implementation which could lead to a use-after-free. A local user could use this to read sensitive information, to cause a denial of service (memory corruption), or for privilege escalation. CVE-2019-11815 It was discovered that a use-after-free in the Reliable Datagram Sockets protocol could result in denial of service and potentially privilege escalation. This protocol module (rds) is not auto- loaded on Debian systems, so this issue only affects systems where it is explicitly loaded. CVE-2019-11833 It was discovered that the ext4 filesystem implementation writes uninitialised data from kernel memory to new extent blocks. A local user able to write to an ext4 filesystem and then read the filesystem image, for example using a removable drive, might be able to use this to obtain sensitive information. CVE-2019-11884 It was discovered that the Bluetooth HIDP implementation did not ensure that new connection names were null-terminated. A local user with CAP_NET_ADMIN capability might be able to use this to obtain sensitive information from the kernel stack. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 126009 published 2019-06-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126009 title Debian DLA-1824-1 : linux-4.9 security update (SACK Panic) (SACK Slowness) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1636.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.(CVE-2019-11815)A flaw was found in the Linux kernel last seen 2020-04-16 modified 2019-05-30 plugin id 125588 published 2019-05-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125588 title EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1636) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-4670.NASL description Description of changes: [4.1.12-124.28.1.el7uek] - hugetlbfs: don last seen 2020-06-01 modified 2020-06-02 plugin id 125755 published 2019-06-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125755 title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4670) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0236_PYTHON2.NASL description An update of the python2 package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126123 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126123 title Photon OS 1.0: Python2 PHSA-2019-1.0-0236 NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1535-1.NASL description The SUSE Linux Enterprise 15 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a last seen 2020-06-01 modified 2020-06-02 plugin id 125996 published 2019-06-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125996 title SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1535-1) (SACK Panic) (SACK Slowness) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4005-1.NASL description It was discovered that a NULL pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125721 published 2019-06-05 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125721 title Ubuntu 19.04 : linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon (USN-4005-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0160_GLIBC.NASL description An update of the glibc package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 125393 published 2019-05-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125393 title Photon OS 2.0: Glibc PHSA-2019-2.0-0160 NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1212.NASL description A flaw was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 125291 published 2019-05-21 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125291 title Amazon Linux 2 : kernel (ALAS-2019-1212) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0015_LINUX.NASL description An update of the linux package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126115 published 2019-06-24 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126115 title Photon OS 3.0: Linux PHSA-2019-3.0-0015 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0160_LIBPNG.NASL description An update of the libpng package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 125395 published 2019-05-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125395 title Photon OS 2.0: Libpng PHSA-2019-2.0-0160 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0236_TAR.NASL description An update of the tar package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126124 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126124 title Photon OS 1.0: Tar PHSA-2019-1.0-0236 NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2019-0024.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - hugetlbfs: don last seen 2020-06-01 modified 2020-06-02 plugin id 125754 published 2019-06-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125754 title OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0024) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0015_MERCURIAL.NASL description An update of the mercurial package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126116 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126116 title Photon OS 3.0: Mercurial PHSA-2019-3.0-0015 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0015_KUBERNETES.NASL description An update of the kubernetes package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126113 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126113 title Photon OS 3.0: Kubernetes PHSA-2019-3.0-0015
References
- https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8
- http://www.securityfocus.com/bid/108283
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html
- https://support.f5.com/csp/article/K32019083
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
- https://usn.ubuntu.com/4008-1/
- https://usn.ubuntu.com/4005-1/
- https://usn.ubuntu.com/4008-3/
- https://www.debian.org/security/2019/dsa-4465
- https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
- https://seclists.org/bugtraq/2019/Jun/26
- https://security.netapp.com/advisory/ntap-20190719-0003/
- https://usn.ubuntu.com/4068-1/
- https://usn.ubuntu.com/4068-2/
- http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html
- https://usn.ubuntu.com/4118-1/