Vulnerabilities > CVE-2019-11884

047910
CVSS 3.3 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
local
low complexity
linux
fedoraproject
debian
canonical
redhat
opensuse
nessus
NVD
Published: 2019-05-10
Updated: 2023-11-07

Summary

The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.

Vulnerable Configurations

Part Description Count
OS
Linux
4098
OS
Fedoraproject
3
OS
Debian
2
OS
Canonical
3
OS
Redhat
18
OS
Opensuse
3

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1527-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586) CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: It was possible to send a crafted sequence of SACKs which will fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843). CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (bnc#1135603) CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. (bnc#1131543) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125990
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125990
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1527-1) (SACK Panic) (SACK Slowness)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:1527-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(125990);
  script_version("1.4");
  script_cvs_date("Date: 2020/01/10");

  script_cve_id("CVE-2013-4343", "CVE-2018-17972", "CVE-2018-7191", "CVE-2019-11190", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-3846", "CVE-2019-5489");
  script_bugtraq_id(62360);

  script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1527-1) (SACK Panic) (SACK Slowness)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to
receive various security and bugfixes.

The following security bugs were fixed :

CVE-2019-11477: A sequence of SACKs may have been crafted such that
one can trigger an integer overflow, leading to a kernel panic.
(bsc#1137586)

CVE-2019-11478: It was possible to send a crafted sequence of SACKs
which will fragment the TCP retransmission queue. An attacker may have
been able to further exploit the fragmented queue to cause an
expensive linked-list walk for subsequent SACKs received for that same
TCP connection.

CVE-2019-11479: It was possible to send a crafted sequence of SACKs
which will fragment the RACK send map. A remote attacker may be able
to further exploit the fragmented send map to cause an expensive
linked-list walk for subsequent SACKs received for that same TCP
connection. This would have resulted in excess resource consumption
due to low mss values.

CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and
possibly escalate privileges was found in the mwifiex kernel module
while connecting to a malicious wireless network. (bnc#1136424)

CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in
drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an
unchecked kstrdup of fwstr, which might allow an attacker to cause a
denial of service (NULL pointer dereference and system crash).
(bnc#1136586)

CVE-2019-5489: The mincore() implementation in mm/mincore.c in the
Linux kernel allowed local attackers to observe page cache access
patterns of other processes on the same system, potentially allowing
sniffing of secret information. (Fixing this affects the output of the
fincore program.) Limited remote exploitation may be possible, as
demonstrated by latency differences in accessing public files from an
Apache HTTP Server. (bnc#1120843).

CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out
the unused memory region in the extent tree block, which might allow
local users to obtain sensitive information by reading uninitialized
data in the filesystem. (bnc#1135281)

CVE-2018-7191: In the tun subsystem in the Linux kernel before
4.13.14, dev_get_valid_name is not called before register_netdevice.
This allowed local users to cause a denial of service (NULL pointer
dereference and panic) via an ioctl(TUNSETIFF) call with a dev name
containing a / character. This is similar to CVE-2013-4343.
(bnc#1135603)

CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on
setuid programs (such as /bin/su) because install_exec_creds() is
called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the
ptrace_may_access() check has a race condition when reading
/proc/pid/stat. (bnc#1131543)

CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in
net/rds/tcp.c in the Linux kernel There was a race condition leading
to a use-after-free, related to net namespace cleanup. (bnc#1134537)

CVE-2019-11884: The do_hidp_sock_ioctl function in
net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to
obtain potentially sensitive information from kernel stack memory via
a HIDPCONNADD command, because a name field may not end with a '\0'
character. (bnc#1134848)

CVE-2018-17972: An issue was discovered in the proc_pid_stack function
in fs/proc/base.c in the Linux kernel It did not ensure that only root
may inspect the kernel stack of an arbitrary task, allowing a local
attacker to exploit racy stack unwinding and leak kernel task stack
contents. (bnc#1110785)

CVE-2019-11486: The Siemens R3964 line discipline driver in
drivers/tty/n_r3964.c in the Linux kernel has multiple race
conditions. (bnc#1133188)

The following new features were implemented: Updated the Chelsio
cxgb4vf driver with the latest upstream patches. (fate#321660)

Backported changes into e1000e kernel module to support systems using
the Intel I219-LM NIC chip. (fate#326719)

Import QLogic/Cavium qedr driver (RDMA) into the kernel. (fate#321747)

Update the QLogic/Cavium qed driver (NET). (fate#321703)

Update the QLogic/Cavium qede driver (NET). (fate#321702)

Update the Chelsio iw_cxgb4 driver with the latest upstream patches.
(fate#321661)

Update the Chelsio cxgb4 driver with the latest upstream patches.
(fate#321658)

Update support for Intel Omni Path (OPA) kernel driver. (fate#321473)

Update the QIB driver to the latest upstream version for up-to-date
functionality and hardware support. (fate#321231)

The update package also includes non-security fixes. See advisory for
details.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1005778"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1005780"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1005781"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1019695"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1019696"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1022604"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1053043"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1063638"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1066223"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1085535"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1085539"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1090888"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099658"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1100132"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106110"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106284"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106929"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1108293"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1108838"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1110785"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1110946"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1112063"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1112178"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116803"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117562"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1119086"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120885"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1122776"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1125580"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1126040"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1126356"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1128052"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129770"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130972"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131107"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131488"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131543"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131565"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132212"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132374"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132472"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133188"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133874"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134160"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134162"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134338"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134537"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134564"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134565"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134566"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134651"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134760"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134806"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135013"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135014"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135015"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135100"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135120"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135281"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135603"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135661"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135878"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136424"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136438"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136446"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136448"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136449"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136451"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136452"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136455"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136458"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136539"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136573"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136575"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136586"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136590"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136623"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136810"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136935"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136990"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137142"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137162"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137586"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137739"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137752"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=843419"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2013-4343/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-17972/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-7191/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11190/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11477/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11478/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11479/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11486/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11815/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11833/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11884/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-12382/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-3846/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-5489/"
  );
  # https://www.suse.com/support/update/announcement/2019/suse-su-20191527-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0e04b4ee"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2019-1527=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11815");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms-azure");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);


sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-4.4.180-4.31.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-base-4.4.180-4.31.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-base-debuginfo-4.4.180-4.31.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-debuginfo-4.4.180-4.31.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-debugsource-4.4.180-4.31.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-devel-4.4.180-4.31.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-syms-azure-4.4.180-4.31.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4068-2.NASL
    descriptionUSN-4068-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 for Ubuntu 16.04 LTS. Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126949
    published2019-07-23
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126949
    titleUbuntu 16.04 LTS : linux-hwe, linux-gcp vulnerabilities (USN-4068-2)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4068-2. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(126949);
  script_version("1.3");
  script_cvs_date("Date: 2020/01/07");

  script_cve_id("CVE-2019-11085", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884");
  script_xref(name:"USN", value:"4068-2");

  script_name(english:"Ubuntu 16.04 LTS : linux-hwe, linux-gcp vulnerabilities (USN-4068-2)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"USN-4068-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 for Ubuntu 16.04
LTS.

Adam Zabrocki discovered that the Intel i915 kernel mode graphics
driver in the Linux kernel did not properly restrict mmap() ranges in
some situations. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.
(CVE-2019-11085)

It was discovered that a race condition leading to a use-after-free
existed in the Reliable Datagram Sockets (RDS) protocol implementation
in the Linux kernel. The RDS protocol is blacklisted by default in
Ubuntu. If enabled, a local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2019-11815)

It was discovered that the ext4 file system implementation in the
Linux kernel did not properly zero out memory in some situations. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2019-11833)

It was discovered that the Bluetooth Human Interface Device Protocol
(HIDP) implementation in the Linux kernel did not properly verify
strings were NULL terminated in certain situations. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2019-11884).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/4068-2/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/23");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2019-11085", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4068-2");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-1037-gcp", pkgver:"4.15.0-1037.39~16.04.1")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-55-generic", pkgver:"4.15.0-55.60~16.04.2")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-55-generic-lpae", pkgver:"4.15.0-55.60~16.04.2")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-55-lowlatency", pkgver:"4.15.0-55.60~16.04.2")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-gcp", pkgver:"4.15.0.1037.51")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-hwe-16.04", pkgver:"4.15.0.55.76")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-lpae-hwe-16.04", pkgver:"4.15.0.55.76")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-gke", pkgver:"4.15.0.1037.51")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-lowlatency-hwe-16.04", pkgver:"4.15.0.55.76")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-oem", pkgver:"4.15.0.55.76")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-virtual-hwe-16.04", pkgver:"4.15.0.55.76")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.15-gcp / linux-image-4.15-generic / etc");
}
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4465.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi (mwifiex) driver, which a local user could use to cause denial of service or the execution of arbitrary code. - CVE-2019-5489 Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, and Anders Fogh discovered that local users could use the mincore() system call to obtain sensitive information from other processes that access the same memory-mapped file. - CVE-2019-9500, CVE-2019-9503 Hugues Anguelkov discovered a buffer overflow and missing access validation in the Broadcom FullMAC wifi driver (brcmfmac), which a attacker on the same wifi network could use to cause denial of service or the execution of arbitrary code. - CVE-2019-11477 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) allows a remotely triggerable kernel panic. - CVE-2019-11478 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) will fragment the TCP retransmission queue, allowing an attacker to cause excessive resource usage. - CVE-2019-11479 Jonathan Looney reported that an attacker could force the Linux kernel to segment its responses into multiple TCP segments, each of which contains only 8 bytes of data, drastically increasing the bandwidth required to deliver the same amount of data. This update introduces a new sysctl value to control the minimal MSS (net.ipv4.tcp_min_snd_mss), which by default uses the formerly hard coded value of 48. We recommend raising this to 536 unless you know that your network requires a lower value. - CVE-2019-11486 Jann Horn of Google reported numerous race conditions in the Siemens R3964 line discipline. A local user could use these to cause unspecified security impact. This module has therefore been disabled. - CVE-2019-11599 Jann Horn of Google reported a race condition in the core dump implementation which could lead to a use-after-free. A local user could use this to read sensitive information, to cause a denial of service (memory corruption), or for privilege escalation. - CVE-2019-11815 It was discovered that a use-after-free in the Reliable Datagram Sockets protocol could result in denial of service and potentially privilege escalation. This protocol module (rds) is not auto loaded on Debian systems, so this issue only affects systems where it is explicitly loaded. - CVE-2019-11833 It was discovered that the ext4 filesystem implementation writes uninitialised data from kernel memory to new extent blocks. A local user able to write to an ext4 filesystem and then read the filesystem image, for example using a removable drive, might be able to use this to obtain sensitive information. - CVE-2019-11884 It was discovered that the Bluetooth HIDP implementation did not ensure that new connection names were null-terminated. A local user with CAP_NET_ADMIN capability might be able to use this to obtain sensitive information from the kernel stack.
    last seen2020-06-01
    modified2020-06-02
    plugin id125959
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125959
    titleDebian DSA-4465-1 : linux - security update (SACK Panic) (SACK Slowness)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-4465. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(125959);
  script_version("1.4");
  script_cvs_date("Date: 2020/01/10");

  script_cve_id("CVE-2019-10126", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11599", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-3846", "CVE-2019-5489", "CVE-2019-9500", "CVE-2019-9503");
  script_xref(name:"DSA", value:"4465");

  script_name(english:"Debian DSA-4465-1 : linux - security update (SACK Panic) (SACK Slowness)");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

  - CVE-2019-3846, CVE-2019-10126
    huangwen reported multiple buffer overflows in the
    Marvell wifi (mwifiex) driver, which a local user could
    use to cause denial of service or the execution of
    arbitrary code.

  - CVE-2019-5489
    Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael
    Schwarz, Ari Trachtenberg, Jason Hennessey, Alex
    Ionescu, and Anders Fogh discovered that local users
    could use the mincore() system call to obtain sensitive
    information from other processes that access the same
    memory-mapped file.

  - CVE-2019-9500, CVE-2019-9503
    Hugues Anguelkov discovered a buffer overflow and
    missing access validation in the Broadcom FullMAC wifi
    driver (brcmfmac), which a attacker on the same wifi
    network could use to cause denial of service or the
    execution of arbitrary code.

  - CVE-2019-11477
    Jonathan Looney reported that a specially crafted
    sequence of TCP selective acknowledgements (SACKs)
    allows a remotely triggerable kernel panic.

  - CVE-2019-11478
    Jonathan Looney reported that a specially crafted
    sequence of TCP selective acknowledgements (SACKs) will
    fragment the TCP retransmission queue, allowing an
    attacker to cause excessive resource usage.

  - CVE-2019-11479
    Jonathan Looney reported that an attacker could force
    the Linux kernel to segment its responses into multiple
    TCP segments, each of which contains only 8 bytes of
    data, drastically increasing the bandwidth required to
    deliver the same amount of data.

  This update introduces a new sysctl value to control the minimal MSS
  (net.ipv4.tcp_min_snd_mss), which by default uses the formerly hard
  coded value of 48. We recommend raising this to 536 unless you know
  that your network requires a lower value.

  - CVE-2019-11486
    Jann Horn of Google reported numerous race conditions in
    the Siemens R3964 line discipline. A local user could
    use these to cause unspecified security impact. This
    module has therefore been disabled.

  - CVE-2019-11599
    Jann Horn of Google reported a race condition in the
    core dump implementation which could lead to a
    use-after-free. A local user could use this to read
    sensitive information, to cause a denial of service
    (memory corruption), or for privilege escalation.

  - CVE-2019-11815
    It was discovered that a use-after-free in the Reliable
    Datagram Sockets protocol could result in denial of
    service and potentially privilege escalation. This
    protocol module (rds) is not auto loaded on Debian
    systems, so this issue only affects systems where it is
    explicitly loaded.

  - CVE-2019-11833
    It was discovered that the ext4 filesystem
    implementation writes uninitialised data from kernel
    memory to new extent blocks. A local user able to write
    to an ext4 filesystem and then read the filesystem
    image, for example using a removable drive, might be
    able to use this to obtain sensitive information.

  - CVE-2019-11884
    It was discovered that the Bluetooth HIDP implementation
    did not ensure that new connection names were
    null-terminated. A local user with CAP_NET_ADMIN
    capability might be able to use this to obtain sensitive
    information from the kernel stack."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928989"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-3846"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-10126"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-5489"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-9500"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-9503"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-11477"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-11478"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-11479"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-11486"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-11599"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-11815"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-11833"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2019-11884"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/source-package/linux"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/stretch/linux"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2019/dsa-4465"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the linux packages.

For the stable distribution (stretch), these problems have been fixed
in version 4.9.168-1+deb9u3."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11815");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"9.0", prefix:"hyperv-daemons", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"libcpupower-dev", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"libcpupower1", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"libusbip-dev", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-compiler-gcc-6-arm", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-compiler-gcc-6-s390", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-compiler-gcc-6-x86", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-cpupower", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-doc-4.9", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-4kc-malta", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-5kc-malta", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-686", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-686-pae", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-amd64", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-arm64", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-armel", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-armhf", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-i386", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-mips", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-mips64el", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-mipsel", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-ppc64el", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-s390x", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-amd64", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-arm64", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-armmp", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-armmp-lpae", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-common", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-common-rt", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-loongson-3", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-marvell", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-octeon", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-powerpc64le", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-rt-686-pae", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-rt-amd64", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-s390x", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-4kc-malta", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-4kc-malta-dbg", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-5kc-malta", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-5kc-malta-dbg", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686-dbg", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686-pae", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686-pae-dbg", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-amd64", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-amd64-dbg", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-arm64", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-arm64-dbg", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp-dbg", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp-lpae", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp-lpae-dbg", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-loongson-3", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-loongson-3-dbg", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-marvell", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-marvell-dbg", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-octeon", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-octeon-dbg", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-powerpc64le", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-powerpc64le-dbg", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-686-pae", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-686-pae-dbg", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-amd64", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-amd64-dbg", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-s390x", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-s390x-dbg", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-kbuild-4.9", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-libc-dev", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-manual-4.9", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-perf-4.9", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-source-4.9", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"linux-support-4.9.0-9", reference:"4.9.168-1+deb9u3")) flag++;
if (deb_check(release:"9.0", prefix:"usbip", reference:"4.9.168-1+deb9u3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1532-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() was called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check had a race condition when reading /proc/pid/stat. (bnc#1132472) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125993
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125993
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1532-1) (SACK Panic) (SACK Slowness)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:1532-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(125993);
  script_version("1.4");
  script_cvs_date("Date: 2020/01/10");

  script_cve_id("CVE-2018-17972", "CVE-2018-7191", "CVE-2019-11190", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-3846", "CVE-2019-5489");

  script_name(english:"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1532-1) (SACK Panic) (SACK Slowness)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to
receive various security and bugfixes.

The following security bugs were fixed :

CVE-2019-11477: A sequence of SACKs may have been crafted such that
one can trigger an integer overflow, leading to a kernel panic.

CVE-2019-11478: It was possible to send a crafted sequence of SACKs
which will fragment the TCP retransmission queue. An attacker may have
been able to further exploit the fragmented queue to cause an
expensive linked-list walk for subsequent SACKs received for that same
TCP connection.

CVE-2019-11479: An attacker could force the Linux kernel to segment
its responses into multiple TCP segments. This would drastically
increased the bandwidth required to deliver the same amount of data.
Further, it would consume additional resources such as CPU and NIC
processing power.

CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and
possibly escalate privileges was found in the mwifiex kernel module
while connecting to a malicious wireless network. (bnc#1136424)

CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in
drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an
unchecked kstrdup of fwstr, which might have allowed an attacker to
cause a denial of service (NULL pointer dereference and system crash).
(bnc#1136586)

CVE-2019-5489: The mincore() implementation in mm/mincore.c in the
Linux kernel allowed local attackers to observe page cache access
patterns of other processes on the same system, potentially allowing
sniffing of secret information. (Fixing this affects the output of the
fincore program.) Limited remote exploitation may have been possible,
as demonstrated by latency differences in accessing public files from
an Apache HTTP Server. (bnc#1120843)

CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out
the unused memory region in the extent tree block, which might have
allowed local users to obtain sensitive information by reading
uninitialized data in the filesystem. (bnc#1135281)

CVE-2018-7191: In the tun subsystem in the Linux kernel,
dev_get_valid_name was not called before register_netdevice. This
allowed local users to cause a denial of service (NULL pointer
dereference and panic) via an ioctl(TUNSETIFF) call with a dev name
containing a / character. (bnc#1135603)

CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on
setuid programs (such as /bin/su) because install_exec_creds() was
called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the
ptrace_may_access() check had a race condition when reading
/proc/pid/stat. (bnc#1132472)

CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in
net/rds/tcp.c in the Linux kernel There was a race condition leading
to a use-after-free, related to net namespace cleanup. (bnc#1134537)

CVE-2019-11884: The do_hidp_sock_ioctl function in
net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to
obtain potentially sensitive information from kernel stack memory via
a HIDPCONNADD command, because a name field may not end with a '\0'
character. (bnc#1134848)

CVE-2018-17972: An issue was discovered in the proc_pid_stack function
in fs/proc/base.c in the Linux kernel It did not ensure that only root
may inspect the kernel stack of an arbitrary task, allowing a local
attacker to exploit racy stack unwinding and leak kernel task stack
contents. (bnc#1110785)

CVE-2019-11486: The Siemens R3964 line discipline driver in
drivers/tty/n_r3964.c in the Linux kernel had multiple race
conditions. (bnc#1133188)

The update package also includes non-security fixes. See advisory for
details.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1005778"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1005780"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1005781"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1019695"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1019696"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1022604"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1063638"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1085535"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1085539"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1090888"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099658"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1100132"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106110"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106284"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106929"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1108293"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1108838"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1110785"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1110946"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1112063"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1112178"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1116803"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117562"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1119086"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1122776"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1126040"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1126356"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1128052"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129770"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130972"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131107"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131488"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131565"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132212"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132472"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133188"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133874"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134160"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134162"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134338"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134537"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134564"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134565"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134566"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134651"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134760"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134806"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135013"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135014"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135015"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135100"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135120"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135281"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135603"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135661"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135878"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136424"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136438"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136448"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136449"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136451"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136452"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136455"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136458"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136539"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136573"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136575"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136586"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136590"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136623"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136810"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136935"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136990"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137142"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137162"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137586"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=843419"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-17972/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-7191/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11190/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11477/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11478/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11479/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11486/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11815/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11833/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11884/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-12382/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-3846/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-5489/"
  );
  # https://www.suse.com/support/update/announcement/2019/suse-su-20191532-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?2393585c"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch
SUSE-SLE-WE-12-SP3-2019-1532=1

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2019-1532=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2019-1532=1

SUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch
SUSE-SLE-Live-Patching-12-SP3-2019-1532=1

SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch
SUSE-SLE-HA-12-SP3-2019-1532=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP3-2019-1532=1

SUSE CaaS Platform ALL :

To install this update, use the SUSE CaaS Platform Velum dashboard. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.

SUSE CaaS Platform 3.0 :

To install this update, use the SUSE CaaS Platform Velum dashboard. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11815");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"3", cpu:"s390x", reference:"kernel-default-man-4.4.180-94.97.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-4.4.180-94.97.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-4.4.180-94.97.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-debuginfo-4.4.180-94.97.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debuginfo-4.4.180-94.97.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debugsource-4.4.180-94.97.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-devel-4.4.180-94.97.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-syms-4.4.180-94.97.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-4.4.180-94.97.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-debuginfo-4.4.180-94.97.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-debugsource-4.4.180-94.97.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-devel-4.4.180-94.97.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-4.4.180-94.97.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-debuginfo-4.4.180-94.97.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-syms-4.4.180-94.97.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1529-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125991
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125991
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1529-1) (SACK Panic) (SACK Slowness)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:1529-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(125991);
  script_version("1.4");
  script_cvs_date("Date: 2020/01/10");

  script_cve_id("CVE-2018-7191", "CVE-2019-10124", "CVE-2019-11085", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11487", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-3846", "CVE-2019-5489");

  script_name(english:"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1529-1) (SACK Panic) (SACK Slowness)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 15 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed :

CVE-2019-11477: A sequence of SACKs may have been crafted such that
one can trigger an integer overflow, leading to a kernel panic.

CVE-2019-11478: It was possible to send a crafted sequence of SACKs
which will fragment the TCP retransmission queue. An attacker may have
been able to further exploit the fragmented queue to cause an
expensive linked-list walk for subsequent SACKs received for that same
TCP connection.

CVE-2019-11479: An attacker could force the Linux kernel to segment
its responses into multiple TCP segments. This would drastically
increased the bandwidth required to deliver the same amount of data.
Further, it would consume additional resources such as CPU and NIC
processing power.

CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and
possibly escalate privileges was found in the mwifiex kernel module
while connecting to a malicious wireless network. (bnc#1136424)

CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in
drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an
unchecked kstrdup of fwstr, which might have allowed an attacker to
cause a denial of service (NULL pointer dereference and system crash).
(bnc#1136586)

CVE-2019-5489: The mincore() implementation in mm/mincore.c in the
Linux kernel allowed local attackers to observe page cache access
patterns of other processes on the same system, potentially allowing
sniffing of secret information. (Fixing this affects the output of the
fincore program.) Limited remote exploitation may have been possible,
as demonstrated by latency differences in accessing public files from
an Apache HTTP Server. (bnc#1120843)

CVE-2019-11487: The Linux kernel allowed page reference count
overflow, with resultant use-after-free issues, if about 140 GiB of
RAM existed. It could have occured with FUSE requests. (bnc#1133190)

CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out
the unused memory region in the extent tree block, which might have
allowed local users to obtain sensitive information by reading
uninitialized data in the filesystem. (bnc#1135281)

CVE-2018-7191: In the tun subsystem in the Linux kernel,
dev_get_valid_name was not called before register_netdevice. This
allowed local users to cause a denial of service (NULL pointer
dereference and panic) via an ioctl(TUNSETIFF) call with a dev name
containing a / character. (bnc#1135603)

CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in
i915 Graphics for Linux may have allowed an authenticated user to
potentially enable escalation of privilege via local access.
(bnc#1135278)

CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in
net/rds/tcp.c in the Linux kernel There was a race condition leading
to a use-after-free, related to net namespace cleanup. (bnc#1134537)

CVE-2019-11884: The do_hidp_sock_ioctl function in
net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to
obtain potentially sensitive information from kernel stack memory via
a HIDPCONNADD command, because a name field may not end with a '\0'
character. (bnc#1134848)

CVE-2019-11486: The Siemens R3964 line discipline driver in
drivers/tty/n_r3964.c in the Linux kernel had multiple race
conditions. (bnc#1133188)

The update package also includes non-security fixes. See advisory for
details.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1050242"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1051510"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1053043"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1055186"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1056787"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1058115"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1063638"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1064802"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1065729"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1066129"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1068546"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1071995"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1075020"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1082387"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1083647"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1085535"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099658"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1103992"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104353"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106011"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106284"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1108193"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1108838"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1108937"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1110946"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1111696"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1112063"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1113722"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1115688"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117158"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117561"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118139"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1119843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120091"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120423"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120566"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1122776"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1123454"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1123663"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1124503"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1124839"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1126356"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1127616"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1128052"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1128904"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1128979"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129273"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129497"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129693"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129770"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130579"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130699"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130972"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131326"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131451"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131488"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131565"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131673"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132044"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133176"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133188"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133190"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133612"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133616"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134160"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134162"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134199"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134200"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134201"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134202"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134203"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134204"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134205"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134354"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134393"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134459"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134460"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134461"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134537"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134597"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134651"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134671"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134760"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134806"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134810"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134936"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135006"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135007"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135008"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135056"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135100"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135120"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135278"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135281"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135309"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135312"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135314"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135315"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135316"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135323"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135330"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135492"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135542"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135556"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135603"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135661"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135758"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136206"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136424"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136428"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136430"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136432"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136434"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136435"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136438"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136439"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136477"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136478"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136573"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136586"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136881"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136935"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136990"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137151"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137152"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137153"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137162"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137372"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137444"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137586"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137739"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137752"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-7191/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-10124/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11085/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11477/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11478/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11479/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11486/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11487/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11815/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11833/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11884/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-12382/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-3846/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-5489/"
  );
  # https://www.suse.com/support/update/announcement/2019/suse-su-20191529-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?364f5e0a"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 15:zypper in -t patch
SUSE-SLE-Product-WE-15-2019-1529=1

SUSE Linux Enterprise Module for Open Buildservice Development Tools
15:zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-2019-1529=1

SUSE Linux Enterprise Module for Live Patching 15:zypper in -t patch
SUSE-SLE-Module-Live-Patching-15-2019-1529=1

SUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch
SUSE-SLE-Module-Legacy-15-2019-1529=1

SUSE Linux Enterprise Module for Development Tools 15:zypper in -t
patch SUSE-SLE-Module-Development-Tools-15-2019-1529=1

SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-2019-1529=1

SUSE Linux Enterprise High Availability 15:zypper in -t patch
SUSE-SLE-Product-HA-15-2019-1529=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11815");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-qa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-default-man-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-base-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-base-debuginfo-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-qa-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kselftests-kmp-default-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kselftests-kmp-default-debuginfo-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"reiserfs-kmp-default-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"reiserfs-kmp-default-debuginfo-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-build-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-obs-build-debugsource-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-syms-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-base-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-base-debuginfo-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-debuginfo-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-vanilla-debugsource-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-base-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-devel-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"kernel-default-devel-debuginfo-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-default-man-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-base-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-base-debuginfo-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-qa-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kselftests-kmp-default-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kselftests-kmp-default-debuginfo-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-build-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-obs-build-debugsource-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-syms-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-base-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-base-debuginfo-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-debuginfo-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-vanilla-debugsource-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-base-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debuginfo-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-debugsource-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-devel-4.12.14-150.22.1")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"kernel-default-devel-debuginfo-4.12.14-150.22.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1407.NASL
    descriptionThe openSUSE Leap 42.3 kernel was updated to 4.4.179 to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed : - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). - CVE-2018-10853: A flaw was found in the way Linux kernel KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest (bnc#1097104). - CVE-2018-15594: arch/x86/kernel/paravirt.c in the Linux kernel mishandled certain indirect calls, which made it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests (bnc#1105348 1119974). - CVE-2018-17972: An issue was discovered in the proc_pid_stack function in fs/proc/base.c that did not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents (bnc#1110785). - CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728) - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c had multiple race conditions (bnc#1133188). It has been disabled. - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c, a race condition leading to a use-after-free was fixed, related to net namespace cleanup (bnc#1134537). - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125303
    published2019-05-21
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125303
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-1407) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-1407.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(125303);
  script_version("1.3");
  script_cvs_date("Date: 2020/01/15");

  script_cve_id("CVE-2018-1000204", "CVE-2018-10853", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-15594", "CVE-2018-17972", "CVE-2018-5814", "CVE-2019-11091", "CVE-2019-11486", "CVE-2019-11815", "CVE-2019-11884", "CVE-2019-3882", "CVE-2019-9503");

  script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2019-1407) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)");
  script_summary(english:"Check for the openSUSE-2019-1407 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The openSUSE Leap 42.3 kernel was updated to 4.4.179 to receive
various security and bugfixes.

Four new speculative execution information leak issues have been
identified in Intel CPUs. (bsc#1111331)

  - CVE-2018-12126: Microarchitectural Store Buffer Data
    Sampling (MSBDS)

  - CVE-2018-12127: Microarchitectural Fill Buffer Data
    Sampling (MFBDS)

  - CVE-2018-12130: Microarchitectural Load Port Data
    Samling (MLPDS)

  - CVE-2019-11091: Microarchitectural Data Sampling
    Uncacheable Memory (MDSUM)

This kernel update contains software mitigations for these issues,
which also utilize CPU microcode updates shipped in parallel.

For more information on this set of information leaks, check out
https://www.suse.com/support/kb/doc/?id=7023736

The following security bugs were fixed :

  - CVE-2018-5814: Multiple race condition errors when
    handling probe, disconnect, and rebind operations can be
    exploited to trigger a use-after-free condition or a
    NULL pointer dereference by sending multiple USB over IP
    packets (bnc#1096480).

  - CVE-2018-10853: A flaw was found in the way Linux kernel
    KVM hypervisor emulated instructions such as
    sgdt/sidt/fxsave/fxrstor. It did not check current
    privilege(CPL) level while emulating unprivileged
    instructions. An unprivileged guest user/process could
    use this flaw to potentially escalate privileges inside
    guest (bnc#1097104).

  - CVE-2018-15594: arch/x86/kernel/paravirt.c in the Linux
    kernel mishandled certain indirect calls, which made it
    easier for attackers to conduct Spectre-v2 attacks
    against paravirtual guests (bnc#1105348 1119974).

  - CVE-2018-17972: An issue was discovered in the
    proc_pid_stack function in fs/proc/base.c that did not
    ensure that only root may inspect the kernel stack of an
    arbitrary task, allowing a local attacker to exploit
    racy stack unwinding and leak kernel task stack contents
    (bnc#1110785).

  - CVE-2018-1000204: Prevent infoleak caused by incorrect
    handling of the SG_IO ioctl (bsc#1096728)

  - CVE-2019-11486: The Siemens R3964 line discipline driver
    in drivers/tty/n_r3964.c had multiple race conditions
    (bnc#1133188). It has been disabled.

  - CVE-2019-11815: An issue was discovered in
    rds_tcp_kill_sock in net/rds/tcp.c, a race condition
    leading to a use-after-free was fixed, related to net
    namespace cleanup (bnc#1134537).

  - CVE-2019-11884: The do_hidp_sock_ioctl function in
    net/bluetooth/hidp/sock.c allowed a local user to obtain
    potentially sensitive information from kernel stack
    memory via a HIDPCONNADD command, because a name field
    may not end with a '\0' character (bnc#1134848).

  - CVE-2019-3882: A flaw was found vfio interface
    implementation that permits violation of the user's
    locked memory limit. If a device is bound to a vfio
    driver, such as vfio-pci, and the local attacker is
    administratively granted ownership of the device, it may
    cause a system memory exhaustion and thus a denial of
    service (DoS). (bnc#1131416 bnc#1131427).

  - CVE-2019-9503: Multiple brcmfmac frame validation
    bypasses have been fixed (bnc#1132828).

The following non-security bugs were fixed :

  - 9p: do not trust pdu content for stat item size
    (bnc#1012382).

  - 9p locks: add mount option for lock retry interval
    (bnc#1012382).

  - 9p/net: fix memory leak in p9_client_create
    (bnc#1012382).

  - 9p: use inode->i_lock to protect i_size_write() under
    32-bit (bnc#1012382).

  - acpi: acpi_pad: Do not launch acpi_pad threads on idle
    cpus (bsc#1113399).

  - acpi / bus: Only call dmi_check_system() on X86
    (git-fixes).

  - acpi / button: make module loadable when booted in
    non-ACPI mode (bsc#1051510).

  - acpi / device_sysfs: Avoid OF modalias creation for
    removed device (bnc#1012382).

  - acpi / SBS: Fix GPE storm on recent MacBookPro's
    (bnc#1012382).

  - Add hlist_add_tail_rcu() (Merge
    git://git.kernel.org/pub/scm/linux/kernel/git/davem/net)
    (bnc#1012382).

  - alsa: bebob: use more identical mod_alias for Saffire
    Pro 10 I/O against Liquid Saffire 56 (bnc#1012382).

  - alsa: compress: add support for 32bit calls in a 64bit
    kernel (bnc#1012382).

  - alsa: compress: prevent potential divide by zero bugs
    (bnc#1012382).

  - alsa: core: Fix card races between register and
    disconnect (bnc#1012382).

  - alsa: echoaudio: add a check for ioremap_nocache
    (bnc#1012382).

  - alsa: hda - Enforces runtime_resume after S3 and S4 for
    each codec (bnc#1012382).

  - alsa: hda - Record the current power state before
    suspend/resume calls (bnc#1012382).

  - alsa: info: Fix racy addition/deletion of nodes
    (bnc#1012382).

  - alsa: opl3: fix mismatch between snd_opl3_drum_switch
    definition and declaration (bnc#1012382).

  - alsa: PCM: check if ops are defined before suspending
    PCM (bnc#1012382).

  - alsa: pcm: Do not suspend stream in unrecoverable PCM
    state (bnc#1012382).

  - alsa: pcm: Fix possible OOB access in PCM oss plugins
    (bnc#1012382).

  - alsa: rawmidi: Fix potential Spectre v1 vulnerability
    (bnc#1012382).

  - alsa: sb8: add a check for request_region (bnc#1012382).

  - alsa: seq: Fix OOB-reads from strlcpy (bnc#1012382).

  - alsa: seq: oss: Fix Spectre v1 vulnerability
    (bnc#1012382).

  - appletalk: Fix compile regression (bnc#1012382).

  - appletalk: Fix use-after-free in atalk_proc_exit
    (bnc#1012382).

  - applicom: Fix potential Spectre v1 vulnerabilities
    (bnc#1012382).

  - arc: fix __ffs return value to avoid build warnings
    (bnc#1012382).

  - arc: uacces: remove lp_start, lp_end from clobber list
    (bnc#1012382).

  - arcv2: Enable unaligned access in early ASM code
    (bnc#1012382).

  - arm64: Add helper to decode register from instruction
    (bsc#1126040).

  - arm64: debug: Do not propagate UNKNOWN FAR into si_code
    for debug signals (bnc#1012382).

  - arm64: debug: Ensure debug handlers check triggering
    exception level (bnc#1012382).

  - arm64: fix COMPAT_SHMLBA definition for large pages
    (bnc#1012382).

  - arm64: Fix NUMA build error when !CONFIG_ACPI
    (fate#319981, git-fixes).

  - arm64: Fix NUMA build error when !CONFIG_ACPI
    (git-fixes).

  - arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero
    result value (bnc#1012382).

  - arm64: futex: Restore oldval initialization to work
    around buggy compilers (bnc#1012382).

  - arm64: hide __efistub_ aliases from kallsyms
    (bnc#1012382).

  - arm64: kconfig: drop CONFIG_RTC_LIB dependency
    (bnc#1012382).

  - arm64/kernel: do not ban ADRP to work around Cortex-A53
    erratum #843419 (bsc#1126040).

  - arm64/kernel: fix incorrect EL0 check in inv_entry macro
    (bnc#1012382).

  - arm64/kernel: rename
    module_emit_adrp_veneer->module_emit_veneer_for_adrp
    (bsc#1126040).

  - arm64: mm: Add trace_irqflags annotations to
    do_debug_exception() (bnc#1012382).

  - arm64: module: do not BUG when exceeding preallocated
    PLT count (bsc#1126040).

  - arm64: module-plts: factor out PLT generation code for
    ftrace (bsc#1126040).

  - arm64: module: split core and init PLT sections
    (bsc#1126040).

  - arm64: Relax GIC version check during early boot
    (bnc#1012382).

  - arm64: support keyctl() system call in 32-bit mode
    (bnc#1012382).

  - arm64: traps: disable irq in die() (bnc#1012382).

  - arm: 8458/1: bL_switcher: add GIC dependency
    (bnc#1012382).

  - arm: 8494/1: mm: Enable PXN when running non-LPAE kernel
    on LPAE processor (bnc#1012382).

  - arm: 8510/1: rework ARM_CPU_SUSPEND dependencies
    (bnc#1012382).

  - arm: 8824/1: fix a migrating irq bug when hotplug cpu
    (bnc#1012382).

  - arm: 8833/1: Ensure that NEON code always compiles with
    Clang (bnc#1012382).

  - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t
    (bnc#1012382).

  - arm: 8840/1: use a raw_spinlock_t in unwind
    (bnc#1012382).

  - arm: avoid Cortex-A9 livelock on tight dmb loops
    (bnc#1012382).

  - arm: dts: at91: Fix typo in ISC_D0 on PC9 (bnc#1012382).

  - arm: dts: exynos: Add minimal clkout parameters to
    Exynos3250 PMU (bnc#1012382).

  - arm: dts: exynos: Do not ignore real-world fuse values
    for thermal zone 0 on Exynos5420 (bnc#1012382).

  - arm: imx6q: cpuidle: fix bug that CPU might not wake up
    at expected time (bnc#1012382).

  - arm: OMAP2+: Variable 'reg' in function
    omap4_dsi_mux_pads() could be uninitialized
    (bnc#1012382).

  - arm: pxa: ssp: unneeded to free devm_ allocated data
    (bnc#1012382).

  - arm: s3c24xx: Fix boolean expressions in
    osiris_dvs_notify (bnc#1012382).

  - arm: samsung: Limit SAMSUNG_PM_CHECK config option to
    non-Exynos platforms (bnc#1012382).

  - ASoC: dapm: change snprintf to scnprintf for possible
    overflow (bnc#1012382).

  - ASoC: fsl-asoc-card: fix object reference leaks in
    fsl_asoc_card_probe (bnc#1012382).

  - ASoC: fsl_esai: fix channel swap issue when stream
    starts (bnc#1012382).

  - ASoC: fsl_esai: fix register setting issue in RIGHT_J
    mode (bnc#1012382).

  - ASoC: imx-audmux: change snprintf to scnprintf for
    possible overflow (bnc#1012382).

  - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic
    field (bnc#1012382).

  - ASoC: topology: free created components in tplg load
    error (bnc#1012382).

  - assoc_array: Fix shortcut creation (bnc#1012382).

  - ath10k: avoid possible string overflow (bnc#1012382).

  - ath9k_htc: Add a sanity check in
    ath9k_htc_ampdu_action() (bsc#1087092).

  - atm: he: fix sign-extension overflow on large shift
    (bnc#1012382).

  - autofs: drop dentry reference only when it is never used
    (bnc#1012382).

  - autofs: fix error return in autofs_fill_super()
    (bnc#1012382).

  - batman-adv: Avoid endless loop in bat-on-bat netdevice
    check (git-fixes).

  - batman-adv: Fix lockdep annotation of
    batadv_tlv_container_remove (git-fixes).

  - batman-adv: fix uninit-value in batadv_interface_tx()
    (bnc#1012382).

  - batman-adv: Only put gw_node list reference when removed
    (git-fixes).

  - batman-adv: Only put orig_node_vlan list reference when
    removed (git-fixes).

  - bcache: account size of buckets used in uuid write to
    ca->meta_sectors_written (bsc#1130972).

  - bcache: add a comment in super.c (bsc#1130972).

  - bcache: add code comments for bset.c (bsc#1130972).

  - bcache: add comment for cache_set->fill_iter
    (bsc#1130972).

  - bcache: add identifier names to arguments of function
    definitions (bsc#1130972).

  - bcache: add missing SPDX header (bsc#1130972).

  - bcache: add MODULE_DESCRIPTION information
    (bsc#1130972).

  - bcache: add separate workqueue for journal_write to
    avoid deadlock (bsc#1130972).

  - bcache: add static const prefix to char * array
    declarations (bsc#1130972).

  - bcache: add sysfs_strtoul_bool() for setting bit-field
    variables (bsc#1130972).

  - bcache: add the missing comments for smp_mb()/smp_wmb()
    (bsc#1130972).

  - bcache: cannot set writeback_running via sysfs if no
    writeback kthread created (bsc#1130972).

  - bcache: comment on direct access to bvec table
    (bsc#1130972).

  - bcache: correct dirty data statistics (bsc#1130972).

  - bcache: do not assign in if condition in
    bcache_device_init() (bsc#1130972).

  - bcache: do not assign in if condition in bcache_init()
    (bsc#1130972).

  - bcache: do not assign in if condition register_bcache()
    (bsc#1130972).

  - bcache: do not check if debug dentry is ERR or NULL
    explicitly on remove (bsc#1130972).

  - bcache: do not check NULL pointer before calling
    kmem_cache_destroy (bsc#1130972).

  - bcache: do not clone bio in bch_data_verify
    (bsc#1130972).

  - bcache: do not mark writeback_running too early
    (bsc#1130972).

  - bcache: export backing_dev_name via sysfs (bsc#1130972).

  - bcache: export backing_dev_uuid via sysfs (bsc#1130972).

  - bcache: fix code comments style (bsc#1130972).

  - bcache: fix indentation issue, remove tabs on a hunk of
    code (bsc#1130972).

  - bcache: fix indent by replacing blank by tabs
    (bsc#1130972).

  - bcache: fix input integer overflow of congested
    threshold (bsc#1130972).

  - bcache: fix input overflow to cache set sysfs file
    io_error_halflife (bnc#1012382).

  - bcache: fix input overflow to journal_delay_ms
    (bsc#1130972).

  - bcache: fix input overflow to sequential_cutoff
    (bnc#1012382).

  - bcache: fix input overflow to writeback_delay
    (bsc#1130972).

  - bcache: fix input overflow to writeback_rate_minimum
    (bsc#1130972).

  - bcache: fix ioctl in flash device (bsc#1130972).

  - bcache: fix mistaken code comments in bcache.h
    (bsc#1130972).

  - bcache: fix mistaken comments in request.c
    (bsc#1130972).

  - bcache: fix potential div-zero error of
    writeback_rate_i_term_inverse (bsc#1130972).

  - bcache: fix potential div-zero error of
    writeback_rate_p_term_inverse (bsc#1130972).

  - bcache: fix typo in code comments of
    closure_return_with_destructor() (bsc#1130972).

  - bcache: fix typo 'succesfully' to 'successfully'
    (bsc#1130972).

  - bcache: improve sysfs_strtoul_clamp() (bnc#1012382).

  - bcache: introduce force_wake_up_gc() (bsc#1130972).

  - bcache: make cutoff_writeback and cutoff_writeback_sync
    tunable (bsc#1130972).

  - bcache: Move couple of functions to sysfs.c
    (bsc#1130972).

  - bcache: Move couple of string arrays to sysfs.c
    (bsc#1130972).

  - bcache: move open brace at end of function definitions
    to next line (bsc#1130972).

  - bcache: never writeback a discard operation
    (bsc#1130972).

  - bcache: not use hard coded memset size in
    bch_cache_accounting_clear() (bsc#1130972).

  - bcache: option to automatically run gc thread after
    writeback (bsc#1130972).

  - bcache: panic fix for making cache device (bsc#1130972).

  - bcache: Populate writeback_rate_minimum attribute
    (bsc#1130972).

  - bcache: prefer 'help' in Kconfig (bsc#1130972).

  - bcache: print number of keys in
    trace_bcache_journal_write (bsc#1130972).

  - bcache: recal cached_dev_sectors on detach
    (bsc#1130972).

  - bcache: remove unnecessary space before ioctl function
    pointer arguments (bsc#1130972).

  - bcache: remove unused bch_passthrough_cache
    (bsc#1130972).

  - bcache: remove useless parameter of bch_debug_init()
    (bsc#1130972).

  - bcache: replace hard coded number with BUCKET_GC_GEN_MAX
    (bsc#1130972).

  - bcache: replace '%pF' by '%pS' in seq_printf()
    (bsc#1130972).

  - bcache: replace printk() by pr_*() routines
    (bsc#1130972).

  - bcache: replace Symbolic permissions by octal permission
    numbers (bsc#1130972).

  - bcache: set writeback_percent in a flexible range
    (bsc#1130972).

  - bcache: split combined if-condition code into separate
    ones (bsc#1130972).

  - bcache: stop using the deprecated get_seconds()
    (bsc#1130972).

  - bcache: style fixes for lines over 80 characters
    (bsc#1130972).

  - bcache: style fix to add a blank line after declarations
    (bsc#1130972).

  - bcache: style fix to replace 'unsigned' by 'unsigned
    int' (bsc#1130972).

  - bcache: trace missed reading by cache_missed
    (bsc#1130972).

  - bcache: treat stale && dirty keys as bad keys
    (bsc#1130972).

  - bcache: trivial - remove tailing backslash in macro
    BTREE_FLAG (bsc#1130972).

  - bcache: update comment for bch_data_insert
    (bsc#1130972).

  - bcache: use MAX_CACHES_PER_SET instead of magic number 8
    in __bch_bucket_alloc_set (bsc#1130972).

  - bcache: use (REQ_META|REQ_PRIO) to indicate bio for
    metadata (bsc#1130972).

  - bcache: use REQ_PRIO to indicate bio for metadata
    (bsc#1130972).

  - bcache: use routines from lib/crc64.c for CRC64
    calculation (bsc#1130972).

  - bcache: use sysfs_strtoul_bool() to set bit-field
    variables (bsc#1130972).

  - bcache: writeback: properly order backing device IO
    (bsc#1130972).

  - binfmt_elf: switch to new creds when switching to new mm
    (bnc#1012382).

  - block: check_events: do not bother with events if
    unsupported (bsc#1110946).

  - block: disk_events: introduce event flags (bsc#1110946).

  - block: do not leak memory in bio_copy_user_iov()
    (bnc#1012382).

  - bluetooth: Check L2CAP option sizes returned from
    l2cap_get_conf_opt (bnc#1012382).

  - bluetooth: Fix decrementing reference count twice in
    releasing socket (bnc#1012382).

  - bnxt_en: Drop oversize TX packets to prevent errors
    (bnc#1012382).

  - bonding: fix event handling for stacked bonds
    (bnc#1012382).

  - btrfs: Avoid possible qgroup_rsv_size overflow in
    btrfs_calculate_inode_block_rsv_size (git-fixes).

  - btrfs: Do not panic when we can't find a root key
    (bsc#1112063).

  - btrfs: Fix bound checking in
    qgroup_trace_new_subtree_blocks (pending fix for
    bsc#1063638).

  - btrfs: fix corruption reading shared and compressed
    extents after hole punching (bnc#1012382).

  - btrfs: qgroup: Cleanup old subtree swap code
    (bsc#1063638).

  - btrfs: qgroup: Do not trace subtree if we're dropping
    reloc tree (bsc#1063638).

  - btrfs: qgroup: Introduce function to find all new tree
    blocks of reloc tree (bsc#1063638).

  - btrfs: qgroup: Introduce function to trace two swaped
    extents (bsc#1063638).

  - btrfs: qgroup: Introduce per-root swapped blocks
    infrastructure (bsc#1063638).

  - btrfs: qgroup: Introduce trace event to analyse the
    number of dirty extents accounted (bsc#1063638
    dependency).

  - btrfs: qgroup: Move reserved data accounting from
    btrfs_delayed_ref_head to btrfs_qgroup_extent_record
    (bsc#1134162).

  - btrfs: qgroup: Only trace data extents in leaves if
    we're relocating data block group (bsc#1063638).

  - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap
    (bsc#1063638).

  - btrfs: qgroup: Remove duplicated trace points for
    qgroup_rsv_add/release (bsc#1134160).

  - btrfs: qgroup: Search commit root for rescan to avoid
    missing extent (bsc#1129326).

  - btrfs: qgroup: Use delayed subtree rescan for balance
    (bsc#1063638).

  - btrfs: qgroup: Use generation-aware subtree swap to mark
    dirty extents (bsc#1063638).

  - btrfs: raid56: properly unmap parity page in
    finish_parity_scrub() (bnc#1012382).

  - btrfs: relocation: Delay reloc tree deletion after
    merge_reloc_roots (bsc#1063638).

  - btrfs: reloc: Fix NULL pointer dereference due to
    expanded reloc_root lifespan (bsc#1134651).

  - btrfs: remove WARN_ON in log_dir_items (bnc#1012382).

  - cdc-wdm: pass return value of recover_from_urb_loss
    (bsc#1129770).

  - cdrom: Fix race condition in cdrom_sysctl_register
    (bnc#1012382).

  - ceph: ensure d_name stability in ceph_dentry_hash()
    (bsc#1134564).

  - ceph: fix ci->i_head_snapc leak (bsc#1122776).

  - ceph: fix use-after-free on symlink traversal
    (bsc#1134565).

  - ceph: only use d_name directly when parent is locked
    (bsc#1134566).

  - cfg80211: extend range deviation for DMG (bnc#1012382).

  - cfg80211: size various nl80211 messages correctly
    (bnc#1012382).

  - cifs: fallback to older infolevels on findfirst
    queryinfo retry (bnc#1012382).

  - cifs: fix computation for MAX_SMB2_HDR_SIZE
    (bnc#1012382).

  - cifs: Fix NULL pointer dereference of devname
    (bnc#1012382).

  - cifs: fix POSIX lock leak and invalid ptr deref
    (bsc#1114542).

  - cifs: Fix read after write for files with read caching
    (bnc#1012382).

  - cifs: use correct format characters (bnc#1012382).

  - clk: ingenic: Fix round_rate misbehaving with
    non-integer dividers (bnc#1012382).

  - clocksource/drivers/exynos_mct: Clear timer interrupt
    when shutdown (bnc#1012382).

  - clocksource/drivers/exynos_mct: Move one-shot check from
    tick clear to ISR (bnc#1012382).

  - cls_bpf: reset class and reuse major in da (git-fixes).

  - coresight: coresight_unregister() function cleanup
    (bnc#1012382).

  - coresight: 'DEVICE_ATTR_RO' should defined as static
    (bnc#1012382).

  - coresight: etm4x: Add support to enable ETMv4.2
    (bnc#1012382).

  - coresight: etm4x: Check every parameter used by
    dma_xx_coherent (bnc#1012382).

  - coresight: fixing lockdep error (bnc#1012382).

  - coresight: release reference taken by
    'bus_find_device()' (bnc#1012382).

  - coresight: remove csdev's link from topology
    (bnc#1012382).

  - coresight: removing bind/unbind options from sysfs
    (bnc#1012382).

  - cpufreq: pxa2xx: remove incorrect __init annotation
    (bnc#1012382).

  - cpufreq: tegra124: add missing of_node_put()
    (bnc#1012382).

  - cpufreq: Use struct kobj_attribute instead of struct
    global_attr (bnc#1012382).

  - cpu/hotplug: Handle unbalanced hotplug enable/disable
    (bnc#1012382).

  - cpu/speculation: Add 'mitigations=' cmdline option
    (bsc#1112178).

  - crypto: ahash - fix another early termination in hash
    walk (bnc#1012382).

  - crypto: arm64/aes-ccm - fix logical bug in AAD MAC
    handling (bnc#1012382).

  - crypto: caam - fixed handling of sg list (bnc#1012382).

  - crypto: crypto4xx - properly set IV after de- and
    encrypt (bnc#1012382).

  - crypto: pcbc - remove bogus memcpy()s with src == dest
    (bnc#1012382).

  - crypto: qat - remove unused and redundant pointer
    vf_info (bsc#1085539).

  - crypto: sha256/arm - fix crash bug in Thumb2 build
    (bnc#1012382).

  - crypto: sha512/arm - fix crash bug in Thumb2 build
    (bnc#1012382).

  - crypto: tgr192 - fix unaligned memory access
    (bsc#1129770).

  - crypto: x86/poly1305 - fix overflow during partial
    reduction (bnc#1012382).

  - cw1200: fix missing unlock on error in cw1200_hw_scan()
    (bsc#1129770).

  - dccp: do not use ipv6 header for ipv4 flow
    (bnc#1012382).

  - device_cgroup: fix RCU imbalance in error case
    (bnc#1012382).

  - Disable kgdboc failed by echo space to
    /sys/module/kgdboc/parameters/kgdboc (bnc#1012382).

  - dmaengine: at_xdmac: Fix wrongfull report of a channel
    as in use (bnc#1012382).

  - dmaengine: dmatest: Abort test in case of mapping error
    (bnc#1012382).

  - dmaengine: imx-dma: fix warning comparison of distinct
    pointer types (bnc#1012382).

  - dmaengine: tegra: avoid overflow of byte tracking
    (bnc#1012382).

  - dmaengine: usb-dmac: Make DMAC system sleep callbacks
    explicit (bnc#1012382).

  - dm: disable DISCARD if the underlying storage no longer
    supports it (bsc#1114638).

  - dm: fix to_sector() for 32bit (bnc#1012382).

  - dm thin: add sanity checks to thin-pool and external
    snapshot creation (bnc#1012382).

  - Drivers: hv: vmbus: Fix bugs in rescind handling
    (bsc#1130567).

  - Drivers: hv: vmbus: Fix ring buffer signaling
    (bsc#1118506).

  - Drivers: hv: vmbus: Fix the offer_in_progress in
    vmbus_process_offer() (bsc#1130567).

  - Drivers: hv: vmbus: Offload the handling of channels to
    two workqueues (bsc#1130567).

  - Drivers: hv: vmbus: Reset the channel callback in
    vmbus_onoffer_rescind() (bsc#1130567).

  - drm/dp/mst: Configure no_stop_bit correctly for remote
    i2c xfers (bnc#1012382).

  - drm/fb-helper: dpms_legacy(): Only set on connectors in
    use (bnc#1106929)

  - drm/i915: Fix I915_EXEC_RING_MASK (bnc#1106929)

  - drm/msm: Unblock writer if reader closes file
    (bnc#1012382).

  - drm/ttm: Remove warning about inconsistent mapping
    information (bnc#1131488)

  - drm/vc4: Account for interrupts in flight (bsc#1106929)

  - drm/vc4: Allocate the right amount of space for
    boot-time CRTC state. (bsc#1106929)

  - drm/vc4: fix a bounds check (bsc#1106929)

  - drm/vc4: Fix a couple error codes in vc4_cl_lookup_bos()
    (bsc#1106929)

  - drm/vc4: Fix compilation error reported by kbuild test
    bot (bsc#1106929)

  - drm/vc4: Fix memory leak during gpu reset. (bsc#1106929)

  - drm/vc4: Fix memory leak of the CRTC state.
    (bsc#1106929)

  - drm/vc4: Fix NULL pointer dereference in
    vc4_save_hang_state() (bsc#1106929)

  - drm/vc4: Fix OOPSes from trying to cache a partially
    constructed BO. (bsc#1106929)

  - drm/vc4: Fix oops when userspace hands in a bad BO.
    (bsc#1106929)

  - drm/vc4: Fix overflow mem unreferencing when the binner
    runs dry. (bsc#1106929)

  - drm/vc4: Fix races when the CS reads from render
    targets. (bsc#1106929)

  - drm/vc4: Fix scaling of uni-planar formats (bsc#1106929)

  - drm/vc4: Fix the 'no scaling' case on multi-planar YUV
    formats (bsc#1106929)

  - drm/vc4: Flush the caches before the bin jobs, as well.
    (bsc#1106929)

  - drm/vc4: Free hang state before destroying BO cache.
    (bsc#1106929)

  - drm/vc4: Move IRQ enable to PM path (bsc#1106929)

  - drm/vc4: Reset ->(x, y)_scaling[1] when dealing with
    uniplanar (bsc#1106929)

  - drm/vc4: Set ->is_yuv to false when num_planes == 1
    (bsc#1106929)

  - drm/vc4: Use drm_free_large() on handles to match its
    allocation. (bsc#1106929)

  - drm/vc4: ->x_scaling[1] should never be set to
    VC4_SCALING_NONE (bsc#1106929)

  - drm/vmwgfx: Do not double-free the mode stored in
    par->set_mode (bsc#1106929)

  - e1000e: Add Support for 38.4MHZ frequency (bsc#1108293
    ).

  - e1000e: Add Support for 38.4MHZ frequency (bsc#1108293
    fate#326719).

  - e1000e: Add Support for CannonLake (bsc#1108293).

  - e1000e: Add Support for CannonLake (bsc#1108293
    fate#326719).

  - e1000e: Fix -Wformat-truncation warnings (bnc#1012382).

  - e1000e: Initial Support for CannonLake (bsc#1108293 ).

  - e1000e: Initial Support for CannonLake (bsc#1108293
    fate#326719).

  - efi: stub: define DISABLE_BRANCH_PROFILING for all
    architectures (bnc#1012382).

  - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
    (bnc#1012382).

  - ext2: Fix underflow in ext2_max_size() (bnc#1012382).

  - ext4: add missing brelse() in add_new_gdb_meta_bg()
    (bnc#1012382).

  - ext4: Avoid panic during forced reboot (bsc#1126356).

  - ext4: brelse all indirect buffer in
    ext4_ind_remove_space() (bnc#1012382).

  - ext4: cleanup bh release code in ext4_ind_remove_space()
    (bnc#1012382).

  - ext4: fix data corruption caused by unaligned direct AIO
    (bnc#1012382).

  - ext4: fix NULL pointer dereference while journal is
    aborted (bnc#1012382).

  - ext4: prohibit fstrim in norecovery mode (bnc#1012382).

  - ext4: report real fs size after failed resize
    (bnc#1012382).

  - extcon: usb-gpio: Do not miss event during
    suspend/resume (bnc#1012382).

  - f2fs: do not use mutex lock in atomic context
    (bnc#1012382).

  - f2fs: fix to do sanity check with current segment number
    (bnc#1012382).

  - fbdev: fbmem: fix memory access if logo is bigger than
    the screen (bnc#1012382).

  - firmware: dmi: Optimize dmi_matches (git-fixes).

  - fix incorrect error code mapping for OBJECTID_NOT_FOUND
    (bnc#1012382).

  - floppy: check_events callback should not return a
    negative number (git-fixes).

  - flow_dissector: Check for IP fragmentation even if not
    using IPv4 address (git-fixes).

  - fs/9p: use fscache mutex rather than spinlock
    (bnc#1012382).

  - fs/file.c: initialize init_files.resize_wait
    (bnc#1012382).

  - fs: fix guard_bio_eod to check for real EOD errors
    (bnc#1012382).

  - fs/nfs: Fix nfs_parse_devname to not modify it's
    argument (git-fixes).

  - fs/proc/proc_sysctl.c: fix NULL pointer dereference in
    put_links (bnc#1012382).

  - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN
    returns ENOSYS (git-fixes).

  - fuse: fix possibly missed wake-up after abort
    (git-fixes).

  - futex: Ensure that futex address is aligned in
    handle_futex_death() (bnc#1012382).

  - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock()
    (git-fixes).

  - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
    (bnc#1012382).

  - genirq: Respect IRQCHIP_SKIP_SET_WAKE in
    irq_chip_set_wake_parent() (bnc#1012382).

  - gpio: adnp: Fix testing wrong value in
    adnp_gpio_direction_input (bnc#1012382).

  - gpio: gpio-omap: fix level interrupt idling
    (bnc#1012382).

  - gpio: vf610: Mask all GPIO interrupts (bnc#1012382).

  - gro_cells: make sure device is up in gro_cells_receive()
    (bnc#1012382).

  - h8300: use cc-cross-prefix instead of hardcoding
    h8300-unknown-linux- (bnc#1012382).

  - hid-sensor-hub.c: fix wrong do_div() usage
    (bnc#1012382).

  - hpet: Fix missing '=' character in the __setup() code of
    hpet_mmap_enable (bsc#1129770).

  - hugetlbfs: fix races and page leaks during migration
    (bnc#1012382).

  - hv_netvsc: Fix napi reschedule while receive completion
    is busy (bsc#1118506).

  - hv_netvsc: fix race in napi poll when rescheduling
    (bsc#1118506).

  - hv_netvsc: Fix the return status in RX path
    (bsc#1118506).

  - hv_netvsc: use napi_schedule_irqoff (bsc#1118506).

  - hv: v4.12 API for hyperv-iommu (bsc#1122822).

  - hv: v4.12 API for hyperv-iommu (fate#327171,
    bsc#1122822).

  - hwrng: virtio - Avoid repeated init of completion
    (bnc#1012382).

  - i2c: cadence: Fix the hold bit setting (bnc#1012382).

  - i2c: core-smbus: prevent stack corruption on read
    I2C_BLOCK_DATA (bnc#1012382).

  - i2c: tegra: fix maximum transfer size (bnc#1012382).

  - IB/(hfi1, qib): Fix WC.byte_len calculation for
    UD_SEND_WITH_IMM (bnc#1012382).

  - IB/mlx4: Fix race condition between catas error reset
    and aliasguid flows (bnc#1012382).

  - IB/mlx4: Increase the timeout for CM cache
    (bnc#1012382).

  - ibmvnic: Enable GRO (bsc#1132227).

  - ibmvnic: Fix completion structure initialization
    (bsc#1131659).

  - ibmvnic: Fix netdev feature clobbering during a reset
    (bsc#1132227).

  - iio: adc: at91: disable adc channel interrupt in timeout
    case (bnc#1012382).

  - iio: ad_sigma_delta: select channel when reading
    register (bnc#1012382).

  - iio/gyro/bmg160: Use millidegrees for temperature scale
    (bnc#1012382).

  - Include ACPI button driver in base kernel (bsc#1062056).

  - include/linux/bitrev.h: fix constant bitrev
    (bnc#1012382).

  - include/linux/swap.h: use offsetof() instead of custom
    __swapoffset macro (bnc#1012382).

  - Input: elan_i2c - add id for touchpad found in Lenovo
    s21e-20 (bnc#1012382).

  - Input: matrix_keypad - use flush_delayed_work()
    (bnc#1012382).

  - Input: st-keyscan - fix potential zalloc NULL
    dereference (bnc#1012382).

  - Input: wacom_serial4 - add support for Wacom ArtPad II
    tablet (bnc#1012382).

  - intel_th: Do not reference unassigned outputs
    (bnc#1012382).

  - intel_th: gth: Fix an off-by-one in output unassigning
    (git-fixes).

  - io: accel: kxcjk1013: restore the range after resume
    (bnc#1012382).

  - iommu/amd: Fix NULL dereference bug in match_hid_uid
    (bsc#1130345).

  - iommu/amd: fix sg->dma_address for sg->offset bigger
    than PAGE_SIZE (bsc#1130346).

  - iommu/amd: Reserve exclusion range in iova-domain
    (bsc#1130425).

  - iommu/amd: Set exclusion range correctly (bsc#1130425).

  - iommu: Do not print warning when IOMMU driver only
    supports unmanaged domains (bsc#1130130).

  - iommu/hyper-v: Add Hyper-V stub IOMMU driver
    (bsc#1122822).

  - iommu/hyper-v: Add Hyper-V stub IOMMU driver
    (fate#327171, bsc#1122822).

  - iommu/vt-d: Check capability before disabling protected
    memory (bsc#1130347).

  - iommu/vt-d: Do not request page request irq under
    dmar_global_lock (bsc#1135013).

  - iommu/vt-d: Make kernel parameter igfx_off work with
    vIOMMU (bsc#1135014).

  - iommu/vt-d: Set intel_iommu_gfx_mapped correctly
    (bsc#1135015).

  - ip6: fix PMTU discovery when using /127 subnets
    (git-fixes).

  - ip6mr: Do not call __IP6_INC_STATS() from preemptible
    context (bnc#1012382).

  - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
    (bnc#1012382).

  - ip_tunnel: fix ip tunnel lookup in collect_md mode
    (git-fixes).

  - ipv4: add sanity checks in ipv4_link_failure()
    (git-fixes).

  - ipv4: ensure rcu_read_lock() in ipv4_link_failure()
    (bnc#1012382).

  - ipv4: recompile ip options in ipv4_link_failure
    (bnc#1012382).

  - ipv6: Fix dangling pointer when ipv6 fragment
    (bnc#1012382).

  - ipv6: sit: reset ip header pointer in ipip6_rcv
    (bnc#1012382).

  - ipvlan: disallow userns cap_net_admin to change global
    mode/flags (bnc#1012382).

  - ipvs: Fix signed integer overflow when setsockopt
    timeout (bnc#1012382).

  - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on
    enable/disable (bnc#1012382).

  - iscsi_ibft: Fix missing break in switch statement
    (bnc#1012382).

  - isdn: avm: Fix string plus integer warning from Clang
    (bnc#1012382).

  - isdn: i4l: isdn_tty: Fix some concurrency double-free
    bugs (bnc#1012382).

  - isdn: isdn_tty: fix build warning of strncpy
    (bnc#1012382).

  - It's wrong to add len to sector_nr in raid10 reshape
    twice (bnc#1012382).

  - iwlwifi: dbg: do not crash if the firmware crashes in
    the middle of a debug dump (bsc#1119086).

  - jbd2: clear dirty flag when revoking a buffer from an
    older transaction (bnc#1012382).

  - jbd2: fix compile warning when using JBUFFER_TRACE
    (bnc#1012382).

  - kabi: arm64: fix kabi breakage on arch specific module
    (bsc#1126040)

  - kabi fixup gendisk disk_devt revert (bsc#1020989).

  - kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
    (bnc#1012382).

  - kbuild: setlocalversion: print error to STDERR
    (bnc#1012382).

  - kernel/sysctl.c: add missing range check in
    do_proc_dointvec_minmax_conv (bnc#1012382).

  - kernel/sysctl.c: fix out-of-bounds access when setting
    file-max (bnc#1012382).

  - keys: allow reaching the keys quotas exactly
    (bnc#1012382).

  - keys: always initialize keyring_index_key::desc_len
    (bnc#1012382).

  - keys: restrict /proc/keys by credentials at open time
    (bnc#1012382).

  - keys: user: Align the payload buffer (bnc#1012382).

  - kprobes: Fix error check when reusing optimized probes
    (bnc#1012382).

  - kprobes: Mark ftrace mcount handler functions nokprobe
    (bnc#1012382).

  - kprobes: Prohibit probing on bsearch() (bnc#1012382).

  - kvm: Call kvm_arch_memslots_updated() before updating
    memslots (bsc#1132634).

  - kvm: nSVM: clear events pending from
    svm_complete_interrupts() when exiting to L1
    (bnc#1012382).

  - kvm: nVMX: Apply addr size mask to effective address for
    VMX instructions (bsc#1132635).

  - kvm: nVMX: Ignore limit checks on VMX instructions using
    flat segments (bnc#1012382).

  - kvm: nVMX: Sign extend displacements of VMX instr's mem
    operands (bnc#1012382).

  - kvm: Reject device ioctls from processes other than the
    VM's creator (bnc#1012382).

  - kvm: VMX: Compare only a single byte for VMCS'
    'launched' in vCPU-run (bsc#1132636).

  - kvm: VMX: Zero out *all* general purpose registers after
    VM-Exit (bsc#1132637).

  - kvm: x86: Do not clear EFER during SMM transitions for
    32-bit vCPU (bnc#1012382).

  - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD
    hosts (bsc#1132534).

  - kvm: X86: Fix residual mmio emulation request to
    userspace (bnc#1012382).

  - kvm: x86/mmu: Do not cache MMIO accesses while memslots
    are in flux (bsc#1132638).

  - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes).

  - leds: lp5523: fix a missing check of return value of
    lp55xx_read (bnc#1012382).

  - leds: lp55xx: fix null deref on firmware load failure
    (bnc#1012382).

  - lib: add crc64 calculation routines (bsc#1130972).

  - lib/div64.c: off by one in shift (bnc#1012382).

  - lib: do not depend on linux headers being installed
    (bsc#1130972).

  - libertas: call into generic suspend code before turning
    off power (bsc#1106110).

  - libertas: fix suspend and resume for SDIO connected
    cards (bsc#1106110).

  - lib/int_sqrt: optimize initial value compute
    (bnc#1012382).

  - lib/int_sqrt: optimize small argument (bnc#1012382).

  - libnvdimm/pmem: Honor force_raw for legacy pmem regions
    (bsc#1131857).

  - lib/string.c: implement a basic bcmp (bnc#1012382).

  - locking/lockdep: Add debug_locks check in
    __lock_downgrade() (bnc#1012382).

  - locking/static_keys: Improve uninitialized key warning
    (bsc#1106913).

  - lpfc: validate command in
    lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138).

  - m68k: Add -ffreestanding to CFLAGS (bnc#1012382).

  - mac80211: do not call driver wake_tx_queue op during
    reconfig (bnc#1012382).

  - mac80211: do not initiate TDLS connection if station is
    not associated to AP (bnc#1012382).

  - mac80211: fix miscounting of ttl-dropped frames
    (bnc#1012382).

  - mac80211: fix 'warning: target metric may be used
    uninitialized' (bnc#1012382).

  - mac80211_hwsim: propagate genlmsg_reply return code
    (bnc#1012382).

  - mac8390: Fix mmio access size probe (bnc#1012382).

  - md: Fix failed allocation of md_register_thread
    (bnc#1012382).

  - mdio_bus: Fix use-after-free on device_register fails
    (bnc#1012382 git-fixes).

  - md/raid1: do not clear bitmap bits on interrupted
    recovery (git-fixes).

  - md: use mddev_suspend/resume instead of ->quiesce()
    (bsc#1132212).

  - media: cx88: Get rid of spurious call to
    cx8800_start_vbi_dma() (bsc#1100132).

  - media: mt9m111: set initial frame size other than 0x0
    (bnc#1012382).

  - media: mx2_emmaprp: Correct return type for mem2mem
    buffer helpers (bnc#1012382).

  - media: s5p-g2d: Correct return type for mem2mem buffer
    helpers (bnc#1012382).

  - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt
    enumeration (bnc#1012382).

  - media: s5p-jpeg: Correct return type for mem2mem buffer
    helpers (bnc#1012382).

  - media: sh_veu: Correct return type for mem2mem buffer
    helpers (bnc#1012382).

  - media: uvcvideo: Avoid NULL pointer dereference at the
    end of streaming (bnc#1012382).

  - media: uvcvideo: Fix 'type' check leading to overflow
    (bnc#1012382).

  - media: uvcvideo: Fix uvc_alloc_entity() allocation
    alignment (bsc#1119086).

  - media: v4l2-ctrls.c/uvc: zero v4l2_event (bnc#1012382).

  - media: vb2: do not call __vb2_queue_cancel if
    vb2_start_streaming failed (bsc#1120902).

  - media: videobuf2-v4l2: drop WARN_ON in
    vb2_warn_zero_bytesused() (bnc#1012382).

  - media: vivid: potential integer overflow in
    vidioc_g_edid() (bsc#11001132).

  - mfd: ab8500-core: Return zero in
    get_register_interruptible() (bnc#1012382).

  - mfd: db8500-prcmu: Fix some section annotations
    (bnc#1012382).

  - mfd: mc13xxx: Fix a missing check of a register-read
    failure (bnc#1012382).

  - mfd: qcom_rpm: write fw_version to CTRL_REG
    (bnc#1012382).

  - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while
    registering mfd cells (bnc#1012382).

  - mfd: twl-core: Fix section annotations on
    (,un)protect_pm_master (bnc#1012382).

  - mfd: wm5110: Add missing ASRC rate register
    (bnc#1012382).

  - mips: ath79: Enable OF serial ports in the default
    config (bnc#1012382).

  - mips: Fix kernel crash for R6 in jump label branch
    function (bnc#1012382).

  - mips: irq: Allocate accurate order pages for irq stack
    (bnc#1012382).

  - mips: jazz: fix 64bit build (bnc#1012382).

  - mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to
    'cascade' irqaction (bnc#1012382).

  - mips: Remove function size check in get_frame_info()
    (bnc#1012382).

  - mISDN: hfcpci: Test both vendor & device ID for Digium
    HFC4S (bnc#1012382).

  - missing barriers in some of unix_sock ->addr and ->path
    accesses (bnc#1012382).

  - mmc: bcm2835: reset host on timeout (bsc#1070872).

  - mmc: block: Allow more than 8 partitions per card
    (bnc#1012382).

  - mmc: core: fix using wrong io voltage if
    mmc_select_hs200 fails (bnc#1012382).

  - mmc: core: shut up 'voltage-ranges unspecified'
    pr_info() (bnc#1012382).

  - mmc: davinci: remove extraneous __init annotation
    (bnc#1012382).

  - mmc: debugfs: Add a restriction to mmc debugfs clock
    setting (bnc#1012382).

  - mm/cma.c: cma_declare_contiguous: correct err handling
    (bnc#1012382).

  - mmc: make MAN_BKOPS_EN message a debug (bnc#1012382).

  - mmc: mmc: fix switch timeout issue caused by jiffies
    precision (bnc#1012382).

  - mmc: omap: fix the maximum timeout setting
    (bnc#1012382).

  - mmc: pwrseq_simple: Make reset-gpios optional to match
    doc (bnc#1012382).

  - mmc: pxamci: fix enum type confusion (bnc#1012382).

  - mmc: sanitize 'bus width' in debug output (bnc#1012382).

  - mmc: spi: Fix card detection during probe (bnc#1012382).

  - mmc: tmio_mmc_core: do not claim spurious interrupts
    (bnc#1012382).

  - mm/debug.c: fix __dump_page when mapping->host is not
    set (bsc#1131934).

  - mm, memory_hotplug: fix off-by-one in
    is_pageblock_removable (git-fixes).

  - mm, memory_hotplug: is_mem_section_removable do not pass
    the end of a zone (bnc#1012382).

  - mm, memory_hotplug: test_pages_in_a_zone do not pass the
    end of zone (bnc#1012382).

  - mm: mempolicy: make mbind() return -EIO when
    MPOL_MF_STRICT is specified (bnc#1012382).

  - mm: move is_pageblock_removable_nolock() to
    mm/memory_hotplug.c (git-fixes prerequisity).

  - mm/page_ext.c: fix an imbalance with kmemleak
    (bnc#1012382).

  - mm/page_isolation.c: fix a wrong flag in
    set_migratetype_isolate() (bsc#1131935)

  - mm/rmap: replace BUG_ON(anon_vma->degree) with
    VM_WARN_ON (bnc#1012382).

  - mm/slab.c: kmemleak no scan alien caches (bnc#1012382).

  - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
    (bnc#1012382).

  - mm/vmalloc: fix size check for
    remap_vmalloc_range_partial() (bnc#1012382).

  - mm/vmstat.c: fix /proc/vmstat format for
    CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n (bnc#1012382).

  - modpost: file2alias: check prototype of handler
    (bnc#1012382).

  - modpost: file2alias: go back to simple devtable lookup
    (bnc#1012382).

  - move power_up_on_resume flag to end of structure for
    kABI (bsc#1106110).

  - mt7601u: bump supported EEPROM version (bnc#1012382).

  - mtd: Fix comparison in map_word_andequal() (git-fixes).

  - mwifiex: pcie: tighten a check in
    mwifiex_pcie_process_event_ready() (bsc#1100132).

  - ncpfs: fix build warning of strncpy (bnc#1012382).

  - net: add description for len argument of
    dev_get_phys_port_name (git-fixes).

  - net: Add __icmp_send helper (bnc#1012382).

  - net: altera_tse: fix connect_local_phy error path
    (bnc#1012382).

  - net: altera_tse: fix msgdma_tx_completion on non-zero
    fill_level case (bnc#1012382).

  - net: atm: Fix potential Spectre v1 vulnerabilities
    (bnc#1012382).

  - net: avoid use IPCB in cipso_v4_error (bnc#1012382).

  - net: bridge: multicast: use rcu to access port list from
    br_multicast_start_querier (bnc#1012382).

  - net: diag: support v4mapped sockets in
    inet_diag_find_one_icsk() (bnc#1012382).

  - net: do not decrement kobj reference count on init
    failure (git-fixes).

  - net: dsa: mv88e6xxx: Fix u64 statistics (bnc#1012382).

  - net: ena: fix race between link up and device
    initalization (bsc#1129278).

  - net: ena: update driver version from 2.0.2 to 2.0.3
    (bsc#1129278).

  - net: ethtool: not call vzalloc for zero sized memory
    request (bnc#1012382).

  - netfilter: ipt_CLUSTERIP: fix use-after-free of proc
    entry (git-fixes).

  - netfilter: nf_conntrack_tcp: Fix stack out of bounds
    when parsing TCP options (bnc#1012382).

  - netfilter: nfnetlink_acct: validate NFACCT_FILTER
    parameters (bnc#1012382).

  - netfilter: nfnetlink_log: just returns error for unknown
    command (bnc#1012382).

  - netfilter: nfnetlink: use original skbuff when acking
    batches (git-fixes).

  - netfilter: physdev: relax br_netfilter dependency
    (bnc#1012382).

  - netfilter: x_tables: enforce nul-terminated table name
    from getsockopt GET_ENTRIES (bnc#1012382).

  - net: fou: do not use guehdr after iptunnel_pull_offloads
    in gue_udp_recv (bnc#1012382).

  - net: hns: Fix use after free identified by SLUB debug
    (bnc#1012382).

  - net: hns: Fix wrong read accesses via Clause 45 MDIO
    protocol (bnc#1012382).

  - net: hsr: fix memory leak in hsr_dev_finalize()
    (bnc#1012382).

  - net/hsr: fix possible crash in add_timer()
    (bnc#1012382).

  - net/ibmvnic: Update carrier state after link state
    change (bsc#1135100).

  - net/ibmvnic: Update MAC address settings after adapter
    reset (bsc#1134760).

  - netlabel: fix out-of-bounds memory accesses
    (bnc#1012382).

  - net/mlx4_en: Force CHECKSUM_NONE for short ethernet
    frames (bnc#1012382).

  - net: mv643xx_eth: disable clk on error path in
    mv643xx_eth_shared_probe() (bnc#1012382).

  - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv
    fails (bnc#1012382).

  - netns: provide pure entropy for net_hash_mix()
    (bnc#1012382).

  - net/packet: fix 4gb buffer limit due to overflow check
    (bnc#1012382).

  - net/packet: Set __GFP_NOWARN upon allocation in
    alloc_pg_vec (bnc#1012382).

  - net: phy: Micrel KSZ8061: link failure after cable
    connect (bnc#1012382).

  - net: rds: force to destroy connection if t_sock is NULL
    in rds_tcp_kill_sock() (bnc#1012382).

  - net: rose: fix a possible stack overflow (bnc#1012382).

  - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for
    tables > 255 (bnc#1012382).

  - net: set static variable an initial value in
    atl2_probe() (bnc#1012382).

  - net: sit: fix UBSAN Undefined behaviour in check_6rd
    (bnc#1012382).

  - net: stmmac: dwmac-rk: fix error handling in
    rk_gmac_powerup() (bnc#1012382).

  - net-sysfs: call dev_hold if kobject_init_and_add success
    (git-fixes).

  - net-sysfs: Fix mem leak in netdev_register_kobject
    (bnc#1012382).

  - net: systemport: Fix reception of BPDUs (bnc#1012382).

  - net: tcp_memcontrol: properly detect ancestor socket
    pressure (git-fixes).

  - net/x25: fix a race in x25_bind() (bnc#1012382).

  - net/x25: fix use-after-free in x25_device_event()
    (bnc#1012382).

  - net/x25: reset state in x25_connect() (bnc#1012382).

  - NFC: nci: memory leak in nci_core_conn_create()
    (git-fixes).

  - nfs41: pop some layoutget errors to application
    (bnc#1012382).

  - nfs: Add missing encode / decode sequence_maxsz to v4.2
    operations (git-fixes).

  - nfs: clean up rest of reqs when failing to add one
    (git-fixes).

  - nfsd: fix memory corruption caused by readdir
    (bsc#1127445).

  - nfsd: fix wrong check in write_v4_end_grace()
    (git-fixes).

  - nfs: Do not recoalesce on error in
    nfs_pageio_complete_mirror() (git-fixes).

  - nfs: Fix an I/O request leakage in nfs_do_recoalesce
    (git-fixes).

  - nfs: Fix dentry revalidation on NFSv4 lookup
    (bsc#1132618).

  - nfs: Fix I/O request leakages (git-fixes).

  - nfs: fix mount/umount race in nlmclnt (git-fixes).

  - nfs: Fix NULL pointer dereference of dev_name
    (bnc#1012382).

  - nfs/pnfs: Bulk destroy of layouts needs to be safe
    w.r.t. umount (git-fixes).

  - nfsv4.x: always serialize open/close operations
    (bsc#1114893).

  - numa: change get_mempolicy() to use nr_node_ids instead
    of MAX_NUMNODES (bnc#1012382).

  - nvme-fc: resolve io failures during connect
    (bsc#1116803).

  - ocfs2: fix a panic problem caused by o2cb_ctl
    (bnc#1012382).

  - openvswitch: fix flow actions reallocation
    (bnc#1012382).

  - packets: Always register packet sk in the same order
    (bnc#1012382).

  - parport_pc: fix find_superio io compare code, should use
    equal test (bnc#1012382).

  - pci: Add function 1 DMA alias quirk for Marvell 9170
    SATA controller (bnc#1012382).

  - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle
    1792 vcpus (bsc#1122822).

  - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle
    1792 vcpus (fate#327171, bsc#1122822).

  - pci: xilinx-nwl: Add missing of_node_put()
    (bsc#1100132).

  - perf auxtrace: Define auxtrace record alignment
    (bnc#1012382).

  - perf bench: Copy kernel files needed to build
    mem(cpy,set) x86_64 benchmarks (bnc#1012382).

  - perf/core: Restore mmap record type correctly
    (bnc#1012382).

  - perf evsel: Free evsel->counts in perf_evsel__exit()
    (bnc#1012382).

  - perf intel-pt: Fix CYC timestamp calculation after OVF
    (bnc#1012382).

  - perf intel-pt: Fix overlap calculation for padding
    (bnc#1012382).

  - perf intel-pt: Fix TSC slip (bnc#1012382).

  - perf/ring_buffer: Refuse to begin AUX transaction after
    rb->aux_mmap_count drops (bnc#1012382).

  - perf symbols: Filter out hidden symbols from labels
    (bnc#1012382).

  - perf: Synchronously free aux pages in case of allocation
    failure (bnc#1012382).

  - perf test: Fix failure of 'evsel-tp-sched' test on s390
    (bnc#1012382).

  - perf tests: Fix a memory leak in
    test__perf_evsel__tp_sched_test() (bnc#1012382).

  - perf tests: Fix a memory leak of cpu_map object in the
    openat_syscall_event_on_all_cpus test (bnc#1012382).

  - perf tools: Handle TOPOLOGY headers with no CPU
    (bnc#1012382).

  - perf top: Fix error handling in cmd_top() (bnc#1012382).

  - perf/x86/amd: Add event map for AMD Family 17h
    (bsc#1114648).

  - phonet: fix building with clang (bnc#1012382).

  - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins
    (bnc#1012382).

  - platform/x86: Fix unmet dependency warning for
    SAMSUNG_Q10 (bnc#1012382).

  - PM / Hibernate: Call flush_icache_range() on pages
    restored in-place (bnc#1012382).

  - PM / wakeup: Rework wakeup source timer cancellation
    (bnc#1012382).

  - pNFS: Skip invalid stateids when doing a bulk destroy
    (git-fixes).

  - powerpc/32: Clear on-stack exception marker upon
    exception return (bnc#1012382).

  - powerpc/64: Call setup_barrier_nospec() from
    setup_arch() (bsc#1131107).

  - powerpc/64: Disable the speculation barrier from the
    command line (bsc#1131107).

  - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific
    (bsc#1131107).

  - powerpc/64s: Add new security feature flags for count
    cache flush (bsc#1131107).

  - powerpc/64s: Add support for software count cache flush
    (bsc#1131107).

  - powerpc/83xx: Also save/restore SPRG4-7 during suspend
    (bnc#1012382).

  - powerpc: Always initialize input array when calling
    epapr_hypercall() (bnc#1012382).

  - powerpc/asm: Add a patch_site macro & helpers for
    patching instructions (bsc#1131107).

  - powerpc/fsl: Fix spectre_v2 mitigations reporting
    (bsc#1131107).

  - powerpc/mm/hash: Handle mmap_min_addr correctly in
    get_unmapped_area topdown search (bsc#1131900).

  - powerpc/numa: document topology_updates_enabled, disable
    by default (bsc#1133584).

  - powerpc/numa: improve control of topology updates
    (bsc#1133584).

  - powerpc/perf: Fix unit_sel/cache_sel checks
    (bsc#1053043).

  - powerpc/perf: Remove l2 bus events from HW cache event
    array (bsc#1053043).

  - powerpc/perf: Update raw-event code encoding comment for
    power8 (bsc#1053043, git-fixes).

  - powerpc/powernv/cpuidle: Init all present cpus for deep
    states (bsc#1066223).

  - powerpc/powernv: Make opal log only readable by root
    (bnc#1012382).

  - powerpc/powernv: Query firmware for count cache flush
    settings (bsc#1131107).

  - powerpc/pseries/mce: Fix misleading print for TLB
    mutlihit (bsc#1094244, git-fixes).

  - powerpc/pseries: Query hypervisor for count cache flush
    settings (bsc#1131107).

  - powerpc/security: Fix spectre_v2 reporting
    (bsc#1131107).

  - powerpc/speculation: Support 'mitigations=' cmdline
    option (bsc#1112178).

  - powerpc/tm: Add commandline option to disable hardware
    transactional memory (bsc#1118338).

  - powerpc/tm: Add TM Unavailable Exception (bsc#1118338).

  - powerpc/tm: Flip the HTM switch default to disabled
    (bsc#1125580).

  - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64
    (bsc#1131587).

  - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies
    across Y2038 (bsc#1131587).

  - powerpc/wii: properly disable use of BATs when requested
    (bnc#1012382).

  - qmi_wwan: add Olicard 600 (bnc#1012382).

  - ravb: Decrease TxFIFO depth of Q3 and Q2 to one
    (bnc#1012382).

  - rcu: Do RCU GP kthread self-wakeup from softirq and
    interrupt (bnc#1012382).

  - RDMA/core: Do not expose unsupported counters
    (bsc#994770).

  - RDMA/srp: Rework SCSI device reset handling
    (bnc#1012382).

  - regulator: act8865: Fix act8600_sudcdc_voltage_ranges
    setting (bnc#1012382).

  - regulator: s2mpa01: Fix step values for some LDOs
    (bnc#1012382).

  - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
    (bnc#1012382).

  - Revert 'block: unexport DISK_EVENT_MEDIA_CHANGE for
    legacy/fringe drivers' (bsc#1110946).

  - Revert 'bridge: do not add port to router list when
    receives query with source 0.0.0.0' (bnc#1012382).

  - Revert 'ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd
    and ide-cd' (bsc#1110946).

  - Revert 'ipv4: keep skb->dst around in presence of IP
    options' (git-fixes).

  - Revert 'kbuild: use -Oz instead of -Os when using clang'
    (bnc#1012382).

  - Revert 'KEYS: restrict /proc/keys by credentials at open
    time' (kabi).

  - Revert 'locking/lockdep: Add debug_locks check in
    __lock_downgrade()' (bnc#1012382).

  - Revert 'mmc: block: do not use parameter prefix if built
    as module' (bnc#1012382).

  - Revert 'netns: provide pure entropy for net_hash_mix()'
    (kabi).

  - Revert 'scsi, block: fix duplicate bdi name registration
    crashes' (bsc#1020989).

  - Revert 'USB: core: only clean up what we allocated'
    (bnc#1012382).

  - Revert 'x86/kprobes: Verify stack frame on kretprobe'
    (kabi).

  - route: set the deleted fnhe fnhe_daddr to 0 in
    ip_del_fnhe to fix a race (bnc#1012382).

  - rsi: fix a dereference on adapter before it has been
    null checked (bsc#1085539).

  - rsi: improve kernel thread handling to fix kernel panic
    (bnc#1012382).

  - rtc: Fix overflow when converting time64_t to rtc_time
    (bnc#1012382).

  - rtl8xxxu: Fix missing break in switch (bsc#1120902).

  - s390/dasd: fix panic for failed online processing
    (bsc#1132589).

  - s390/dasd: fix using offset into zero size array error
    (bnc#1012382).

  - s390: Prevent hotplug rwsem recursion (bsc#1131980).

  - s390/qeth: fix use-after-free in error path
    (bnc#1012382).

  - s390/speculation: Support 'mitigations=' cmdline option
    (bsc#1112178).

  - s390/virtio: handle find on invalid queue gracefully
    (bnc#1012382).

  - sched/core: Fix cpu.max vs. cpuhotplug deadlock
    (bsc#1106913).

  - sched/fair: Do not re-read ->h_load_next during
    hierarchical load calculation (bnc#1012382).

  - sched/fair: Limit sched_cfs_period_timer() loop to avoid
    hard lockup (bnc#1012382).

  - sched/smt: Expose sched_smt_present static key
    (bsc#1106913).

  - sched/smt: Make sched_smt_present track topology
    (bsc#1106913).

  - scripts/git_sort/git_sort.py: Add fixes branch from
    mkp/scsi.git.

  - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in
    scsi_scan.c (bnc#1012382).

  - scsi: csiostor: fix NULL pointer dereference in
    csio_vport_set_state() (bnc#1012382).

  - scsi: isci: initialize shost fully before calling
    scsi_add_host() (bnc#1012382).

  - scsi: libfc: free skb when receiving invalid flogi resp
    (bnc#1012382).

  - scsi: libiscsi: Fix race between iscsi_xmit_task and
    iscsi_complete_task (bnc#1012382).

  - scsi: libsas: Fix rphy phy_identifier for PHYs with end
    devices attached (bnc#1012382).

  - scsi: megaraid_sas: return error when create DMA pool
    failed (bnc#1012382).

  - scsi: qla4xxx: check return code of
    qla4xxx_copy_from_fwddb_param (bnc#1012382).

  - scsi: sd: Fix a race between closing an sd device and sd
    I/O (bnc#1012382).

  - scsi: storvsc: Fix a race in sub-channel creation that
    can cause panic ().

  - scsi: storvsc: Fix a race in sub-channel creation that
    can cause panic (fate#323887).

  - scsi: storvsc: Reduce default ring buffer size to 128
    Kbytes ().

  - scsi: storvsc: Reduce default ring buffer size to 128
    Kbytes (fate#323887).

  - scsi: target/iscsi: Avoid
    iscsit_release_commands_from_conn() deadlock
    (bnc#1012382).

  - scsi: virtio_scsi: do not send sc payload with tmfs
    (bnc#1012382).

  - scsi: zfcp: fix rport unblock if deleted SCSI devices on
    Scsi_Host (bnc#1012382).

  - scsi: zfcp: fix scsi_eh host reset with port_forced ERP
    for non-NPIV FCP devices (bnc#1012382).

  - sctp: fix the transports round robin issue when init is
    retransmitted (git-fixes).

  - sctp: get sctphdr by offset in sctp_compute_cksum
    (bnc#1012382).

  - sctp: initialize _pad of sockaddr_in before copying to
    user memory (bnc#1012382).

  - serial: 8250_pci: Fix number of ports for ACCES serial
    cards (bnc#1012382).

  - serial: 8250_pci: Have ACCES cards that use the four
    port Pericom PI7C9X7954 chip use the pci_pericom_setup()
    (bnc#1012382).

  - serial: fsl_lpuart: fix maximum acceptable baud rate
    with over-sampling (bnc#1012382).

  - serial: max310x: Fix to avoid potential NULL pointer
    dereference (bnc#1012382).

  - serial: sh-sci: Fix setting SCSCR_TIE while transferring
    data (bnc#1012382).

  - serial: sprd: adjust TIMEOUT to a big value
    (bnc#1012382).

  - serial: sprd: clear timeout interrupt only rather than
    all interrupts (bnc#1012382).

  - serial: uartps: console_setup() can't be placed to init
    section (bnc#1012382).

  - sit: check if IPv6 enabled before calling
    ip6_err_gen_icmpv6_unreach() (bnc#1012382).

  - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
    (bnc#1012382).

  - SoC: imx-sgtl5000: add missing put_device()
    (bnc#1012382).

  - sockfs: getxattr: Fail with -EOPNOTSUPP for invalid
    attribute names (bnc#1012382).

  - soc: qcom: gsbi: Fix error handling in gsbi_probe()
    (bnc#1012382).

  - soc/tegra: fuse: Fix illegal free of IO base address
    (bnc#1012382).

  - staging: ashmem: Add missing include (bnc#1012382).

  - staging: ashmem: Avoid deadlock with mmap/shrink
    (bnc#1012382).

  - staging: comedi: ni_usb6501: Fix possible double-free of
    ->usb_rx_buf (bnc#1012382).

  - staging: comedi: ni_usb6501: Fix use of uninitialized
    mutex (bnc#1012382).

  - staging: comedi: vmk80xx: Fix possible double-free of
    ->usb_rx_buf (bnc#1012382).

  - staging: comedi: vmk80xx: Fix use of uninitialized
    semaphore (bnc#1012382).

  - staging: goldfish: audio: fix compiliation on arm
    (bnc#1012382).

  - staging: ion: Set minimum carveout heap allocation order
    to PAGE_SHIFT (bnc#1012382).

  - staging: lustre: fix buffer overflow of string buffer
    (bnc#1012382).

  - staging: rtl8188eu: avoid a null dereference on
    pmlmepriv (bsc#1085539).

  - staging: vt6655: Fix interrupt race condition on device
    start up (bnc#1012382).

  - staging: vt6655: Remove vif check from vnt_interrupt
    (bnc#1012382).

  - stm class: Do not leak the chrdev in error path
    (bnc#1012382).

  - stm class: Fix an endless loop in channel allocation
    (bnc#1012382).

  - stm class: Fix a race in unlinking (bnc#1012382).

  - stm class: Fix link list locking (bnc#1012382).

  - stm class: Fix locking in unbinding policy path
    (bnc#1012382).

  - stm class: Fix stm device initialization order
    (bnc#1012382).

  - stm class: Fix unbalanced module/device refcounting
    (bnc#1012382).

  - stm class: Fix unlocking braino in the error path
    (bnc#1012382).

  - stm class: Guard output assignment against concurrency
    (bnc#1012382).

  - stm class: Hide STM-specific options if STM is disabled
    (bnc#1012382).

  - stm class: Prevent division by zero (bnc#1012382).

  - stm class: Prevent user-controllable allocations
    (bnc#1012382).

  - stm class: Support devices with multiple instances
    (bnc#1012382).

  - stmmac: copy unicast mac address to MAC registers
    (bnc#1012382).

  - stop_machine: Provide stop_machine_cpuslocked()
    (bsc#1131980).

  - sunrpc: do not mark uninitialised items as VALID
    (bsc#1130737).

  - sunrpc: init xdr_stream for zero iov_len, page_len
    (bsc#11303356).

  - supported.conf: add lib/crc64 because bcache uses it

  - svm/avic: Fix invalidate logical APIC id entry
    (bsc#1132727).

  - svm: Fix AVIC DFR and LDR handling (bsc#1130343).

  - svm: Fix improper check when deactivate AVIC
    (bsc#1130344).

  - sysctl: handle overflow for file-max (bnc#1012382).

  - tcp/dccp: drop SYN packets if accept queue is full
    (bnc#1012382).

  - tcp/dccp: remove reqsk_put() from inet_child_forget()
    (git-fixes).

  - tcp: do not use ipv6 header for ipv4 flow (bnc#1012382).

  - tcp: Ensure DCTCP reacts to losses (bnc#1012382).

  - tcp: handle inet_csk_reqsk_queue_add() failures
    (git-fixes).

  - tcp: tcp_grow_window() needs to respect tcp_space()
    (bnc#1012382).

  - thermal/int340x_thermal: Add additional UUIDs
    (bnc#1012382).

  - thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
    (bnc#1012382).

  - thermal/int340x_thermal: fix mode setting (bnc#1012382).

  - time: Introduce jiffies64_to_nsecs() (bsc#1113399).

  - tmpfs: fix link accounting when a tmpfile is linked in
    (bnc#1012382).

  - tmpfs: fix uninitialized return value in shmem_link
    (bnc#1012382).

  - tools lib traceevent: Fix buffer overflow in arg_eval
    (bnc#1012382).

  - tools/power turbostat: return the exit status of a
    command (bnc#1012382).

  - tpm: fix kdoc for tpm2_flush_context_cmd()
    (bsc#1020645).

  - tpm: Fix the type of the return value in
    calc_tpm2_event_size() (bsc#1020645, git-fixes).

  - tpm/tpm_crb: Avoid unaligned reads in crb_recv()
    (bnc#1012382).

  - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is
    incomplete (bnc#1012382).

  - tpm: tpm-interface.c drop unused macros (bsc#1020645).

  - tracing: kdb: Fix ftdump to not sleep (bnc#1012382).

  - tty: atmel_serial: fix a potential NULL pointer
    dereference (bnc#1012382).

  - tty: increase the default flip buffer limit to 2*640K
    (bnc#1012382).

  - tty: ldisc: add sysctl to prevent autoloading of ldiscs
    (bnc#1012382).

  - tty/serial: atmel: Add is_half_duplex helper
    (bnc#1012382).

  - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is
    stopped (bnc#1012382).

  - uas: fix alignment of scatter/gather segments
    (bsc#1129770).

  - udf: Fix crash on IO error during truncate
    (bnc#1012382).

  - Update config files: add CONFIG_CRC64=m

  - usb: Add new USB LPM helpers (bsc#1129770).

  - usb: chipidea: Grab the (legacy) USB PHY by phandle
    first (bnc#1012382).

  - usb: Consolidate LPM checks to avoid enabling LPM twice
    (bsc#1129770).

  - usb: core: only clean up what we allocated
    (bnc#1012382).

  - usb: dwc2: Fix DMA alignment to start at allocated
    boundary (bsc#1100132).

  - usb: dwc2: fix the incorrect bitmaps for the ports of
    multi_tt hub (bsc#1100132).

  - usb: dwc3: gadget: Fix suspend/resume during device mode
    (bnc#1012382).

  - usb: dwc3: gadget: Fix the uninitialized link_state when
    udc starts (bnc#1012382).

  - usb: gadget: Add the gserial port checking in
    gs_start_tx() (bnc#1012382).

  - usb: gadget: composite: fix dereference after null check
    coverify warning (bnc#1012382).

  - usb: gadget: configfs: add mutex lock before unregister
    gadget (bnc#1012382).

  - usb: gadget: Potential NULL dereference on allocation
    error (bnc#1012382).

  - usb: gadget: rndis: free response queue during
    REMOTE_NDIS_RESET_MSG (bnc#1012382).

  - usb: renesas_usbhs: gadget: fix unused-but-set-variable
    warning (bnc#1012382).

  - usb: serial: cp210x: add ID for Ingenico 3070
    (bnc#1012382).

  - usb: serial: cp210x: add new device id (bnc#1012382).

  - usb: serial: cypress_m8: fix interrupt-out transfer
    length (bsc#1119086).

  - usb: serial: ftdi_sio: add additional NovaTech products
    (bnc#1012382).

  - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics
    USB485 (bnc#1012382).

  - usb: serial: mos7720: fix mos_parport refcount imbalance
    on error path (bsc#1129770).

  - usb: serial: option: add Olicard 600 (bnc#1012382).

  - usb: serial: option: add Telit ME910 ECM composition
    (bnc#1012382).

  - usb: serial: option: set driver_info for SIM5218 and
    compatibles (bsc#1129770).

  - video: fbdev: Set pixclock = 0 in goldfishfb
    (bnc#1012382).

  - vti4: Fix a ipip packet processing bug in 'IPCOMP'
    virtual tunnel (bnc#1012382).

  - vxlan: Do not call gro_cells_destroy() before device is
    unregistered (bnc#1012382).

  - vxlan: Fix GRO cells race condition between receive and
    link delete (bnc#1012382).

  - vxlan: test dev->flags & IFF_UP before calling
    gro_cells_receive() (bnc#1012382).

  - wlcore: Fix memory leak in case wl12xx_fetch_firmware
    failure (bnc#1012382).

  - wlcore: Fix the return value in case of error in
    'wlcore_vendor_cmd_smart_config_start()' (bsc#1120902).

  - x.509: unpack RSA signatureValue field from BIT STRING
    (git-fixes).

  - x86_64: increase stack size for KASAN_EXTRA
    (bnc#1012382).

  - x86/apic: Provide apic_ack_irq() (bsc#1122822).

  - x86/apic: Provide apic_ack_irq() (fate#327171,
    bsc#1122822).

  - x86/build: Mark per-CPU symbols as absolute explicitly
    for LLD (bnc#1012382).

  - x86/build: Specify elf_i386 linker emulation explicitly
    for i386 objects (bnc#1012382).

  - x86/CPU/AMD: Set the CPB bit unconditionally on F17h
    (bnc#1012382).

  - x86/cpu/cyrix: Use correct macros for Cyrix calls on
    Geode processors (bnc#1012382).

  - x86/hpet: Prevent potential NULL pointer dereference
    (bnc#1012382).

  - x86/hw_breakpoints: Make default case in
    hw_breakpoint_arch_parse() return an error
    (bnc#1012382).

  - x86/Hyper-V: Set x2apic destination mode to physical
    when x2apic is available (bsc#1122822).

  - x86/Hyper-V: Set x2apic destination mode to physical
    when x2apic is available (fate#327171, bsc#1122822).

  - x86/kexec: Do not setup EFI info if EFI runtime is not
    enabled (bnc#1012382).

  - x86/kprobes: Verify stack frame on kretprobe
    (bnc#1012382).

  - x86/mce: Improve error message when kernel cannot
    recover, p2 (bsc#1114648).

  - x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
    (bnc#1012382).

  - x86/speculation: Remove redundant arch_smt_update()
    invocation (bsc#1111331).

  - x86/speculation: Support 'mitigations=' cmdline option
    (bsc#1112178).

  - x86/uaccess: Do not leak the AC flag into __put_user()
    value evaluation (bsc#1114648).

  - x86/vdso: Add VCLOCK_HVCLOCK vDSO clock read method
    (bsc#1133308).

  - x86/vdso: Drop implicit common-page-size linker flag
    (bnc#1012382).

  - x86/vdso: Pass --eh-frame-hdr to the linker (git-fixes).

  - x86: vdso: Use $LD instead of $CC to link (bnc#1012382).

  - xen-netback: fix occasional leak of grant ref mappings
    under memory pressure (bnc#1012382).

  - xen: Prevent buffer overflow in privcmd ioctl
    (bnc#1012382).

  - xfrm_user: fix info leak in build_aevent() (git-fixes).

  - xfrm_user: fix info leak in xfrm_notify_sa()
    (git-fixes).

  - xhci: Do not let USB3 ports stuck in polling state
    prevent suspend (bsc#1047487).

  - xhci: Fix port resume done detection for SS ports with
    LPM enabled (bnc#1012382).

  - xtensa: fix return_address (bnc#1012382).

  - xtensa: SMP: fix ccount_timer_shutdown (bnc#1012382).

  - xtensa: SMP: fix secondary CPU initialization
    (bnc#1012382).

  - xtensa: SMP: limit number of possible CPUs by NR_CPUS
    (bnc#1012382).

  - xtensa: SMP: mark each possible CPU as present
    (bnc#1012382).

  - xtensa: smp_lx200_defconfig: fix vectors clash
    (bnc#1012382)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1020645"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1020989"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031492"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047487"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053043"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1062056"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1063638"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064388"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1066223"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1070872"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085539"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087092"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094244"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1096480"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1096728"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097104"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100132"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103186"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1105348"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106110"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106913"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106929"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108293"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110785"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110946"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111331"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112063"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112178"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113399"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114542"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114638"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114648"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114893"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1116803"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118338"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118506"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119086"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119974"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122776"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122822"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1125580"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1126040"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1126356"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1127445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129278"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129326"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129770"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130130"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130343"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130344"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130345"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130346"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130347"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130356"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130425"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130567"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130737"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130972"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131107"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131416"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131488"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131587"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131659"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131857"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131900"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131934"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131935"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131980"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132212"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132227"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132534"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132589"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132618"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132619"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132634"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132635"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132636"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132637"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132638"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132727"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132828"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133188"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133308"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133584"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134160"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134162"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134537"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134564"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134565"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134566"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134651"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134760"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135013"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135014"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135015"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135100"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=843419"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=994770"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/support/kb/doc/?id=7023736"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected the Linux Kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/21");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-base-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-base-debuginfo-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-debuginfo-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-debugsource-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-devel-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-debug-devel-debuginfo-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-base-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-base-debuginfo-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-debuginfo-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-debugsource-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-default-devel-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-devel-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-docs-html-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-docs-pdf-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-macros-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-build-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-build-debugsource-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-obs-qa-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-source-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-source-vanilla-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-syms-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-base-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-base-debuginfo-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-debuginfo-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-debugsource-4.4.179-99.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"kernel-vanilla-devel-4.4.179-99.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-devel / kernel-macros / kernel-source / etc");
}
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4118-1.NASL
    descriptionIt was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that the Intel wifi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (wifi disconnect). (CVE-2019-0136) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Amit Klein and Benny Pinkas discovered that the location of kernel addresses could exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639) Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that a NULL pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Tuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) pro possibly execute arbitrary code. (CVE-2019-15214) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) It was discovered that a use-after-free vulnerability existed in the Appletalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physicall proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511) It was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id128478
    published2019-09-03
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128478
    titleUbuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4118-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(128478);
  script_version("1.4");
  script_cvs_date("Date: 2019/10/24 11:30:51");

  script_cve_id("CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13098", "CVE-2018-13099", "CVE-2018-13100", "CVE-2018-14609", "CVE-2018-14610", "CVE-2018-14611", "CVE-2018-14612", "CVE-2018-14613", "CVE-2018-14614", "CVE-2018-14615", "CVE-2018-14616", "CVE-2018-14617", "CVE-2018-16862", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-20784", "CVE-2018-20856", "CVE-2018-5383", "CVE-2019-0136", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11085", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-12984", "CVE-2019-13233", "CVE-2019-13272", "CVE-2019-13631", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-2024", "CVE-2019-2101", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3846", "CVE-2019-3900", "CVE-2019-9506");
  script_xref(name:"USN", value:"4118-1");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that the alarmtimer implementation in the Linux
kernel contained an integer overflow vulnerability. A local attacker
could use this to cause a denial of service. (CVE-2018-13053)

Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use
this to construct a malicious XFS image that, when mounted, could
cause a denial of service (system crash). (CVE-2018-13093)

Wen Xu discovered that the f2fs file system implementation in the
Linux kernel did not properly validate metadata. An attacker could use
this to construct a malicious f2fs image that, when mounted, could
cause a denial of service (system crash). (CVE-2018-13096,
CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100,
CVE-2018-14614, CVE-2018-14615, CVE-2018-14616)

Wen Xu and Po-Ning Tseng discovered that btrfs file system
implementation in the Linux kernel did not properly validate metadata.
An attacker could use this to construct a malicious btrfs image that,
when mounted, could cause a denial of service (system crash).
(CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612,
CVE-2018-14613)

Wen Xu discovered that the HFS+ filesystem implementation in the Linux
kernel did not properly handle malformed catalog data in some
situations. An attacker could use this to construct a malicious HFS+
image that, when mounted, could cause a denial of service (system
crash). (CVE-2018-14617)

Vasily Averin and Pavel Tikhomirov discovered that the cleancache
subsystem of the Linux kernel did not properly initialize new files in
some situations. A local attacker could use this to expose sensitive
information. (CVE-2018-16862)

Hui Peng and Mathias Payer discovered that the Option USB High Speed
driver in the Linux kernel did not properly validate metadata received
from the device. A physically proximate attacker could use this to
cause a denial of service (system crash). (CVE-2018-19985)

Hui Peng and Mathias Payer discovered that the USB subsystem in the
Linux kernel did not properly handle size checks when handling an
extra USB descriptor. A physically proximate attacker could use this
to cause a denial of service (system crash). (CVE-2018-20169)

Zhipeng Xie discovered that an infinite loop could triggered in the
CFS Linux kernel process scheduler. A local attacker could possibly
use this to cause a denial of service. (CVE-2018-20784)

It was discovered that a use-after-free error existed in the block
layer subsystem of the Linux kernel when certain failure conditions
occurred. A local attacker could possibly use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2018-20856)

Eli Biham and Lior Neumann discovered that the Bluetooth
implementation in the Linux kernel did not properly validate elliptic
curve parameters during Diffie-Hellman key exchange in some
situations. An attacker could use this to expose sensitive
information. (CVE-2018-5383)

It was discovered that the Intel wifi device driver in the Linux
kernel did not properly validate certain Tunneled Direct Link Setup
(TDLS). A physically proximate attacker could use this to cause a
denial of service (wifi disconnect). (CVE-2019-0136)

It was discovered that a heap buffer overflow existed in the Marvell
Wireless LAN device driver for the Linux kernel. An attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-10126)

It was discovered that the Bluetooth UART implementation in the Linux
kernel did not properly check for missing tty operations. A local
attacker could use this to cause a denial of service. (CVE-2019-10207)

Amit Klein and Benny Pinkas discovered that the Linux kernel did not
sufficiently randomize IP ID values generated for connectionless
networking protocols. A remote attacker could use this to track
particular Linux devices. (CVE-2019-10638)

Amit Klein and Benny Pinkas discovered that the location of kernel
addresses could exposed by the implementation of connection-less
network protocols in the Linux kernel. A remote attacker could
possibly use this to assist in the exploitation of another
vulnerability in the Linux kernel. (CVE-2019-10639)

Adam Zabrocki discovered that the Intel i915 kernel mode graphics
driver in the Linux kernel did not properly restrict mmap() ranges in
some situations. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.
(CVE-2019-11085)

It was discovered that an integer overflow existed in the Linux kernel
when reference counting pages, leading to potential use-after-free
issues. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2019-11487)

Jann Horn discovered that a race condition existed in the Linux kernel
when performing core dumps. A local attacker could use this to cause a
denial of service (system crash) or expose sensitive information.
(CVE-2019-11599)

It was discovered that a NULL pointer dereference vulnerability
existed in the LSI Logic MegaRAID driver in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2019-11810)

It was discovered that a race condition leading to a use-after-free
existed in the Reliable Datagram Sockets (RDS) protocol implementation
in the Linux kernel. The RDS protocol is blacklisted by default in
Ubuntu. If enabled, a local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2019-11815)

It was discovered that the ext4 file system implementation in the
Linux kernel did not properly zero out memory in some situations. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2019-11833)

It was discovered that the Bluetooth Human Interface Device Protocol
(HIDP) implementation in the Linux kernel did not properly verify
strings were NULL terminated in certain situations. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2019-11884)

It was discovered that a NULL pointer dereference vulnerabilty existed
in the Near-field communication (NFC) implementation in the Linux
kernel. An attacker could use this to cause a denial of service
(system crash). (CVE-2019-12818)

It was discovered that the MDIO bus devices subsystem in the Linux
kernel improperly dropped a device reference in an error condition,
leading to a use-after-free. An attacker could use this to cause a
denial of service (system crash). (CVE-2019-12819)

It was discovered that a NULL pointer dereference vulnerability
existed in the Near-field communication (NFC) implementation in the
Linux kernel. A local attacker could use this to cause a denial of
service (system crash). (CVE-2019-12984)

Jann Horn discovered a use-after-free vulnerability in the Linux
kernel when accessing LDT entries in some situations. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-13233)

Jann Horn discovered that the ptrace implementation in the Linux
kernel did not properly record credentials in some situations. A local
attacker could use this to cause a denial of service (system crash) or
possibly gain administrative privileges. (CVE-2019-13272)

It was discovered that the GTCO tablet input driver in the Linux
kernel did not properly bounds check the initial HID report sent by
the device. A physically proximate attacker could use to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2019-13631)

It was discovered that the floppy driver in the Linux kernel did not
properly validate meta data, leading to a buffer overread. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2019-14283)

It was discovered that the floppy driver in the Linux kernel did not
properly validate ioctl() calls, leading to a division-by-zero. A
local attacker could use this to cause a denial of service (system
crash). (CVE-2019-14284)

Tuba Yavuz discovered that a race condition existed in the DesignWare
USB3 DRD Controller device driver in the Linux kernel. A physically
proximate attacker could use this to cause a denial of service.
(CVE-2019-14763)

It was discovered that an out-of-bounds read existed in the QLogic
QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker
could possibly use this to expose sensitive information (kernel
memory). (CVE-2019-15090)

It was discovered that the Raremono AM/FM/SW radio device driver in
the Linux kernel did not properly allocate memory, leading to a
use-after-free. A physically proximate attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2019-15211)

It was discovered at a double-free error existed in the USB Rio 500
device driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service. (CVE-2019-15212)

It was discovered that a race condition existed in the Advanced Linux
Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a
potential use-after-free. A physically proximate attacker could use
this to cause a denial of service (system crash) pro possibly execute
arbitrary code. (CVE-2019-15214)

It was discovered that a race condition existed in the CPiA2
video4linux device driver for the Linux kernel, leading to a
use-after-free. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-15215)

It was discovered that a race condition existed in the Softmac USB
Prism54 device driver in the Linux kernel. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2019-15220)

It was discovered that a use-after-free vulnerability existed in the
Appletalk implementation in the Linux kernel if an error occurs during
initialization. A local attacker could use this to cause a denial of
service (system crash). (CVE-2019-15292)

It was discovered that the Empia EM28xx DVB USB device driver
implementation in the Linux kernel contained a use-after-free
vulnerability when disconnecting the device. An attacker could use
this to cause a denial of service (system crash). (CVE-2019-2024)

It was discovered that the USB video device class implementation in
the Linux kernel did not properly validate control bits, resulting in
an out of bounds buffer read. A local attacker could use this to
possibly expose sensitive information (kernel memory). (CVE-2019-2101)

It was discovered that the Marvell Wireless LAN device driver in the
Linux kernel did not properly validate the BSS descriptor. A local
attacker could possibly use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2019-3846)

Jason Wang discovered that an infinite loop vulnerability existed in
the virtio net driver in the Linux kernel. A local attacker in a guest
VM could possibly use this to cause a denial of service in the host
system. (CVE-2019-3900)

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen
discovered that the Bluetooth protocol BR/EDR specification did not
properly require sufficiently strong encryption key lengths. A
physicall proximate attacker could use this to expose sensitive
information. (CVE-2019-9506)

It was discovered that the Appletalk IP encapsulation driver in the
Linux kernel did not properly prevent kernel addresses from being
copied to user space. A local attacker with the CAP_NET_ADMIN
capability could use this to expose sensitive information.
(CVE-2018-20511)

It was discovered that a race condition existed in the USB YUREX
device driver in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2019-15216)

It was discovered that the Siano USB MDTV receiver device driver in
the Linux kernel made improper assumptions about the device
characteristics. A physically proximate attacker could use this cause
a denial of service (system crash). (CVE-2019-15218)

It was discovered that the Line 6 POD USB device driver in the Linux
kernel did not properly validate data size information from the
device. A physically proximate attacker could use this to cause a
denial of service (system crash). (CVE-2019-15221)

Muyu Yu discovered that the CAN implementation in the Linux kernel in
some situations did not properly restrict the field size when
processing outgoing frames. A local attacker with CAP_NET_ADMIN
privileges could use this to execute arbitrary code. (CVE-2019-3701)

Vladis Dronov discovered that the debug interface for the Linux
kernel's HID subsystem did not properly validate passed parameters in
some situations. A local privileged attacker could use this to cause a
denial of service (infinite loop). (CVE-2019-3819).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/4118-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected linux-image-4.15-aws, linux-image-aws and / or
linux-image-aws-hwe packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(16\.04|18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13098", "CVE-2018-13099", "CVE-2018-13100", "CVE-2018-14609", "CVE-2018-14610", "CVE-2018-14611", "CVE-2018-14612", "CVE-2018-14613", "CVE-2018-14614", "CVE-2018-14615", "CVE-2018-14616", "CVE-2018-14617", "CVE-2018-16862", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-20784", "CVE-2018-20856", "CVE-2018-5383", "CVE-2019-0136", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11085", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-12984", "CVE-2019-13233", "CVE-2019-13272", "CVE-2019-13631", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-2024", "CVE-2019-2101", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3846", "CVE-2019-3900", "CVE-2019-9506");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4118-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-1047-aws", pkgver:"4.15.0-1047.49~16.04.1")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-aws-hwe", pkgver:"4.15.0.1047.47")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1047-aws", pkgver:"4.15.0-1047.49")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-aws", pkgver:"4.15.0.1047.46")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.15-aws / linux-image-aws / linux-image-aws-hwe");
}
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1793.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Linux kernel before 5.1-rc5 allows page-i1/4z_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.(CVE-2019-11487) - A flaw was found in the Linux kernel
    last seen2020-05-06
    modified2019-08-12
    plugin id127564
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127564
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1793)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(127564);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");

  script_cve_id(
    "CVE-2019-11487",
    "CVE-2019-11833",
    "CVE-2019-11884",
    "CVE-2019-7222"
  );

  script_name(english:"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1793)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - The Linux kernel before 5.1-rc5 allows
    page-i1/4z_refcount reference count overflow, with
    resultant use-after-free issues, if about 140 GiB of
    RAM exists. This is related to fs/fuse/dev.c,
    fs/pipe.c, fs/splice.c, include/linux/mm.h,
    include/linux/pipe_fs_i.h, kernel/trace/trace.c,
    mm/gup.c, and mm/hugetlb.c. It can occur with FUSE
    requests.(CVE-2019-11487)

  - A flaw was found in the Linux kernel's implementation
    of ext4 extent management. The kernel doesn't correctly
    initialize memory regions in the extent tree block
    which may be exported to a local user to obtain
    sensitive information by reading empty/uninitialized
    data from the filesystem.(CVE-2019-11833)

  - A flaw was found in the Linux kernel's implementation
    of the Bluetooth Human Interface Device Protocol
    (HIDP). A local attacker with access permissions to the
    Bluetooth device can issue an IOCTL which will trigger
    the do_hidp_sock_ioctl function in
    net/bluetooth/hidp/sock.c.c. This function can leak
    potentially sensitive information from the kernel stack
    memory via a HIDPCONNADD command because a name field
    may not be correctly NULL terminated.(CVE-2019-11884)

  - An information leakage issue was found in the way Linux
    kernel's KVM hypervisor handled page fault exceptions
    while emulating instructions like VMXON, VMCLEAR,
    VMPTRLD, and VMWRITE with memory address as an operand.
    It occurs if the operand is a mmio address, as the
    returned exception object holds uninitialized stack
    memory contents. A guest user/process could use this
    flaw to leak host's stack memory contents to a
    guest.(CVE-2019-7222)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1793
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7949efef");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/08/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["kernel-3.10.0-327.62.59.83.h167",
        "kernel-debug-3.10.0-327.62.59.83.h167",
        "kernel-debug-devel-3.10.0-327.62.59.83.h167",
        "kernel-debuginfo-3.10.0-327.62.59.83.h167",
        "kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h167",
        "kernel-devel-3.10.0-327.62.59.83.h167",
        "kernel-headers-3.10.0-327.62.59.83.h167",
        "kernel-tools-3.10.0-327.62.59.83.h167",
        "kernel-tools-libs-3.10.0-327.62.59.83.h167",
        "perf-3.10.0-327.62.59.83.h167",
        "python-perf-3.10.0-327.62.59.83.h167"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200407_KERNEL_ON_SL7_X.NASL
    description* kernel: out of bound read in DVB connexant driver. * kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission * kernel: denial of service via ioctl call in network tun handling * kernel: usb: missing size check in the __usb_get_extra_descriptor() * kernel: perf_event_open() and execve() race in setuid programs allows a data leak * kernel: brcmfmac frame validation bypass * kernel: NULL pointer dereference in hci_uart_set_flow_control * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command * kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service * kernel: use-after-free in arch/x86/lib/insn-eval.c * kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call * kernel: integer overflow and OOB read in drivers/block/floppy.c * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service * kernel: buffer-overflow hardening in WiFi beacon validation code. * kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c * Kernel: net: weak IP ID generation leads to remote device tracking * Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR * kernel: ASLR bypass for setuid binaries due to late install_exec_creds()
    last seen2020-04-30
    modified2020-04-21
    plugin id135813
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135813
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20200407)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(135813);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/24");

  script_cve_id("CVE-2015-9289", "CVE-2017-17807", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-7191", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11190", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-13233", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-15916", "CVE-2019-16746", "CVE-2019-18660", "CVE-2019-3901", "CVE-2019-9503");

  script_name(english:"Scientific Linux Security Update : kernel on SL7.x x86_64 (20200407)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"* kernel: out of bound read in DVB connexant driver. * kernel: Missing
permissions check for request_key() destination allows local attackers
to add keys to keyring without Write permission * kernel: denial of
service via ioctl call in network tun handling * kernel: usb: missing
size check in the __usb_get_extra_descriptor() * kernel:
perf_event_open() and execve() race in setuid programs allows a data
leak * kernel: brcmfmac frame validation bypass * kernel: NULL pointer
dereference in hci_uart_set_flow_control * kernel: sensitive
information disclosure from kernel stack memory via HIDPCONNADD
command * kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware
leads to denial of service * kernel: use-after-free in
arch/x86/lib/insn-eval.c * kernel: denial of service in
arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c
via sigreturn() system call * kernel: integer overflow and OOB read in
drivers/block/floppy.c * kernel: memory leak in
register_queue_kobjects() in net/core/net-sysfs.c leads to denial of
service * kernel: buffer-overflow hardening in WiFi beacon validation
code. * kernel: (powerpc) incomplete Spectre-RSB mitigation leads to
information exposure * kernel: oob memory read in hso_probe in
drivers/net/usb/hso.c * Kernel: net: weak IP ID generation leads to
remote device tracking * Kernel: net: using kernel space address bits
to derive IP ID may potentially break KASLR * kernel: ASLR bypass for
setuid binaries due to late install_exec_creds()"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=7067
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?a4f1bf88"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9503");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bpftool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/21");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bpftool-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bpftool-debuginfo-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", reference:"kernel-abi-whitelists-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", reference:"kernel-doc-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-doc-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-3.10.0-1127.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-1127.el7")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc");
}
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3517.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126) * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854) * kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874) * kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882) * kernel: NULL pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) * kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) * kernel: Linux stack ASLR implementation Integer overflow (CVE-2015-1593) * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) * Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222) * Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-05-15
    modified2019-11-06
    plugin id130547
    published2019-11-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130547
    titleRHEL 8 : kernel (RHSA-2019:3517)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2019:3517. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(130547);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/13");

  script_cve_id("CVE-2015-1593", "CVE-2018-16884", "CVE-2018-19854", "CVE-2018-19985", "CVE-2018-20169", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-11599", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-13233", "CVE-2019-14821", "CVE-2019-15666", "CVE-2019-15916", "CVE-2019-15921", "CVE-2019-15924", "CVE-2019-16994", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3874", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-7222", "CVE-2019-9506", "CVE-2020-11669");
  script_xref(name:"RHSA", value:"2019:3517");

  script_name(english:"RHEL 8 : kernel (RHSA-2019:3517)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es) :

* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)

* Kernel: vhost_net: infinite loop while receiving packets leads to
DoS (CVE-2019-3900)

* Kernel: page cache side channel attacks (CVE-2019-5489)

* hardware: bluetooth: BR/EDR encryption key negotiation attacks
(KNOB) (CVE-2019-9506)

* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in
drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)

* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)

* kernel: Information Disclosure in crypto_report_one in
crypto/crypto_user.c (CVE-2018-19854)

* kernel: usb: missing size check in the __usb_get_extra_descriptor()
leading to DoS (CVE-2018-20169)

* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
(CVE-2019-3459)

* kernel: Heap address information leak while using
L2CAP_PARSE_CONF_RSP (CVE-2019-3460)

* kernel: SCTP socket buffer memory leak leading to denial of service
(CVE-2019-3874)

* kernel: denial of service vector through vfio DMA mappings
(CVE-2019-3882)

* kernel: NULL pointer dereference in hci_uart_set_flow_control
(CVE-2019-10207)

* kernel: fix race condition between mmget_not_zero()/get_task_mm()
and core dumping (CVE-2019-11599)

* kernel: fs/ext4/extents.c leads to information disclosure
(CVE-2019-11833)

* kernel: sensitive information disclosure from kernel stack memory
via HIDPCONNADD command (CVE-2019-11884)

* kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)

* kernel: memory leak in register_queue_kobjects() in
net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)

* kernel: Linux stack ASLR implementation Integer overflow
(CVE-2015-1593)

* kernel: oob memory read in hso_probe in drivers/net/usb/hso.c
(CVE-2018-19985)

* Kernel: KVM: leak of uninitialized stack contents to guest
(CVE-2019-7222)

* Kernel: net: weak IP ID generation leads to remote device tracking
(CVE-2019-10638)

For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.1 Release Notes linked from the References section."
  );
  # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?774148ae"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2019:3517"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2015-1593"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2018-16884"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2018-19854"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2018-19985"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2018-20169"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-3459"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-3460"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-3874"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-3882"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-3900"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-5489"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-7222"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-9506"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-10126"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-10207"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-10638"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-11599"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-11833"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-11884"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-12382"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-13233"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-14821"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-15666"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-15916"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-15921"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-15924"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-16994"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10126");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bpftool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-aarch64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2015-1593", "CVE-2018-16884", "CVE-2018-19854", "CVE-2018-19985", "CVE-2018-20169", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-11599", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-13233", "CVE-2019-14821", "CVE-2019-15666", "CVE-2019-15916", "CVE-2019-15921", "CVE-2019-15924", "CVE-2019-16994", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3874", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-7222", "CVE-2019-9506", "CVE-2020-11669");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2019:3517");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2019:3517";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"bpftool-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"bpftool-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"bpftool-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"bpftool-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"bpftool-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", reference:"kernel-abi-whitelists-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-core-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-core-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-cross-headers-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-cross-headers-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-debug-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-debug-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-debug-core-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-debug-core-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"kernel-debug-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-debug-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-debug-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-debug-devel-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-debug-devel-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-debug-modules-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-debug-modules-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-debug-modules-extra-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-debug-modules-extra-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"kernel-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"kernel-debuginfo-common-aarch64-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-devel-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-devel-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", reference:"kernel-doc-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-headers-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-headers-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-modules-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-modules-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-modules-extra-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-modules-extra-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-tools-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-tools-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"kernel-tools-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-tools-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-tools-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-tools-libs-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"kernel-tools-libs-devel-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-tools-libs-devel-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-zfcpdump-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-zfcpdump-core-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-zfcpdump-devel-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-zfcpdump-modules-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-zfcpdump-modules-extra-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"perf-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"perf-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"perf-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"perf-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"perf-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"python3-perf-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"python3-perf-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"python3-perf-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"python3-perf-debuginfo-4.18.0-147.el8")) flag++;
  if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"python3-perf-debuginfo-4.18.0-147.el8")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc");
  }
}
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0740.NASL
    descriptionAn update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: powerpc: local user can read vector registers of other users
    last seen2020-03-18
    modified2020-03-10
    plugin id134361
    published2020-03-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134361
    titleRHEL 7 : kernel-alt (RHSA-2020:0740)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2020:0740. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(134361);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2018-16871", "CVE-2019-11884", "CVE-2019-15030", "CVE-2019-15916", "CVE-2019-17666", "CVE-2019-18805", "CVE-2019-3459", "CVE-2019-3460");
  script_xref(name:"RHSA", value:"2020:0740");

  script_name(english:"RHEL 7 : kernel-alt (RHSA-2020:0740)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update for kernel-alt is now available for Red Hat Enterprise Linux
7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es) :

* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c
in the Linux kernel lacks a certain upper-bound check, leading to a
buffer overflow (CVE-2019-17666)

* kernel: nfs: NULL pointer dereference due to an anomalized NFS
message sequence (CVE-2018-16871)

* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
(CVE-2019-3459)

* kernel: Heap address information leak while using
L2CAP_PARSE_CONF_RSP (CVE-2019-3460)

* kernel: sensitive information disclosure from kernel stack memory
via HIDPCONNADD command (CVE-2019-11884)

* kernel: powerpc: local user can read vector registers of other
users' processes via a Facility Unavailable exception (CVE-2019-15030)

* kernel: memory leak in register_queue_kobjects() in
net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)

* kernel: integer overflow in tcp_ack_update_rtt in
net/ipv4/tcp_input.c (CVE-2019-18805)

For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section.

Bug Fix(es) :

* lpfc: NVMe/FC target test machine rhel-storage-62 crashes on boot
when connected to FC switch (BZ#1623205)

* kernel BUG at fs/nfs_common/grace.c:107! (BZ#1637543)

* RHEL-Alt-7.6 - Need a fix for kernel bug cap_inode_getsecurity: use
d_find_any_alias() instead of d_find_alias() (BZ#1711934)

* Backport 'fs/dcache.c: add cond_resched() in shrink_dentry_list()'
(32785c0539b7) [rhel-alt-7.6.z] (BZ#1758861)

* [RHEL-ALT-7.6.z][arm64] iommu/iova: Fix tracking of recently failed
iova address (BZ#1780500)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2020:0740"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2018-16871"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-3459"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-3460"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-11884"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-15030"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-15916"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-17666"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2019-18805"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17666");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/03/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2018-16871", "CVE-2019-11884", "CVE-2019-15030", "CVE-2019-15916", "CVE-2019-17666", "CVE-2019-18805", "CVE-2019-3459", "CVE-2019-3460");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2020:0740");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2020:0740";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-4.14.0-115.18.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", reference:"kernel-abi-whitelists-4.14.0-115.18.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-4.14.0-115.18.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-debuginfo-4.14.0-115.18.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-devel-4.14.0-115.18.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-4.14.0-115.18.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-4.14.0-115.18.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-devel-4.14.0-115.18.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", reference:"kernel-doc-4.14.0-115.18.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-headers-4.14.0-115.18.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-4.14.0-115.18.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-debuginfo-4.14.0-115.18.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-devel-4.14.0-115.18.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-4.14.0-115.18.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-debuginfo-4.14.0-115.18.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-4.14.0-115.18.1.el7a")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-debuginfo-4.14.0-115.18.1.el7a")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
  }
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1692-1.NASL
    descriptionThe SUSE Linux Enterprise 12 kernel version 3.12.61 was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may have been able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. (bnc#1131543) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id126240
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126240
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1692-1) (SACK Panic) (SACK Slowness)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:1692-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(126240);
  script_version("1.3");
  script_cvs_date("Date: 2020/01/10");

  script_cve_id("CVE-2018-17972", "CVE-2019-11190", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-3846", "CVE-2019-5489");

  script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1692-1) (SACK Panic) (SACK Slowness)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 12 kernel version 3.12.61 was updated to
receive various security and bugfixes.

The following security bugs were fixed :

CVE-2019-11477: A sequence of SACKs may have been crafted by a remote
attacker such that one can trigger an integer overflow, leading to a
kernel panic. (bsc#1137586).

CVE-2019-11478: It was possible to send a crafted sequence of SACKs
which would fragment the TCP retransmission queue. A remote attacker
may have been able to further exploit the fragmented queue to cause an
expensive linked-list walk for subsequent SACKs received for that same
TCP connection.

CVE-2019-11479: It was possible to send a crafted sequence of SACKs
which would fragment the RACK send map. A remote attacker may have
been able to further exploit the fragmented send map to cause an
expensive linked-list walk for subsequent SACKs received for that same
TCP connection. This would have resulted in excess resource
consumption due to low mss values.

CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and
possibly escalate privileges was found in the mwifiex kernel module
while connecting to a malicious wireless network. (bnc#1136424)

CVE-2019-5489: The mincore() implementation in mm/mincore.c in the
Linux kernel allowed local attackers to observe page cache access
patterns of other processes on the same system, potentially allowing
sniffing of secret information. (Fixing this affects the output of the
fincore program.) Limited remote exploitation may have been possible,
as demonstrated by latency differences in accessing public files from
an Apache HTTP Server. (bnc#1120843)

CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out
the unused memory region in the extent tree block, which might have
allowed local users to obtain sensitive information by reading
uninitialized data in the filesystem. (bnc#1135281)

CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on
setuid programs (such as /bin/su) because install_exec_creds() is
called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the
ptrace_may_access() check has a race condition when reading
/proc/pid/stat. (bnc#1131543)

CVE-2019-11884: The do_hidp_sock_ioctl function in
net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to
obtain potentially sensitive information from kernel stack memory via
a HIDPCONNADD command, because a name field may not end with a '\0'
character. (bnc#1134848)

CVE-2018-17972: An issue was discovered in the proc_pid_stack function
in fs/proc/base.c in the Linux kernel It did not ensure that only root
may inspect the kernel stack of an arbitrary task, allowing a local
attacker to exploit racy stack unwinding and leak kernel task stack
contents. (bnc#1110785)

The update package also includes non-security fixes. See advisory for
details.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1090078"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1110785"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1113769"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120885"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1125580"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1125931"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131543"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131587"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132374"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132472"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135281"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136424"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136446"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137586"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-17972/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11190/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11477/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11478/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11479/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11833/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11884/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-3846/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-5489/"
  );
  # https://www.suse.com/support/update/announcement/2019/suse-su-20191692-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?a20de32a"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2019-1692=1

SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch
SUSE-SLE-Module-Public-Cloud-12-2019-1692=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_154-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_154-xen");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/25");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-3.12.61-52.154.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-base-3.12.61-52.154.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.61-52.154.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.61-52.154.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.61-52.154.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-devel-3.12.61-52.154.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kgraft-patch-3_12_61-52_154-default-1-1.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kgraft-patch-3_12_61-52_154-xen-1-1.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"s390x", reference:"kernel-default-man-3.12.61-52.154.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-3.12.61-52.154.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-base-3.12.61-52.154.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-base-debuginfo-3.12.61-52.154.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-debuginfo-3.12.61-52.154.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-debugsource-3.12.61-52.154.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-devel-3.12.61-52.154.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-syms-3.12.61-52.154.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1550-1.NASL
    descriptionThe SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-12819: The function __mdiobus_register() called put_device(), which triggered a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bsc#1138291) CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This used to affect nfc_llcp_build_gb in net/nfc/llcp_core.c. (bsc#1138293) CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bsc#1136424) CVE-2019-10124: An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker could cause a denial of service (bsc#1130699, CVE-2019-10124). CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bsc#1136586) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests. (bbsc#1133190) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bsc#1120843) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bsc#1135281) CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here : https://www.intel.com/content/dam/www/public/us/en/documents/corporate -info rmation/SA00233-microcode-update-guidance_05132019. (bsc##1111331) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bsc#1135603) CVE-2018-12126 CVE-2018-12127 CVE-2018-12130: Microarchitectural Store Buffer Data Sampling (MSBDS): Stored buffers on some microprocessors utilizing speculative execution which may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here : https://www.intel.com/content/dam/www/public/us/en/documents/corporate -info rmation/SA00233-microcode-update-guidance_05132019. (bsc#1103186) CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bsc#1135278) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bsc#1135278) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a
    last seen2020-05-12
    modified2019-06-19
    plugin id126045
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126045
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1550-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:1550-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(126045);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/11");

  script_cve_id("CVE-2017-5753", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-16880", "CVE-2018-7191", "CVE-2019-10124", "CVE-2019-11085", "CVE-2019-11091", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11487", "CVE-2019-11811", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-3846", "CVE-2019-3882", "CVE-2019-5489", "CVE-2019-8564", "CVE-2019-9003", "CVE-2019-9500", "CVE-2019-9503");

  script_name(english:"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1550-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed :

CVE-2019-12819: The function __mdiobus_register() called put_device(),
which triggered a fixed_mdio_bus_init use-after-free. This would cause
a denial of service. (bsc#1138291)

CVE-2019-12818: The nfc_llcp_build_tlv function in
net/nfc/llcp_commands.c may return NULL. If the caller does not check
for this, it will trigger a NULL pointer dereference. This will cause
denial of service. This used to affect nfc_llcp_build_gb in
net/nfc/llcp_core.c. (bsc#1138293)

CVE-2019-11477: A sequence of SACKs may have been crafted such that
one can trigger an integer overflow, leading to a kernel panic.

CVE-2019-11478: It was possible to send a crafted sequence of SACKs
which will fragment the TCP retransmission queue. An attacker may have
been able to further exploit the fragmented queue to cause an
expensive linked-list walk for subsequent SACKs received for that same
TCP connection.

CVE-2019-11479: An attacker could force the Linux kernel to segment
its responses into multiple TCP segments. This would drastically
increased the bandwidth required to deliver the same amount of data.
Further, it would consume additional resources such as CPU and NIC
processing power.

CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and
possibly escalate privileges was found in the mwifiex kernel module
while connecting to a malicious wireless network. (bsc#1136424)

CVE-2019-10124: An issue was discovered in the hwpoison implementation
in mm/memory-failure.c in the Linux kernel. When
soft_offline_in_use_page() runs on a thp tail page after pmd is split,
an attacker could cause a denial of service (bsc#1130699,
CVE-2019-10124).

CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in
drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an
unchecked kstrdup of fwstr, which might allow an attacker to cause a
denial of service (NULL pointer dereference and system crash).
(bsc#1136586)

CVE-2019-11487: The Linux kernel allowed page reference count
overflow, with resultant use-after-free issues, if about 140 GiB of
RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,
include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c,
mm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests.
(bbsc#1133190)

CVE-2019-5489: The mincore() implementation in mm/mincore.c in the
Linux kernel allowed local attackers to observe page cache access
patterns of other processes on the same system, potentially allowing
sniffing of secret information. (Fixing this affects the output of the
fincore program.) Limited remote exploitation may be possible, as
demonstrated by latency differences in accessing public files from an
Apache HTTP Server. (bsc#1120843)

CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out
the unused memory region in the extent tree block, which might allow
local users to obtain sensitive information by reading uninitialized
data in the filesystem. (bsc#1135281)

CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory
(MDSUM): Uncacheable memory on some microprocessors utilizing
speculative execution may have allowed an authenticated user to
potentially enable information disclosure via a side channel with
local access. A list of impacted products can be found here :

https://www.intel.com/content/dam/www/public/us/en/documents/corporate
-info rmation/SA00233-microcode-update-guidance_05132019.
(bsc##1111331) CVE-2018-7191: In the tun subsystem in the Linux
kernel, dev_get_valid_name was not called before register_netdevice.
This allowed local users to cause a denial of service (NULL pointer
dereference and panic) via an ioctl(TUNSETIFF) call with a dev name
containing a / character. (bsc#1135603)

CVE-2018-12126 CVE-2018-12127 CVE-2018-12130: Microarchitectural Store
Buffer Data Sampling (MSBDS): Stored buffers on some microprocessors
utilizing speculative execution which may have allowed an
authenticated user to potentially enable information disclosure via a
side channel with local access. A list of impacted products can be
found here :

https://www.intel.com/content/dam/www/public/us/en/documents/corporate
-info rmation/SA00233-microcode-update-guidance_05132019.
(bsc#1103186) CVE-2019-11085: Insufficient input validation in Kernel
Mode Driver in Intel(R) i915 Graphics for Linux may have allowed an
authenticated user to potentially enable escalation of privilege via
local access. (bsc#1135278)

CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in
net/rds/tcp.c in the Linux kernel There was a race condition leading
to a use-after-free, related to net namespace cleanup. (bsc#1135278)

CVE-2019-11884: The do_hidp_sock_ioctl function in
net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to
obtain potentially sensitive information from kernel stack memory via
a hidPCONNADD command, because a name field may not end with a '\0'
character. (bsc#1134848)

CVE-2019-11811: An issue was discovered in the Linux kernel There was
a use-after-free upon attempted read access to /proc/ioports after the
ipmi_si module was removed, related to
drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c,
and drivers/char/ipmi/ipmi_si_port_io.c. (bsc#1134397)

CVE-2019-11486: The Siemens R3964 line discipline driver in
drivers/tty/n_r3964.c in the Linux kernel has multiple race
conditions. (bsc#1133188)

CVE-2019-9003: In the Linux kernel, attackers could trigger a
drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by
arranging for certain simultaneous execution of the code, as
demonstrated by a 'service ipmievd restart' loop. (bsc#1126704)

CVE-2018-16880: A flaw was found in the Linux kernel's handle_rx()
function in the [vhost_net] driver. A malicious virtual guest, under
specific conditions, could trigger an out-of-bounds write in a
kmalloc-8 slab on a virtual host which may have lead to a kernel
memory corruption and a system panic. Due to the nature of the flaw,
privilege escalation cannot be fully ruled out.(bsc#1122767)

CVE-2019-9503: An issue was discoved which meant that brcmfmac frame
validation could be bypassed. (bsc#1132828)

CVE-2019-9500: An issue was discovered that lead to brcmfmac heap
buffer overflow. (bsc#1132681)

CVE-2019-8564: An issue was discoved which meant that brcmfmac frame
validation could be bypassed. (bsc#1132673)

CVE-2017-5753: Systems with microprocessors utilizing speculative
execution and branch prediction may have allowed unauthorized
disclosure of information to an attacker with local user access via a
side-channel analysis.

CVE-2019-3882: A flaw was found in the Linux kernel's vfio interface
implementation that permitted violation of the user's locked memory
limit. If a device was bound to a vfio driver, such as vfio-pci, and
the local attacker is administratively granted ownership of the
device, it may have caused a system memory exhaustion and thus a
denial of service (DoS). (bsc#1131427)

The update package also includes non-security fixes. See advisory for
details.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1050242"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1050549"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1051510"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1052904"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1053043"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1055117"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1055121"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1055186"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1056787"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1058115"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1061840"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1063638"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1064802"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1065729"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1066129"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1068546"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1070872"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1071995"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1075020"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1082387"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1082555"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1083647"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1085535"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1085536"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1086657"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1088804"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1093389"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1097583"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1097584"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1097585"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1097586"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1097587"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1097588"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099658"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1103186"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1103259"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1103992"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104353"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106011"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106284"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1108193"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1108838"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1108937"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1110946"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1111331"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1111666"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1111696"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1112063"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1112128"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1112178"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1113722"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1113956"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114279"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114542"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114638"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1115688"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117114"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117158"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117561"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118139"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1119680"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1119843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120091"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120318"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120423"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120566"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1122767"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1122776"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1123454"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1123663"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1124503"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1124839"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1126206"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1126356"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1126704"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1127175"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1127371"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1127374"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1127616"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1128052"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1128415"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1128544"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1128904"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1128971"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1128979"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129273"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129497"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129693"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129770"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129845"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130195"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130425"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130527"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130567"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130579"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130699"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130937"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130972"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131326"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131438"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131451"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131467"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131488"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131530"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131565"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131574"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131587"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131659"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131673"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131847"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131851"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131900"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131934"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131935"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132044"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132219"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132226"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132227"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132365"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132368"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132369"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132370"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132372"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132373"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132384"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132397"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132402"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132403"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132404"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132405"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132407"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132411"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132412"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132413"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132414"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132426"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132527"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132531"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132555"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132558"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132561"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132562"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132563"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132564"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132570"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132571"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132572"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132589"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132618"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132673"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132681"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132726"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132828"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132894"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132943"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132982"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133005"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133016"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133094"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133095"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133115"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133149"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133176"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133188"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133190"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133486"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133529"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133547"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133584"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133593"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133612"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133616"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133667"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133668"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133672"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133674"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133675"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133698"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133702"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133731"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133769"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133772"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133774"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133778"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133779"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133780"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133825"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133850"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133851"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133852"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133897"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134090"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134160"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134162"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134199"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134200"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134201"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134202"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134203"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134204"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134205"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134223"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134354"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134393"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134397"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134459"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134460"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134461"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134597"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134600"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134607"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134618"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134651"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134671"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134760"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134806"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134810"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134936"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134945"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134946"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134947"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134948"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134949"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134950"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134951"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134952"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134953"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134972"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134974"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134975"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134980"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134981"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134983"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134987"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134989"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134990"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134994"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134995"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134998"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134999"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135006"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135007"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135008"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135018"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135021"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135024"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135026"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135027"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135028"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135029"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135031"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135033"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135034"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135035"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135036"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135037"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135038"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135039"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135041"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135042"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135044"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135045"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135046"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135047"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135049"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135051"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135052"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135053"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135055"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135056"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135058"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135100"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135120"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135278"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135281"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135309"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135312"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135314"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135315"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135316"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135323"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135330"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135492"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135542"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135556"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135603"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135661"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135758"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136188"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136206"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136215"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136345"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136347"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136348"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136353"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136424"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136428"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136430"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136432"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136434"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136435"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136438"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136439"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136456"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136460"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136461"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136469"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136477"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136478"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136498"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136573"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136586"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136881"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136935"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136990"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137151"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137152"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137153"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137162"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137201"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137224"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137232"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137233"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137236"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137372"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137429"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137444"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137586"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137739"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137752"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1138291"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1138293"
  );
  # https://www.intel.com/content/dam/www/public/us/en/documents/corporate-info
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?64f2f453"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-5753/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-12126/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-12127/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-12130/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-16880/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-7191/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-10124/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11085/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11091/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11477/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11478/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11479/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11486/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11487/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11811/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11815/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11833/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11884/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-12382/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-12818/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-12819/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-3846/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-3882/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-5489/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-8564/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-9003/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-9500/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-9503/"
  );
  # https://www.suse.com/support/update/announcement/2019/suse-su-20191550-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?df668b6f"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 15-SP1:zypper in -t patch
SUSE-SLE-Product-WE-15-SP1-2019-1550=1

SUSE Linux Enterprise Module for Open Buildservice Development Tools
15-SP1:zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1550=1

SUSE Linux Enterprise Module for Live Patching 15-SP1:zypper in -t
patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1550=1

SUSE Linux Enterprise Module for Legacy Software 15-SP1:zypper in -t
patch SUSE-SLE-Module-Legacy-15-SP1-2019-1550=1

SUSE Linux Enterprise Module for Development Tools 15-SP1:zypper in -t
patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1550=1

SUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-SP1-2019-1550=1

SUSE Linux Enterprise High Availability 15-SP1:zypper in -t patch
SUSE-SLE-Product-HA-15-SP1-2019-1550=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11815");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug-livepatch-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-livepatch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kvmsmall");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-livepatch-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-qa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-livepatch-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/19");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-debug-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-debug-base-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-debug-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-debug-debugsource-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-debug-devel-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-debug-livepatch-devel-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-base-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-base-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-debugsource-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-devel-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-devel-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-livepatch-devel-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"kernel-default-livepatch-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-man-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"kernel-default-man-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-debugsource-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-obs-qa-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-vanilla-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-vanilla-base-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-vanilla-base-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-vanilla-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-vanilla-debugsource-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-vanilla-devel-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-vanilla-devel-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-vanilla-livepatch-devel-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kselftests-kmp-default-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kselftests-kmp-default-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-debugsource-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"reiserfs-kmp-default-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"reiserfs-kmp-default-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-obs-build-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-obs-build-debugsource-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-syms-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-base-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-base-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-debugsource-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-devel-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-devel-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-debug-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-debug-base-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-debug-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-debug-debugsource-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-debug-devel-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-debug-livepatch-devel-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-base-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-base-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-debugsource-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-devel-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-devel-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-livepatch-devel-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"kernel-default-livepatch-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-man-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"kernel-default-man-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-debugsource-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-obs-qa-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-vanilla-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-vanilla-base-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-vanilla-base-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-vanilla-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-vanilla-debugsource-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-vanilla-devel-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-vanilla-devel-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-vanilla-livepatch-devel-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kselftests-kmp-default-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kselftests-kmp-default-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-obs-build-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-obs-build-debugsource-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-syms-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-base-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-base-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-debuginfo-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-debugsource-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-devel-4.12.14-197.4.1")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-devel-debuginfo-4.12.14-197.4.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1530-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125992
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125992
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1530-1) (SACK Panic) (SACK Slowness)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:1530-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(125992);
  script_version("1.4");
  script_cvs_date("Date: 2020/01/10");

  script_cve_id("CVE-2018-7191", "CVE-2019-10124", "CVE-2019-11085", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11487", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-3846", "CVE-2019-5489");

  script_name(english:"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1530-1) (SACK Panic) (SACK Slowness)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed :

CVE-2019-11477: A sequence of SACKs may have been crafted such that
one can trigger an integer overflow, leading to a kernel panic.

CVE-2019-11478: It was possible to send a crafted sequence of SACKs
which will fragment the TCP retransmission queue. An attacker may have
been able to further exploit the fragmented queue to cause an
expensive linked-list walk for subsequent SACKs received for that same
TCP connection.

CVE-2019-11479: An attacker could force the Linux kernel to segment
its responses into multiple TCP segments. This would drastically
increased the bandwidth required to deliver the same amount of data.
Further, it would consume additional resources such as CPU and NIC
processing power.

CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and
possibly escalate privileges was found in the mwifiex kernel module
while connecting to a malicious wireless network. (bnc#1136424)

CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in
drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an
unchecked kstrdup of fwstr, which might have allowed an attacker to
cause a denial of service (NULL pointer dereference and system crash).
(bnc#1136586)

CVE-2019-5489: The mincore() implementation in mm/mincore.c in the
Linux kernel allowed local attackers to observe page cache access
patterns of other processes on the same system, potentially allowing
sniffing of secret information. (Fixing this affects the output of the
fincore program.) Limited remote exploitation may have been possible,
as demonstrated by latency differences in accessing public files from
an Apache HTTP Server. (bnc#1120843)

CVE-2019-11487: The Linux kernel allowed page reference count
overflow, with resultant use-after-free issues, if about 140 GiB of
RAM existed. It could have occured with FUSE requests. (bnc#1133190)

CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out
the unused memory region in the extent tree block, which might have
allowed local users to obtain sensitive information by reading
uninitialized data in the filesystem. (bnc#1135281)

CVE-2018-7191: In the tun subsystem in the Linux kernel,
dev_get_valid_name was not called before register_netdevice. This
allowed local users to cause a denial of service (NULL pointer
dereference and panic) via an ioctl(TUNSETIFF) call with a dev name
containing a / character. (bnc#1135603)

CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in
i915 Graphics for Linux may have allowed an authenticated user to
potentially enable escalation of privilege via local access.
(bnc#1135278)

CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in
net/rds/tcp.c in the Linux kernel There was a race condition leading
to a use-after-free, related to net namespace cleanup. (bnc#1134537)

CVE-2019-11884: The do_hidp_sock_ioctl function in
net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to
obtain potentially sensitive information from kernel stack memory via
a hidPCONNADD command, because a name field may not end with a '\0'
character. (bnc#1134848)

CVE-2019-11486: The Siemens R3964 line discipline driver in
drivers/tty/n_r3964.c in the Linux kernel had multiple race
conditions. (bnc#1133188)

The update package also includes non-security fixes. See advisory for
details.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1050242"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1051510"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1053043"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1056787"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1058115"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1063638"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1064802"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1065729"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1066129"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1068546"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1071995"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1075020"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1082387"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1083647"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1085535"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1099658"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1103992"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104353"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106011"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106284"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1108838"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1110946"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1111696"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1112063"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1113722"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114893"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1115688"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117158"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117561"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1118139"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1119843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120091"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120423"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120566"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1120902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1122776"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1123454"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1123663"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1124503"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1124839"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1126356"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1127616"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1128052"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1128904"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1128905"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1128979"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129497"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129693"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129770"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1129857"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130409"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130699"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130972"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131451"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131488"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131565"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1131673"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132044"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132894"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133176"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133188"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133190"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133612"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133616"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134160"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134162"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134199"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134200"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134201"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134202"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134203"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134204"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134205"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134354"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134393"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134459"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134460"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134461"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134537"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134591"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134597"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134607"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134651"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134671"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134760"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134806"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134810"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134936"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135006"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135007"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135008"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135056"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135100"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135120"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135278"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135281"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135309"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135312"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135314"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135315"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135316"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135323"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135330"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135492"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135542"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135556"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135603"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135661"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135758"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136206"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136424"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136428"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136430"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136432"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136434"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136435"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136438"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136439"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136477"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136478"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136573"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136586"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136881"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136935"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1136990"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137151"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137152"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137153"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137162"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137372"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137444"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137586"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137739"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137752"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-7191/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-10124/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11085/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11477/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11478/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11479/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11486/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11487/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11815/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11833/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11884/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-12382/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-3846/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-5489/"
  );
  # https://www.suse.com/support/update/announcement/2019/suse-su-20191530-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?fa540a2e"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch
SUSE-SLE-WE-12-SP4-2019-1530=1

SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t
patch SUSE-SLE-SDK-12-SP4-2019-1530=1

SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
SUSE-SLE-SERVER-12-SP4-2019-1530=1

SUSE Linux Enterprise Live Patching 12-SP4:zypper in -t patch
SUSE-SLE-Live-Patching-12-SP4-2019-1530=1

SUSE Linux Enterprise High Availability 12-SP4:zypper in -t patch
SUSE-SLE-HA-12-SP4-2019-1530=1

SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP4-2019-1530=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11815");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-default-devel-debuginfo-4.12.14-95.19.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", cpu:"s390x", reference:"kernel-default-man-4.12.14-95.19.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"kernel-default-4.12.14-95.19.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"kernel-default-base-4.12.14-95.19.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"kernel-default-base-debuginfo-4.12.14-95.19.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"kernel-default-debuginfo-4.12.14-95.19.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"kernel-default-debugsource-4.12.14-95.19.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"kernel-default-devel-4.12.14-95.19.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"kernel-syms-4.12.14-95.19.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"kernel-default-4.12.14-95.19.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"kernel-default-debuginfo-4.12.14-95.19.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"kernel-default-debugsource-4.12.14-95.19.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"kernel-default-devel-4.12.14-95.19.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"kernel-default-devel-debuginfo-4.12.14-95.19.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"kernel-default-extra-4.12.14-95.19.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"kernel-default-extra-debuginfo-4.12.14-95.19.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"kernel-syms-4.12.14-95.19.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1479.NASL
    descriptionThe openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-7191: In the tun subsystem dev_get_valid_name xwas not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343 (bnc#1135603). - CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access (bnc#1135278). - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel had multiple race conditions (bnc#1133188). It was disabled by default. - CVE-2019-11811: There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c (bnc#1134397). - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c kernel. There is a race condition leading to a use-after-free, related to net namespace cleanup (bnc#1134537). - CVE-2019-11833: fs/ext4/extents.c did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem (bnc#1135281). - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125667
    published2019-06-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125667
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-1479)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-1479.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(125667);
  script_version("1.3");
  script_cvs_date("Date: 2020/01/13");

  script_cve_id("CVE-2013-4343", "CVE-2018-7191", "CVE-2019-11085", "CVE-2019-11486", "CVE-2019-11811", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-3882", "CVE-2019-5489", "CVE-2019-9500", "CVE-2019-9503");

  script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2019-1479)");
  script_summary(english:"Check for the openSUSE-2019-1479 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The openSUSE Leap 15.1 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed :

  - CVE-2018-7191: In the tun subsystem dev_get_valid_name
    xwas not called before register_netdevice. This allowed
    local users to cause a denial of service (NULL pointer
    dereference and panic) via an ioctl(TUNSETIFF) call with
    a dev name containing a / character. This is similar to
    CVE-2013-4343 (bnc#1135603).

  - CVE-2019-11085: Insufficient input validation in Kernel
    Mode Driver in Intel(R) i915 Graphics for Linux may have
    allowed an authenticated user to potentially enable
    escalation of privilege via local access (bnc#1135278).

  - CVE-2019-11486: The Siemens R3964 line discipline driver
    in drivers/tty/n_r3964.c in the Linux kernel had
    multiple race conditions (bnc#1133188). It was disabled
    by default.

  - CVE-2019-11811: There is a use-after-free upon attempted
    read access to /proc/ioports after the ipmi_si module is
    removed, related to drivers/char/ipmi/ipmi_si_intf.c,
    drivers/char/ipmi/ipmi_si_mem_io.c, and
    drivers/char/ipmi/ipmi_si_port_io.c (bnc#1134397).

  - CVE-2019-11815: An issue was discovered in
    rds_tcp_kill_sock in net/rds/tcp.c kernel. There is a
    race condition leading to a use-after-free, related to
    net namespace cleanup (bnc#1134537).

  - CVE-2019-11833: fs/ext4/extents.c did not zero out the
    unused memory region in the extent tree block, which
    might allow local users to obtain sensitive information
    by reading uninitialized data in the filesystem
    (bnc#1135281).

  - CVE-2019-11884: The do_hidp_sock_ioctl function in
    net/bluetooth/hidp/sock.c allowed a local user to obtain
    potentially sensitive information from kernel stack
    memory via a HIDPCONNADD command, because a name field
    may not end with a '\0' character (bnc#1134848).

  - CVE-2019-3882: A flaw was found in the vfio interface
    implementation that permits violation of the user's
    locked memory limit. If a device is bound to a vfio
    driver, such as vfio-pci, and the local attacker is
    administratively granted ownership of the device, it may
    cause a system memory exhaustion and thus a denial of
    service (DoS). (bnc#1131416 bnc#1131427).

  - CVE-2019-5489: The mincore() implementation in
    mm/mincore.c allowed local attackers to observe page
    cache access patterns of other processes on the same
    system, potentially allowing sniffing of secret
    information. (Fixing this affects the output of the
    fincore program.) Limited remote exploitation may be
    possible, as demonstrated by latency differences in
    accessing public files from an Apache HTTP Server
    (bnc#1120843).

  - CVE-2019-9500: A brcmfmac heap buffer overflow in
    brcmf_wowl_nd_results was fixed (bnc#1132681).

  - CVE-2019-9503: Multiple brcmfmac frame validation
    bypasses have been fixed (bnc#1132828).

The following non-security bugs were fixed :

  - 9p: do not trust pdu content for stat item size
    (bsc#1051510).

  - 9p locks: add mount option for lock retry interval
    (bsc#1051510).

  - acpi: Add Hygon Dhyana support ().

  - acpi: Add Hygon Dhyana support (fate#327735).

  - acpi: button: reinitialize button state upon resume
    (bsc#1051510).

  - acpiCA: AML interpreter: add region addresses in global
    list during initialization (bsc#1051510).

  - acpiCA: Namespace: remove address node from global list
    after method termination (bsc#1051510).

  - acpi, nfit: Prefer _DSM over _LSR for namespace label
    reads (bsc#112128) (bsc#1132426).

  - acpi: PM: Set enable_for_wake for wakeup GPEs during
    suspend-to-idle (bsc#1111666).

  - acpi: property: restore _DSD data subnodes GUID comment
    (bsc#1111666).

  - acpi / SBS: Fix GPE storm on recent MacBookPro's
    (bsc#1051510).

  - acpi / utils: Drop reference in test for device presence
    (bsc#1051510).

  - alsa: core: Do not refer to snd_cards array directly
    (bsc#1051510).

  - alsa: core: Fix card races between register and
    disconnect (bsc#1051510).

  - alsa: emu10k1: Drop superfluous id-uniquification
    behavior (bsc#1051510).

  - alsa: hda - Add two more machines to the
    power_save_blacklist (bsc#1051510).

  - alsa: hda/hdmi - Consider eld_valid when reporting jack
    event (bsc#1051510).

  - alsa: hda/hdmi - Read the pin sense from register when
    repolling (bsc#1051510).

  - alsa: hda: Initialize power_state field properly
    (bsc#1051510).

  - alsa: hda/realtek - Add new Dell platform for headset
    mode (bsc#1051510).

  - alsa: hda/realtek - add two more pin configuration sets
    to quirk table (bsc#1051510).

  - alsa: hda/realtek - Apply the fixup for ASUS Q325UAR
    (bsc#1051510).

  - alsa: hda/realtek - Avoid superfluous COEF EAPD setups
    (bsc#1051510).

  - alsa: hda/realtek - Corrected fixup for System76 Gazelle
    (gaze14) (bsc#1051510).

  - alsa: hda/realtek - EAPD turn on later (bsc#1051510).

  - alsa: hda/realtek: Enable headset MIC of Acer TravelMate
    B114-21 with ALC233 (bsc#1111666).

  - alsa: hda/realtek - Fixed Dell AIO speaker noise
    (bsc#1051510).

  - alsa: hda/realtek - Fix for Lenovo B50-70 inverted
    internal microphone bug (bsc#1051510).

  - alsa: hda/realtek - Fixup headphone noise via runtime
    suspend (bsc#1051510).

  - alsa: hda/realtek - Move to ACT_INIT state
    (bsc#1111666).

  - alsa: hda/realtek - Support low power consumption for
    ALC256 (bsc#1051510).

  - alsa: hda/realtek - Support low power consumption for
    ALC295 (bsc#1051510).

  - alsa: hda - Register irq handler after the chip
    initialization (bsc#1051510).

  - alsa: hda - Use a macro for snd_array iteration loops
    (bsc#1051510).

  - alsa: hdea/realtek - Headset fixup for System76 Gazelle
    (gaze14) (bsc#1051510).

  - alsa: info: Fix racy addition/deletion of nodes
    (bsc#1051510).

  - alsa: line6: Avoid polluting led_* namespace
    (bsc#1051510).

  - alsa: line6: use dynamic buffers (bsc#1051510).

  - alsa: PCM: check if ops are defined before suspending
    PCM (bsc#1051510).

  - alsa: seq: Align temporary re-locking with irqsave
    version (bsc#1051510).

  - alsa: seq: Correct unlock sequence at
    snd_seq_client_ioctl_unlock() (bsc#1051510).

  - alsa: seq: Cover unsubscribe_port() in list_mutex
    (bsc#1051510).

  - alsa: seq: Fix OOB-reads from strlcpy (bsc#1051510).

  - alsa: seq: Fix race of get-subscription call vs
    port-delete ioctls (bsc#1051510).

  - alsa: seq: Protect in-kernel ioctl calls with mutex
    (bsc#1051510).

  - alsa: seq: Protect racy pool manipulation from OSS
    sequencer (bsc#1051510).

  - alsa: seq: Remove superfluous irqsave flags
    (bsc#1051510).

  - alsa: seq: Simplify snd_seq_kernel_client_enqueue()
    helper (bsc#1051510).

  - alsa: timer: Check ack_list emptiness instead of bit
    flag (bsc#1051510).

  - alsa: timer: Coding style fixes (bsc#1051510).

  - alsa: timer: Make snd_timer_close() really kill pending
    actions (bsc#1051510).

  - alsa: timer: Make sure to clear pending ack list
    (bsc#1051510).

  - alsa: timer: Revert active callback sync check at close
    (bsc#1051510).

  - alsa: timer: Simplify error path in snd_timer_open()
    (bsc#1051510).

  - alsa: timer: Unify timer callback process code
    (bsc#1051510).

  - alsa: usb-audio: Fix a memory leak bug (bsc#1051510).

  - alsa: usb-audio: Handle the error from
    snd_usb_mixer_apply_create_quirk() (bsc#1051510).

  - alsa: usx2y: fix a double free bug (bsc#1051510).

  - appletalk: Fix compile regression (bsc#1051510).

  - appletalk: Fix use-after-free in atalk_proc_exit
    (bsc#1051510).

  - ARM: 8824/1: fix a migrating irq bug when hotplug cpu
    (bsc#1051510).

  - ARM: 8833/1: Ensure that NEON code always compiles with
    Clang (bsc#1051510).

  - ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
    (bsc#1051510).

  - ARM: 8840/1: use a raw_spinlock_t in unwind
    (bsc#1051510).

  - ARM: avoid Cortex-A9 livelock on tight dmb loops
    (bsc#1051510).

  - ARM: imx6q: cpuidle: fix bug that CPU might not wake up
    at expected time (bsc#1051510).

  - ARM: OMAP2+: fix lack of timer interrupts on CPU1 after
    hotplug (bsc#1051510).

  - ARM: OMAP2+: Variable 'reg' in function
    omap4_dsi_mux_pads() could be uninitialized
    (bsc#1051510).

  - ARM: pxa: ssp: unneeded to free devm_ allocated data
    (bsc#1051510).

  - ARM: s3c24xx: Fix boolean expressions in
    osiris_dvs_notify (bsc#1051510).

  - ARM: samsung: Limit SAMSUNG_PM_CHECK config option to
    non-Exynos platforms (bsc#1051510).

  - ASoC: cs4270: Set auto-increment bit for register writes
    (bsc#1051510).

  - ASoC: fix valid stream condition (bsc#1051510).

  - ASoC: fsl-asoc-card: fix object reference leaks in
    fsl_asoc_card_probe (bsc#1051510).

  - ASoC: fsl_esai: fix channel swap issue when stream
    starts (bsc#1051510).

  - ASoC: fsl_esai: Fix missing break in switch statement
    (bsc#1051510).

  - ASoC: hdmi-codec: fix S/PDIF DAI (bsc#1051510).

  - ASoC: Intel: avoid Oops if DMA setup fails
    (bsc#1051510).

  - ASoC: max98090: Fix restore of DAPM Muxes (bsc#1051510).

  - ASoC: nau8810: fix the issue of widget with prefixed
    name (bsc#1051510).

  - ASoC: nau8824: fix the issue of the widget with prefix
    name (bsc#1051510).

  - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
    (bsc#1051510).

  - ASoC: samsung: odroid: Fix clock configuration for 44100
    sample rate (bsc#1051510).

  - ASoC:soc-pcm:fix a codec fixup issue in TDM case
    (bsc#1051510).

  - ASoC: stm32: fix sai driver name initialisation
    (bsc#1051510).

  - ASoC: tlv320aic32x4: Fix Common Pins (bsc#1051510).

  - ASoC: topology: free created components in tplg load
    error (bsc#1051510).

  - ASoC: wm_adsp: Add locking to wm_adsp2_bus_error
    (bsc#1051510).

  - assume flash part size to be 4MB, if it can't be
    determined (bsc#1127371).

  - at76c50x-usb: Do not register led_trigger if
    usb_register_driver failed (bsc#1051510).

  - ath10k: avoid possible string overflow (bsc#1051510).

  - ath10k: snoc: fix unbalanced clock error handling
    (bsc#1111666).

  - audit: fix a memleak caused by auditing load module
    (bsc#1051510).

  - b43: shut up clang -Wuninitialized variable warning
    (bsc#1051510).

  - backlight: lm3630a: Return 0 on success in update_status
    functions (bsc#1051510).

  - batman-adv: Reduce claim hash refcnt only for removed
    entry (bsc#1051510).

  - batman-adv: Reduce tt_global hash refcnt only for
    removed entry (bsc#1051510).

  - batman-adv: Reduce tt_local hash refcnt only for removed
    entry (bsc#1051510).

  - bcache: account size of buckets used in uuid write to
    ca->meta_sectors_written (bsc#1130972).

  - bcache: add a comment in super.c (bsc#1130972).

  - bcache: add code comments for bset.c (bsc#1130972).

  - bcache: add comment for cache_set->fill_iter
    (bsc#1130972).

  - bcache: add identifier names to arguments of function
    definitions (bsc#1130972).

  - bcache: add missing SPDX header (bsc#1130972).

  - bcache: add MODULE_DESCRIPTION information
    (bsc#1130972).

  - bcache: add separate workqueue for journal_write to
    avoid deadlock (bsc#1130972).

  - bcache: add static const prefix to char * array
    declarations (bsc#1130972).

  - bcache: add sysfs_strtoul_bool() for setting bit-field
    variables (bsc#1130972).

  - bcache: add the missing comments for smp_mb()/smp_wmb()
    (bsc#1130972).

  - bcache: cannot set writeback_running via sysfs if no
    writeback kthread created (bsc#1130972).

  - bcache: correct dirty data statistics (bsc#1130972).

  - bcache: do not assign in if condition in bcache_init()
    (bsc#1130972).

  - bcache: do not assign in if condition register_bcache()
    (bsc#1130972).

  - bcache: do not check if debug dentry is ERR or NULL
    explicitly on remove (bsc#1130972).

  - bcache: do not check NULL pointer before calling
    kmem_cache_destroy (bsc#1130972).

  - bcache: do not clone bio in bch_data_verify
    (bsc#1130972).

  - bcache: do not mark writeback_running too early
    (bsc#1130972).

  - bcache: export backing_dev_name via sysfs (bsc#1130972).

  - bcache: export backing_dev_uuid via sysfs (bsc#1130972).

  - bcache: fix code comments style (bsc#1130972).

  - bcache: fix indentation issue, remove tabs on a hunk of
    code (bsc#1130972).

  - bcache: fix indent by replacing blank by tabs
    (bsc#1130972).

  - bcache: fix input integer overflow of congested
    threshold (bsc#1130972).

  - bcache: fix input overflow to cache set io_error_limit
    (bsc#1130972).

  - bcache: fix input overflow to cache set sysfs file
    io_error_halflife (bsc#1130972).

  - bcache: fix input overflow to journal_delay_ms
    (bsc#1130972).

  - bcache: fix input overflow to sequential_cutoff
    (bsc#1130972).

  - bcache: fix input overflow to writeback_delay
    (bsc#1130972).

  - bcache: fix input overflow to writeback_rate_minimum
    (bsc#1130972).

  - bcache: fix ioctl in flash device (bsc#1130972).

  - bcache: fix mistaken code comments in bcache.h
    (bsc#1130972).

  - bcache: fix mistaken comments in request.c
    (bsc#1130972).

  - bcache: fix potential div-zero error of
    writeback_rate_i_term_inverse (bsc#1130972).

  - bcache: fix potential div-zero error of
    writeback_rate_p_term_inverse (bsc#1130972).

  - bcache: fix typo in code comments of
    closure_return_with_destructor() (bsc#1130972).

  - bcache: fix typo 'succesfully' to 'successfully'
    (bsc#1130972).

  - bcache: improve sysfs_strtoul_clamp() (bsc#1130972).

  - bcache: introduce force_wake_up_gc() (bsc#1130972).

  - bcache: make cutoff_writeback and cutoff_writeback_sync
    tunable (bsc#1130972).

  - bcache: Move couple of functions to sysfs.c
    (bsc#1130972).

  - bcache: Move couple of string arrays to sysfs.c
    (bsc#1130972).

  - bcache: move open brace at end of function definitions
    to next line (bsc#1130972).

  - bcache: never writeback a discard operation
    (bsc#1130972).

  - bcache: not use hard coded memset size in
    bch_cache_accounting_clear() (bsc#1130972).

  - bcache: option to automatically run gc thread after
    writeback (bsc#1130972).

  - bcache: panic fix for making cache device (bsc#1130972).

  - bcache: Populate writeback_rate_minimum attribute
    (bsc#1130972).

  - bcache: prefer 'help' in Kconfig (bsc#1130972).

  - bcache: print number of keys in
    trace_bcache_journal_write (bsc#1130972).

  - bcache: recal cached_dev_sectors on detach
    (bsc#1130972).

  - bcache: remove unnecessary space before ioctl function
    pointer arguments (bsc#1130972).

  - bcache: remove unused bch_passthrough_cache
    (bsc#1130972).

  - bcache: remove useless parameter of bch_debug_init()
    (bsc#1130972).

  - bcache: Replace bch_read_string_list() by
    __sysfs_match_string() (bsc#1130972).

  - bcache: replace hard coded number with BUCKET_GC_GEN_MAX
    (bsc#1130972).

  - bcache: replace '%pF' by '%pS' in seq_printf()
    (bsc#1130972).

  - bcache: replace printk() by pr_*() routines
    (bsc#1130972).

  - bcache: replace Symbolic permissions by octal permission
    numbers (bsc#1130972).

  - bcache: set writeback_percent in a flexible range
    (bsc#1130972).

  - bcache: split combined if-condition code into separate
    ones (bsc#1130972).

  - bcache: stop bcache device when backing device is
    offline (bsc#1130972).

  - bcache: stop using the deprecated get_seconds()
    (bsc#1130972).

  - bcache: style fixes for lines over 80 characters
    (bsc#1130972).

  - bcache: style fix to add a blank line after declarations
    (bsc#1130972).

  - bcache: style fix to replace 'unsigned' by 'unsigned
    int' (bsc#1130972).

  - bcache: treat stale && dirty keys as bad keys
    (bsc#1130972).

  - bcache: trivial - remove tailing backslash in macro
    BTREE_FLAG (bsc#1130972).

  - bcache: update comment for bch_data_insert
    (bsc#1130972).

  - bcache: update comment in sysfs.c (bsc#1130972).

  - bcache: use MAX_CACHES_PER_SET instead of magic number 8
    in __bch_bucket_alloc_set (bsc#1130972).

  - bcache: use (REQ_META|REQ_PRIO) to indicate bio for
    metadata (bsc#1130972).

  - bcache: use REQ_PRIO to indicate bio for metadata
    (bsc#1130972).

  - bcache: use routines from lib/crc64.c for CRC64
    calculation (bsc#1130972).

  - bcache: use sysfs_strtoul_bool() to set bit-field
    variables (bsc#1130972).

  - bcm2835: MMC issues (bsc#1070872).

  - blkcg: Introduce blkg_root_lookup() (bsc#1131673).

  - blkcg: Make blkg_root_lookup() work for queues in bypass
    mode (bsc#1131673).

  - blk-mq: adjust debugfs and sysfs register when updating
    nr_hw_queues (bsc#1131673).

  - blk-mq: Avoid that submitting a bio concurrently with
    device removal triggers a crash (bsc#1131673).

  - blk-mq: change gfp flags to GFP_NOIO in
    blk_mq_realloc_hw_ctxs (bsc#1131673).

  - blk-mq: fallback to previous nr_hw_queues when updating
    fails (bsc#1131673).

  - blk-mq: init hctx sched after update ctx and hctx
    mapping (bsc#1131673).

  - blk-mq: realloc hctx when hw queue is mapped to another
    node (bsc#1131673).

  - blk-mq: sync the update nr_hw_queues with
    blk_mq_queue_tag_busy_iter (bsc#1131673).

  - block: check_events: do not bother with events if
    unsupported (bsc#1110946, bsc#1119843).

  - block: check_events: do not bother with events if
    unsupported (bsc#1110946, bsc#1119843).

  - block: disk_events: introduce event flags (bsc#1110946,
    bsc#1119843).

  - block: disk_events: introduce event flags (bsc#1110946,
    bsc#1119843).

  - block: do not leak memory in bio_copy_user_iov()
    (bsc#1135309).

  - block: Ensure that a request queue is dissociated from
    the cgroup controller (bsc#1131673).

  - block: Fix a race between request queue removal and the
    block cgroup controller (bsc#1131673).

  - block: fix the return errno for direct IO (bsc#1135320).

  - block: fix use-after-free on gendisk (bsc#1135312).

  - block: Introduce blk_exit_queue() (bsc#1131673).

  - block: kABI fixes for bio_rewind_iter() removal
    (bsc#1131673).

  - block: remove bio_rewind_iter() (bsc#1131673).

  - Bluetooth: Align minimum encryption key size for LE and
    BR/EDR connections (bsc#1051510).

  - Bluetooth: btusb: request wake pin with NOAUTOEN
    (bsc#1051510).

  - Bluetooth: hci_uart: Check if socket buffer is ERR_PTR
    in h4_recv_buf() (bsc#1133731).

  - Bluetooth: hidp: fix buffer overflow (bsc#1051510).

  - bnxt_en: Drop oversize TX packets to prevent errors
    (networking-stable-19_03_07).

  - bnxt_en: Improve RX consumer index validity check
    (networking-stable-19_04_10).

  - bnxt_en: Reset device on RX buffer errors
    (networking-stable-19_04_10).

  - bonding: fix PACKET_ORIGDEV regression (git-fixes).

  - bpf: fix use after free in bpf_evict_inode
    (bsc#1083647).

  - brcm80211: potential NULL dereference in
    brcmf_cfg80211_vndr_cmds_dcmd_handler() (bsc#1051510).

  - brcmfmac: fix leak of mypkt on error return path
    (bsc#1111666).

  - btrfs: add a helper to return a head ref (bsc#1134813).

  - btrfs: Avoid possible qgroup_rsv_size overflow in
    btrfs_calculate_inode_block_rsv_size (git-fixes).

  - btrfs: breakout empty head cleanup to a helper
    (bsc#1134813).

  - btrfs: delayed-ref: Introduce better documented delayed
    ref structures (bsc#1063638 bsc#1128052 bsc#1108838).

  - btrfs: delayed-ref: Use btrfs_ref to refactor
    btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052
    bsc#1108838).

  - btrfs: delayed-ref: Use btrfs_ref to refactor
    btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052
    bsc#1108838).

  - btrfs: do not allow trimming when a fs is mounted with
    the nologreplay option (bsc#1135758).

  - btrfs: Do not panic when we can't find a root key
    (bsc#1112063).

  - btrfs: extent-tree: Fix a bug that btrfs is unable to
    add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838).

  - btrfs: extent-tree: Open-code process_func in
    __btrfs_mod_ref (bsc#1063638 bsc#1128052 bsc#1108838).

  - btrfs: extent-tree: Use btrfs_ref to refactor
    add_pinned_bytes() (bsc#1063638 bsc#1128052
    bsc#1108838).

  - btrfs: extent-tree: Use btrfs_ref to refactor
    btrfs_free_extent() (bsc#1063638 bsc#1128052
    bsc#1108838).

  - btrfs: extent-tree: Use btrfs_ref to refactor
    btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052
    bsc#1108838).

  - btrfs: Factor out common delayed refs init code
    (bsc#1134813).

  - btrfs: fix assertion failure on fsync with NO_HOLES
    enabled (bsc#1131848).

  - btrfs: Fix bound checking in
    qgroup_trace_new_subtree_blocks (git-fixes).

  - btrfs: fix incorrect file size after shrinking truncate
    and fsync (bsc#1130195).

  - btrfs: improve performance on fsync of files with
    multiple hardlinks (bsc#1123454).

  - btrfs: Introduce init_delayed_ref_head (bsc#1134813).

  - btrfs: move all ref head cleanup to the helper function
    (bsc#1134813).

  - btrfs: move extent_op cleanup to a helper (bsc#1134813).

  - btrfs: move ref_mod modification into the if (ref) logic
    (bsc#1134813).

  - btrfs: Open-code add_delayed_data_ref (bsc#1134813).

  - btrfs: Open-code add_delayed_tree_ref (bsc#1134813).

  - btrfs: qgroup: Do not scan leaf if we're modifying reloc
    tree (bsc#1063638 bsc#1128052 bsc#1108838).

  - btrfs: qgroup: Move reserved data accounting from
    btrfs_delayed_ref_head to btrfs_qgroup_extent_record
    (bsc#1134162).

  - btrfs: qgroup: Remove duplicated trace points for
    qgroup_rsv_add/release (bsc#1134160).

  - btrfs: remove delayed_ref_node from ref_head
    (bsc#1134813).

  - btrfs: remove WARN_ON in log_dir_items (bsc#1131847).

  - btrfs: send, flush dellaloc in order to avoid data loss
    (bsc#1133320).

  - btrfs: split delayed ref head initialization and
    addition (bsc#1134813).

  - btrfs: track refs in a rb_tree instead of a list
    (bsc#1134813).

  - btrfs: Use init_delayed_ref_common in
    add_delayed_data_ref (bsc#1134813).

  - btrfs: Use init_delayed_ref_common in
    add_delayed_tree_ref (bsc#1134813).

  - btrfs: Use init_delayed_ref_head in add_delayed_ref_head
    (bsc#1134813).

  - cdrom: Fix race condition in cdrom_sysctl_register
    (bsc#1051510).

  - ceph: ensure d_name stability in ceph_dentry_hash()
    (bsc#1134461).

  - ceph: ensure d_name stability in ceph_dentry_hash()
    (bsc#1134461).

  - ceph: fix ci->i_head_snapc leak (bsc#1122776).

  - ceph: fix ci->i_head_snapc leak (bsc#1122776).

  - ceph: fix use-after-free on symlink traversal
    (bsc#1134459).

  - ceph: fix use-after-free on symlink traversal
    (bsc#1134459).

  - ceph: only use d_name directly when parent is locked
    (bsc#1134460).

  - ceph: only use d_name directly when parent is locked
    (bsc#1134460).

  - cfg80211: Handle WMM rules in regulatory domain
    intersection (bsc#1111666).

  - cgroup: fix parsing empty mount option string
    (bsc#1133094).

  - cifs: Do not count -ENODATA as failure for query
    directory (bsc#1051510).

  - cifs: do not dereference smb_file_target before null
    check (bsc#1051510).

  - cifs: Do not hide EINTR after sending network packets
    (bsc#1051510).

  - cifs: Do not reconnect TCP session in add_credits()
    (bsc#1051510).

  - cifs: Do not reset lease state to NONE on lease break
    (bsc#1051510).

  - cifs: Fix adjustment of credits for MTU requests
    (bsc#1051510).

  - cifs: Fix credit calculation for encrypted reads with
    errors (bsc#1051510).

  - cifs: Fix credits calculations for reads with errors
    (bsc#1051510).

  - cifs: fix POSIX lock leak and invalid ptr deref
    (bsc#1114542).

  - cifs: Fix possible hang during async MTU reads and
    writes (bsc#1051510).

  - cifs: Fix potential OOB access of lock element array
    (bsc#1051510).

  - cifs: Fix read after write for files with read caching
    (bsc#1051510).

  - cifs: keep FileInfo handle live during oplock break
    (bsc#1106284, bsc#1131565).

  - clk: fractional-divider: check parent rate only if flag
    is set (bsc#1051510).

  - clk: rockchip: fix frac settings of GPLL clock for
    rk3328 (bsc#1051510).

  - clk: rockchip: Fix video codec clocks on rk3288
    (bsc#1051510).

  - clk: rockchip: fix wrong clock definitions for rk3328
    (bsc#1051510).

  - clk: x86: Add system specific quirk to mark clocks as
    critical (bsc#1051510).

  - configfs: fix possible use-after-free in
    configfs_register_group (bsc#1051510).

  - cpufreq: Add Hygon Dhyana support ().

  - cpufreq: Add Hygon Dhyana support (fate#327735).

  - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ
    ().

  - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ
    (fate#327735).

  - cpupowerutils: bench - Fix cpu online check
    (bsc#1051510).

  - cpu/speculation: Add 'mitigations=' cmdline option
    (bsc#1112178).

  - crypto: arm/aes-neonbs - do not access already-freed
    walk.iv (bsc#1051510).

  - crypto: caam - add missing put_device() call
    (bsc#1129770).

  - crypto: caam - fix caam_dump_sg that iterates through
    scatterlist (bsc#1051510).

  - crypto: caam/qi2 - fix DMA mapping of stack memory
    (bsc#1111666).

  - crypto: caam/qi2 - fix zero-length buffer DMA mapping
    (bsc#1111666).

  - crypto: caam/qi2 - generate hash keys in-place
    (bsc#1111666).

  - crypto: ccm - fix incompatibility between 'ccm' and
    'ccm_base' (bsc#1051510).

  - crypto: ccp - Do not free psp_master when PLATFORM_INIT
    fails (bsc#1051510).

  - crypto: chacha20poly1305 - set cra_name correctly
    (bsc#1051510).

  - crypto: crct10dif-generic - fix use via
    crypto_shash_digest() (bsc#1051510).

  - crypto: crypto4xx - properly set IV after de- and
    encrypt (bsc#1051510).

  - crypto: fips - Grammar s/options/option/, s/to/the/
    (bsc#1051510).

  - crypto: gcm - fix incompatibility between 'gcm' and
    'gcm_base' (bsc#1051510).

  - crypto: pcbc - remove bogus memcpy()s with src == dest
    (bsc#1051510).

  - crypto: sha256/arm - fix crash bug in Thumb2 build
    (bsc#1051510).

  - crypto: sha512/arm - fix crash bug in Thumb2 build
    (bsc#1051510).

  - crypto: skcipher - do not WARN on unprocessed data after
    slow walk step (bsc#1051510).

  - crypto: sun4i-ss - Fix invalid calculation of hash end
    (bsc#1051510).

  - crypto: vmx - CTR: always increment IV as quadword
    (bsc#1051510).

  - crypto: vmx - fix copy-paste error in CTR mode
    (bsc#1051510).

  - crypto: x86/crct10dif-pcl - fix use via
    crypto_shash_digest() (bsc#1051510).

  - crypto: x86/poly1305 - fix overflow during partial
    reduction (bsc#1051510).

  - cxgb4: Add capability to get/set SGE Doorbell Queue
    Timer Tick (bsc#1127371).

  - cxgb4: Added missing break in ndo_udp_tunnel_(add/del)
    (bsc#1127371).

  - cxgb4: Add flag tc_flower_initialized (bsc#1127371).

  - cxgb4: Add new T5 PCI device id 0x50ae (bsc#1127371).

  - cxgb4: Add new T5 PCI device ids 0x50af and 0x50b0
    (bsc#1127371).

  - cxgb4: Add new T6 PCI device ids 0x608a (bsc#1127371).

  - cxgb4: add per rx-queue counter for packet errors
    (bsc#1127371).

  - cxgb4: Add support for FW_ETH_TX_PKT_VM_WR
    (bsc#1127371).

  - cxgb4: add support to display DCB info (bsc#1127371).

  - cxgb4: Add support to read actual provisioned resources
    (bsc#1127371).

  - cxgb4: collect ASIC LA dumps from ULP TX (bsc#1127371).

  - cxgb4: collect hardware queue descriptors (bsc#1127371).

  - cxgb4: collect number of free PSTRUCT page pointers
    (bsc#1127371).

  - cxgb4: convert flower table to use rhashtable
    (bsc#1127371).

  - cxgb4: cxgb4: use FW_PORT_ACTION_L1_CFG32 for 32 bit
    capability (bsc#1127371).

  - cxgb4/cxgb4vf: Add support for SGE doorbell queue timer
    (bsc#1127371).

  - cxgb4/cxgb4vf: Fix mac_hlist initialization and free
    (bsc#1127374).

  - cxgb4/cxgb4vf: Link management changes (bsc#1127371).

  - cxgb4/cxgb4vf: Program hash region for
    (t4/t4vf)_change_mac() (bsc#1127371).

  - cxgb4: display number of rx and tx pages free
    (bsc#1127371).

  - cxgb4: do not return DUPLEX_UNKNOWN when link is down
    (bsc#1127371).

  - cxgb4: Export sge_host_page_size to ulds (bsc#1127371).

  - cxgb4: fix the error path of cxgb4_uld_register()
    (bsc#1127371).

  - cxgb4: impose mandatory VLAN usage when non-zero TAG ID
    (bsc#1127371).

  - cxgb4: Mask out interrupts that are not enabled
    (bsc#1127175).

  - cxgb4: move Tx/Rx free pages collection to common code
    (bsc#1127371).

  - cxgb4: remove redundant assignment to
    vlan_cmd.dropnovlan_fm (bsc#1127371).

  - cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size
    (bsc#1127371).

  - cxgb4: remove the unneeded locks (bsc#1127371).

  - cxgb4: specify IQTYPE in fw_iq_cmd (bsc#1127371).

  - cxgb4: Support ethtool private flags (bsc#1127371).

  - cxgb4: update supported DCB version (bsc#1127371).

  - cxgb4: use new fw interface to get the VIN and smt index
    (bsc#1127371).

  - cxgb4vf: Few more link management changes (bsc#1127374).

  - cxgb4vf: fix memleak in mac_hlist initialization
    (bsc#1127374).

  - cxgb4vf: Update port information in cxgb4vf_open()
    (bsc#1127374).

  - dccp: do not use ipv6 header for ipv4 flow
    (networking-stable-19_03_28).

  - dccp: Fix memleak in __feat_register_sp (bsc#1051510).

  - debugfs: fix use-after-free on symlink traversal
    (bsc#1051510).

  - device_cgroup: fix RCU imbalance in error case
    (bsc#1051510).

  - devres: Align data[] to ARCH_KMALLOC_MINALIGN
    (bsc#1051510).

  - Disable kgdboc failed by echo space to
    /sys/module/kgdboc/parameters/kgdboc (bsc#1051510).

  - dmaengine: axi-dmac: Do not check the number of frames
    for alignment (bsc#1051510).

  - dmaengine: imx-dma: fix warning comparison of distinct
    pointer types (bsc#1051510).

  - dmaengine: qcom_hidma: assign channel cookie correctly
    (bsc#1051510).

  - dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is
    valid (bsc#1051510).

  - dmaengine: tegra210-dma: free dma controller in remove()
    (bsc#1051510).

  - dmaengine: tegra: avoid overflow of byte tracking
    (bsc#1051510).

  - dm: disable DISCARD if the underlying storage no longer
    supports it (bsc#1114638).

  - Drivers: hv: vmbus: Offload the handling of channels to
    two workqueues (bsc#1130567).

  - Drivers: hv: vmbus: Reset the channel callback in
    vmbus_onoffer_rescind() (bsc#1130567).

  - drm/amd/display: extending AUX SW Timeout (bsc#1111666).

  - drm/amd/display: fix cursor black issue (bsc#1111666).

  - drm/amd/display: If one stream full updates, full update
    all planes (bsc#1111666).

  - drm/amdgpu/gmc9: fix VM_L2_CNTL3 programming
    (bsc#1111666).

  - drm/amdkfd: use init_mqd function to allocate object for
    hid_mqd (CI) (bsc#1111666).

  - drm: Auto-set allow_fb_modifiers when given modifiers at
    plane init (bsc#1051510).

  - drm/bridge: adv7511: Fix low refresh rate selection
    (bsc#1051510).

  - drm: bridge: dw-hdmi: Fix overflow workaround for
    Rockchip SoCs (bsc#1113722)

  - drm/doc: Drop 'content type' from the legacy kms
    property table (bsc#1111666).

  - drm/dp/mst: Configure no_stop_bit correctly for remote
    i2c xfers (bsc#1051510).

  - drm/exynos/mixer: fix MIXER shadow registry
    synchronisation code (bsc#1111666).

  - drm/fb-helper: dpms_legacy(): Only set on connectors in
    use (bsc#1051510).

  - drm/fb-helper: generic: Call drm_client_add() after
    setup is done (bsc#1111666).

  - drm/i915: Disable LP3 watermarks on all SNB machines
    (bsc#1051510).

  - drm/i915: Disable tv output on i9x5gm (bsc#1086657,
    bsc#1133897).

  - drm/i915: Downgrade Gen9 Plane WM latency error
    (bsc#1051510).

  - drm/i915/fbc: disable framebuffer compression on
    GeminiLake (bsc#1051510).

  - drm/i915: Fix I915_EXEC_RING_MASK (bsc#1051510).

  - drm/i915: Force 2*96 MHz cdclk on glk/cnl when audio
    power is enabled (bsc#1111666).

  - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio
    list (bsc#1113722)

  - drm/i915/gvt: Add in context mmio 0x20D8 to gen9 mmio
    list (bsc#1113956)

  - drm/i915/gvt: Annotate iomem usage (bsc#1051510).

  - drm/i915/gvt: do not deliver a workload if its creation
    fails (bsc#1051510).

  - drm/i915/gvt: do not let pin count of shadow mm go
    negative (bsc#1113722)

  - drm/i915/gvt: do not let pin count of shadow mm go
    negative (bsc#1113956)

  - drm/i915/gvt: Fix incorrect mask of mmio 0x22028 in
    gen8/9 mmio list (bnc#1113722)

  - drm/i915/gvt: Prevent use-after-free in
    ppgtt_free_all_spt() (bsc#1111666).

  - drm/i915/gvt: Roundup fb->height into tile's height at
    calucation fb->size (bsc#1111666).

  - drm/i915/icl: Whitelist GEN9_SLICE_COMMON_ECO_CHICKEN1
    (bsc#1111666).

  - drm/imx: do not skip DP channel disable for background
    plane (bsc#1051510).

  - drm/mediatek: Fix an error code in
    mtk_hdmi_dt_parse_pdata() (bsc#1113722)

  - drm/mediatek: Fix an error code in
    mtk_hdmi_dt_parse_pdata() (bsc#1113956)

  - drm/mediatek: fix possible object reference leak
    (bsc#1051510).

  - drm/meson: add size and alignment requirements for dumb
    buffers (bnc#1113722)

  - drm/nouveau: add DisplayPort CEC-Tunneling-over-AUX
    support (bsc#1133593).

  - drm/nouveau: Add NV_PRINTK_ONCE and variants
    (bsc#1133593).

  - drm/nouveau: Add size to vbios.rom file in debugfs
    (bsc#1133593).

  - drm/nouveau: Add strap_peek to debugfs (bsc#1133593).

  - drm/nouveau/bar/tu104: initial support (bsc#1133593).

  - drm/nouveau/bar/tu106: initial support (bsc#1133593).

  - drm/nouveau/bios: translate additional memory types
    (bsc#1133593).

  - drm/nouveau/bios: translate USB-C connector type
    (bsc#1133593).

  - drm/nouveau/bios/tu104: initial support (bsc#1133593).

  - drm/nouveau/bios/tu106: initial support (bsc#1133593).

  - drm/nouveau/bus/tu104: initial support (bsc#1133593).

  - drm/nouveau/bus/tu106: initial support (bsc#1133593).

  - drm/nouveau/ce/tu104: initial support (bsc#1133593).

  - drm/nouveau/ce/tu106: initial support (bsc#1133593).

  - drm/nouveau: Cleanup indenting in nouveau_backlight.c
    (bsc#1133593).

  - drm/nouveau/core: increase maximum number of nvdec
    instances to 3 (bsc#1133593).

  - drm/nouveau/core: recognise TU102 (bsc#1133593).

  - drm/nouveau/core: recognise TU104 (bsc#1133593).

  - drm/nouveau/core: recognise TU106 (bsc#1133593).

  - drm/nouveau/core: support multiple nvdec instances
    (bsc#1133593).

  - drm/nouveau/devinit/gm200-: export function to
    upload+execute PMU/PRE_OS (bsc#1133593).

  - drm/nouveau/devinit/tu104: initial support
    (bsc#1133593).

  - drm/nouveau/devinit/tu106: initial support
    (bsc#1133593).

  - drm/nouveau/disp: add a way to configure scrambling/tmds
    for hdmi 2.0 (bsc#1133593).

  - drm/nouveau/disp: add support for setting scdc
    parameters for high modes (bsc#1133593).

  - drm/nouveau/disp/gm200-: add scdc parameter setter
    (bsc#1133593).

  - drm/nouveau/disp/gv100: fix name of window channels in
    debug output (bsc#1133593).

  - drm/nouveau/disp: keep track of high-speed state,
    program into clock (bsc#1133593).

  - drm/nouveau/disp: take sink support into account for
    exposing 594mhz (bsc#1133593).

  - drm/nouveau/disp/tu104: initial support (bsc#1133593).

  - drm/nouveau/disp/tu106: initial support (bsc#1133593).

  - drm/nouveau/dma/tu104: initial support (bsc#1133593).

  - drm/nouveau/dma/tu106: initial support (bsc#1133593).

  - drm/nouveau/drm/nouveau: Do not forget to label dp_aux
    devices (bsc#1133593).

  - drm/nouveau/drm/nouveau:
    s/nouveau_backlight_exit/nouveau_backlight_fini/
    (bsc#1133593).

  - drm/nouveau/drm/nouveau: tegra: Call
    nouveau_drm_device_init() (bsc#1133593).

  - drm/nouveau/fault: add explicit control over fault
    buffer interrupts (bsc#1133593).

  - drm/nouveau/fault: remove manual mapping of fault
    buffers into BAR2 (bsc#1133593).

  - drm/nouveau/fault: store get/put pri address in
    nvkm_fault_buffer (bsc#1133593).

  - drm/nouveau/fault/tu104: initial support (bsc#1133593).

  - drm/nouveau/fault/tu106: initial support (bsc#1133593).

  - drm/nouveau/fb/tu104: initial support (bsc#1133593).

  - drm/nouveau/fb/tu106: initial support (bsc#1133593).

  - drm/nouveau/fifo/gf100-: call into BAR to reset BARs
    after MMU fault (bsc#1133593).

  - drm/nouveau/fifo/gk104-: group pbdma functions together
    (bsc#1133593).

  - drm/nouveau/fifo/gk104-: return channel instance in ctor
    args (bsc#1133593).

  - drm/nouveau/fifo/gk104-: separate runlist building from
    committing to hw (bsc#1133593).

  - drm/nouveau/fifo/gk104-: support enabling privileged ce
    functions (bsc#1133593).

  - drm/nouveau/fifo/gk104-: virtualise pbdma enable
    function (bsc#1133593).

  - drm/nouveau/fifo/gm200-: read pbdma count more directly
    (bsc#1133593).

  - drm/nouveau/fifo/gv100: allocate method buffer
    (bsc#1133593).

  - drm/nouveau/fifo/gv100: return work submission token in
    channel ctor args (bsc#1133593).

  - drm/nouveau/fifo/tu104: initial support (bsc#1133593).

  - drm/nouveau/fifo/tu106: initial support (bsc#1133593).

  - drm/nouveau: Fix potential memory leak in
    nouveau_drm_load() (bsc#1133593).

  - drm/nouveau/fuse/tu104: initial support (bsc#1133593).

  - drm/nouveau/fuse/tu106: initial support (bsc#1133593).

  - drm/nouveau/gpio/tu104: initial support (bsc#1133593).

  - drm/nouveau/gpio/tu106: initial support (bsc#1133593).

  - drm/nouveau/i2c/tu104: initial support (bsc#1133593).

  - drm/nouveau/i2c/tu106: initial support (bsc#1133593).

  - drm/nouveau/ibus/tu104: initial support (bsc#1133593).

  - drm/nouveau/ibus/tu106: initial support (bsc#1133593).

  - drm/nouveau/imem/nv50: support pinning objects in BAR2
    and returning address (bsc#1133593).

  - drm/nouveau/imem/tu104: initial support (bsc#1133593).

  - drm/nouveau/imem/tu106: initial support (bsc#1133593).

  - drm/nouveau/kms/nv50-: allow more flexibility with lut
    formats (bsc#1133593).

  - drm/nouveau/kms/tu104: initial support (bsc#1133593).

  - drm/nouveau/ltc/tu104: initial support (bsc#1133593).

  - drm/nouveau/ltc/tu106: initial support (bsc#1133593).

  - drm/nouveau/mc/tu104: initial support (bsc#1133593).

  - drm/nouveau/mc/tu106: initial support (bsc#1133593).

  - drm/nouveau/mmu: add more general vmm free/node handling
    functions (bsc#1133593).

  - drm/nouveau/mmu/tu104: initial support (bsc#1133593).

  - drm/nouveau/mmu/tu106: initial support (bsc#1133593).

  - drm/nouveau: Move backlight device into
    nouveau_connector (bsc#1133593).

  - drm/nouveau/pci/tu104: initial support (bsc#1133593).

  - drm/nouveau/pci/tu106: initial support (bsc#1133593).

  - drm/nouveau/pmu/tu104: initial support (bsc#1133593).

  - drm/nouveau/pmu/tu106: initial support (bsc#1133593).

  - drm/nouveau: Refactor nvXX_backlight_init()
    (bsc#1133593).

  - drm/nouveau: register backlight on pascal and newer
    (bsc#1133593).

  - drm/nouveau: remove left-over struct member
    (bsc#1133593).

  - drm/nouveau: Remove unecessary dma_fence_ops
    (bsc#1133593).

  - drm/nouveau: Start using new drm_dev initialization
    helpers (bsc#1133593).

  - drm/nouveau: Stop using drm_crtc_force_disable
    (bsc#1051510).

  - drm/nouveau/therm/tu104: initial support (bsc#1133593).

  - drm/nouveau/therm/tu106: initial support (bsc#1133593).

  - drm/nouveau/tmr/tu104: initial support (bsc#1133593).

  - drm/nouveau/tmr/tu106: initial support (bsc#1133593).

  - drm/nouveau/top/tu104: initial support (bsc#1133593).

  - drm/nouveau/top/tu106: initial support (bsc#1133593).

  - drm/nouveau/volt/gf117: fix speedo readout register
    (bsc#1051510).

  - drm/omap: hdmi4_cec: Fix CEC clock handling for PM
    (bsc#1111666).

  - drm/panel: panel-innolux: set display off in
    innolux_panel_unprepare (bsc#1111666).

  - drm/pl111: Initialize clock spinlock early
    (bsc#1111666).

  - drm: rcar-du: Fix rcar_du_crtc structure documentation
    (bsc#1111666).

  - drm/rockchip: fix for mailbox read validation
    (bsc#1051510).

  - drm/rockchip: fix for mailbox read validation
    (bsc#1111666).

  - drm/rockchip: shutdown drm subsystem on shutdown
    (bsc#1051510).

  - drm/rockchip: vop: reset scale mode when win is disabled
    (bsc#1113722)

  - drm/sun4i: Add missing drm_atomic_helper_shutdown at
    driver unbind (bsc#1113722)

  - drm/sun4i: Fix component unbinding and component master
    deletion (bsc#1113722)

  - drm/sun4i: rgb: Change the pixel clock validation check
    (bnc#1113722)

  - drm/sun4i: Set device driver data at bind time for use
    in unbind (bsc#1113722)

  - drm/sun4i: tcon top: Fix NULL/invalid pointer
    dereference in sun8i_tcon_top_un/bind (bsc#1111666).

  - drm/sun4i: Unbind components before releasing DRM and
    memory (bsc#1113722)

  - drm/tegra: gem: Fix CPU-cache maintenance for BO's
    allocated using get_pages() (bsc#1111666).

  - drm/tegra: hub: Fix dereference before check
    (bsc#1111666).

  - drm/ttm: Fix bo_global and mem_global kfree error
    (bsc#1111666).

  - drm/ttm: fix out-of-bounds read in ttm_put_pages() v2
    (bsc#1111666).

  - drm/ttm: Remove warning about inconsistent mapping
    information (bnc#1131488)

  - drm/udl: add a release method and delay modeset teardown
    (bsc#1085536)

  - drm/vc4: Fix memory leak during gpu reset. (bsc#1113722)

  - drm/vmwgfx: Remove set but not used variable 'restart'
    (bsc#1111666).

  - dsa: mv88e6xxx: Ensure all pending interrupts are
    handled prior to exit (networking-stable-19_02_20).

  - dt-bindings: net: Fix a typo in the phy-mode list for
    ethernet bindings (bsc#1129770).

  - dwc2: gadget: Fix completed transfer size calculation in
    DDMA (bsc#1051510).

  - e1000e: fix cyclic resets at link up with active tx
    (bsc#1051510).

  - e1000e: Fix -Wformat-truncation warnings (bsc#1051510).

  - EDAC, amd64: Add Hygon Dhyana support ().

  - EDAC, amd64: Add Hygon Dhyana support (fate#327735).

  - ext4: actually request zeroing of inode table after grow
    (bsc#1135315).

  - ext4: cleanup bh release code in ext4_ind_remove_space()
    (bsc#1131851).

  - ext4: Do not warn when enabling DAX (bsc#1132894).

  - ext4: fix ext4_show_options for file systems w/o journal
    (bsc#1135316).

  - ext4: fix use-after-free race with
    debug_want_extra_isize (bsc#1135314).

  - fbdev: fbmem: fix memory access if logo is bigger than
    the screen (bsc#1051510).

  - fix cgroup_do_mount() handling of failure exits
    (bsc#1133095).

  - Fix kabi after 'md: batch flush requests.'
    (bsc#1119680).

  - fix rtnh_ok() (git-fixes).

  - Fix struct page kABI after adding atomic for ppc
    (bsc#1131326, bsc#1108937).

  - fm10k: Fix a potential NULL pointer dereference
    (bsc#1051510).

  - fs: avoid fdput() after failed fdget() in
    vfs_dedupe_file_range() (bsc#1132384, bsc#1132219).

  - fs/nfs: Fix nfs_parse_devname to not modify it's
    argument (git-fixes).

  - futex: Cure exit race (bsc#1050549).

  - futex: Ensure that futex address is aligned in
    handle_futex_death() (bsc#1050549).

  - futex: Handle early deadlock return correctly
    (bsc#1050549).

  - genetlink: Fix a memory leak on error path
    (networking-stable-19_03_28).

  - ghes, EDAC: Fix ghes_edac registration (bsc#1133176).

  - gpio: adnp: Fix testing wrong value in
    adnp_gpio_direction_input (bsc#1051510).

  - gpio: aspeed: fix a potential NULL pointer dereference
    (bsc#1051510).

  - gpio: gpio-omap: fix level interrupt idling
    (bsc#1051510).

  - gpio: of: Fix of_gpiochip_add() error path
    (bsc#1051510).

  - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510).

  - gre6: use log_ecn_error module parameter in
    ip6_tnl_rcv() (git-fixes).

  - HID: debug: fix race condition with between rdesc_show()
    and device removal (bsc#1051510).

  - HID: i2c-hid: Ignore input report if there's no data
    present on Elan touchpanels (bsc#1133486).

  - HID: input: add mapping for Assistant key (bsc#1051510).

  - HID: input: add mapping for Expose/Overview key
    (bsc#1051510).

  - HID: input: add mapping for keyboard Brightness
    Up/Down/Toggle keys (bsc#1051510).

  - HID: input: add mapping for 'Toggle Display' key
    (bsc#1051510).

  - HID: intel-ish-hid: avoid binding wrong ishtp_cl_device
    (bsc#1051510).

  - HID: intel-ish: ipc: handle PIMR before ish_wakeup also
    clear PISR busy_clear bit (bsc#1051510).

  - HID: logitech: check the return value of
    create_singlethread_workqueue (bsc#1051510).

  - hv_netvsc: Fix IP header checksum for coalesced packets
    (networking-stable-19_03_07).

  - hwmon: (f71805f) Use request_muxed_region for Super-IO
    accesses (bsc#1051510).

  - hwmon: (pc87427) Use request_muxed_region for Super-IO
    accesses (bsc#1051510).

  - hwmon: (smsc47b397) Use request_muxed_region for
    Super-IO accesses (bsc#1051510).

  - hwmon: (smsc47m1) Use request_muxed_region for Super-IO
    accesses (bsc#1051510).

  - hwmon: (vt1211) Use request_muxed_region for Super-IO
    accesses (bsc#1051510).

  - hwmon: (w83627hf) Use request_muxed_region for Super-IO
    accesses (bsc#1051510).

  - hwrng: virtio - Avoid repeated init of completion
    (bsc#1051510).

  - i2c: imx: correct the method of getting private data in
    notifier_call (bsc#1111666).

  - i2c: Make i2c_unregister_device() NULL-aware
    (bsc#1108193).

  - i2c: synquacer: fix enumeration of slave devices
    (bsc#1111666).

  - ibmvnic: Enable GRO (bsc#1132227).

  - ibmvnic: Fix completion structure initialization
    (bsc#1131659).

  - ibmvnic: Fix netdev feature clobbering during a reset
    (bsc#1132227).

  - igmp: fix incorrect unsolicit report count when join
    group (git-fixes).

  - iio: adc: at91: disable adc channel interrupt in timeout
    case (bsc#1051510).

  - iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver
    (bsc#1051510).

  - iio: adc: xilinx: fix potential use-after-free on remove
    (bsc#1051510).

  - iio: ad_sigma_delta: select channel when reading
    register (bsc#1051510).

  - iio: core: fix a possible circular locking dependency
    (bsc#1051510).

  - iio: cros_ec: Fix the maths for gyro scale calculation
    (bsc#1051510).

  - iio: dac: mcp4725: add missing powerdown bits in store
    eeprom (bsc#1051510).

  - iio: Fix scan mask selection (bsc#1051510).

  - iio/gyro/bmg160: Use millidegrees for temperature scale
    (bsc#1051510).

  - iio: gyro: mpu3050: fix chip ID reading (bsc#1051510).

  - inetpeer: fix uninit-value in inet_getpeer (git-fixes).

  - Input: elan_i2c - add hardware ID for multiple Lenovo
    laptops (bsc#1051510).

  - Input: introduce KEY_ASSISTANT (bsc#1051510).

  - Input: snvs_pwrkey - initialize necessary driver data
    before enabling IRQ (bsc#1051510).

  - Input: synaptics-rmi4 - fix possible double free
    (bsc#1051510).

  - Input: synaptics-rmi4 - write config register values to
    the right offset (bsc#1051510).

  - intel_idle: add support for Jacobsville (jsc#SLE-5394).

  - intel_th: msu: Fix single mode with IOMMU (bsc#1051510).

  - intel_th: pci: Add Comet Lake support (bsc#1051510).

  - io: accel: kxcjk1013: restore the range after resume
    (bsc#1051510).

  - iommu/amd: Set exclusion range correctly (bsc#1130425).

  - iommu/vt-d: Do not request page request irq under
    dmar_global_lock (bsc#1135006).

  - iommu/vt-d: Make kernel parameter igfx_off work with
    vIOMMU (bsc#1135007).

  - iommu/vt-d: Set intel_iommu_gfx_mapped correctly
    (bsc#1135008).

  - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's
    provided src address (git-fixes).

  - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
    (networking-stable-19_04_10).

  - ipconfig: Correctly initialise ic_nameservers
    (bsc#1051510).

  - ipmi: Fix I2C client removal in the SSIF driver
    (bsc#1108193).

  - ipmi: fix sleep-in-atomic in free_user at cleanup SRCU
    user->release_barrier (bsc#1111666).

  - ipmi: Prevent use-after-free in deliver_response
    (bsc#1111666).

  - ipmi:ssif: compare block number correctly for multi-part
    return messages (bsc#1051510).

  - ipmi_ssif: Remove duplicate NULL check (bsc#1108193).

  - ip_tunnel: Fix name string concatenate in
    __ip_tunnel_create() (git-fixes).

  - ipv4: Return error for RTA_VIA attribute
    (networking-stable-19_03_07).

  - ipv6: fix cleanup ordering for ip6_mr failure
    (git-fixes).

  - ipv6: fix cleanup ordering for pingv6 registration
    (git-fixes).

  - ipv6: Fix dangling pointer when ipv6 fragment
    (git-fixes).

  - ipv6: mcast: fix unsolicited report interval after
    receiving querys (git-fixes).

  - ipv6: propagate genlmsg_reply return code
    (networking-stable-19_02_24).

  - ipv6: Return error for RTA_VIA attribute
    (networking-stable-19_03_07).

  - ipv6: sit: reset ip header pointer in ipip6_rcv
    (git-fixes).

  - ipvlan: Add the skb->mark as flow4's member to lookup
    route (bsc#1051510).

  - ipvlan: disallow userns cap_net_admin to change global
    mode/flags (networking-stable-19_03_15).

  - ipvlan: fix ipv6 outbound device (bsc#1051510).

  - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510).

  - ipvs: fix buffer overflow with sync daemon and service
    (git-fixes).

  - ipvs: fix check on xmit to non-local addresses
    (git-fixes).

  - ipvs: fix race between ip_vs_conn_new() and
    ip_vs_del_dest() (bsc#1051510).

  - ipvs: fix rtnl_lock lockups caused by start_sync_thread
    (git-fixes).

  - ipvs: Fix signed integer overflow when setsockopt
    timeout (bsc#1051510).

  - ipvs: fix stats update from local clients (git-fixes).

  - ipvs: remove IPS_NAT_MASK check to fix passive FTP
    (git-fixes).

  - iw_cxgb4: cq/qp mask depends on bar2 pages in a host
    page (bsc#1127371).

  - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510).

  - iwiwifi: fix bad monitor buffer register addresses
    (bsc#1129770).

  - iwlwifi: fix driver operation for 5350 (bsc#1111666).

  - iwlwifi: fix send hcmd timeout recovery flow
    (bsc#1129770).

  - kABI: protect functions using struct net_generic
    (bsc#1129845 LTC#176252).

  - kABI: protect ip_options_rcv_srr (kabi).

  - kABI: protect struct mlx5_td (kabi).

  - kABI: protect struct smcd_dev (bsc#1129845 LTC#176252).

  - kABI: protect struct smc_ib_device (bsc#1129845
    LTC#176252).

  - kABI: restore icmp_send (kabi).

  - kABI workaround for removed usb_interface.pm_usage_cnt
    field (bsc#1051510).

  - kABI workaround for snd_seq_kernel_client_enqueue() API
    changes (bsc#1051510).

  - kbuild: strip whitespace in cmd_record_mcount findstring
    (bsc#1065729).

  - kcm: switch order of device registration to fix a crash
    (bnc#1130527).

  - kernel/sysctl.c: add missing range check in
    do_proc_dointvec_minmax_conv (bsc#1051510).

  - kernel/sysctl.c: fix out-of-bounds access when setting
    file-max (bsc#1051510).

  - kernfs: do not set dentry->d_fsdata (boo#1133115).

  - KEYS: always initialize keyring_index_key::desc_len
    (bsc#1051510).

  - KEYS: user: Align the payload buffer (bsc#1051510).

  - kmsg: Update message catalog to latest IBM level
    (2019/03/08) (bsc#1128904 LTC#176078).

  - kvm: Call kvm_arch_memslots_updated() before updating
    memslots (bsc#1132563).

  - kvm: Fix kABI for AMD SMAP Errata workaround
    (bsc#1133149).

  - kvm: Fix UAF in nested posted interrupt processing
    (bsc#1134199).

  - kvm: nVMX: Apply addr size mask to effective address for
    VMX instructions (bsc#1132561).

  - kvm: nVMX: Clear reserved bits of #DB exit qualification
    (bsc#1134200).

  - kvm: nVMX: Ignore limit checks on VMX instructions using
    flat segments (bsc#1132564).

  - kvm: nVMX: restore host state in nested_vmx_vmexit for
    VMFail (bsc#1134201).

  - kvm: nVMX: Sign extend displacements of VMX instr's mem
    operands (bsc#1132562).

  - kvm: PPC: Book3S HV: Fix race between
    kvm_unmap_hva_range and MMU mode switch (bsc#1061840).

  - kvm: SVM: Workaround errata#1096 (insn_len maybe zero on
    SMAP violation) (bsc#1133149).

  - kvm: VMX: Compare only a single byte for VMCS'
    'launched' in vCPU-run (bsc#1132555).

  - kvm: VMX: Zero out *all* general purpose registers after
    VM-Exit (bsc#1134202).

  - kvm: x86: Always use 32-bit SMRAM save state for 32-bit
    kernels (bsc#1134203).

  - kvm: x86: Do not clear EFER during SMM transitions for
    32-bit vCPU (bsc#1134204).

  - kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD
    hosts (bsc#1114279).

  - kvm: x86/mmu: Detect MMIO generation wrap in any address
    space (bsc#1132570).

  - kvm: x86/mmu: Do not cache MMIO accesses while memslots
    are in flux (bsc#1132571).

  - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    (bsc#1111331).

  - kvm: x86: svm: make sure NMI is injected after
    nmi_singlestep (bsc#1134205).

  - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510).

  - l2tp: filter out non-PPP sessions in
    pppol2tp_tunnel_ioctl() (git-fixes).

  - l2tp: fix missing refcount drop in
    pppol2tp_tunnel_ioctl() (git-fixes).

  - l2tp: only accept PPP sessions in pppol2tp_connect()
    (git-fixes).

  - l2tp: prevent pppol2tp_connect() from creating kernel
    sockets (git-fixes).

  - l2tp: revert 'l2tp: fix missing print session offset
    info' (bsc#1051510).

  - leds: avoid races with workqueue (bsc#1051510).

  - leds: pwm: silently error out on EPROBE_DEFER
    (bsc#1051510).

  - lib: add crc64 calculation routines (bsc#1130972).

  - libata: fix using DMA buffers on stack (bsc#1051510).

  - lib: do not depend on linux headers being installed
    (bsc#1130972).

  - lightnvm: if LUNs are already allocated fix return
    (bsc#1085535).

  - linux/kernel.h: Use parentheses around argument in
    u64_to_user_ptr() (bsc#1051510).

  - lpfc: validate command in
    lpfc_sli4_scmd_to_wqidx_distr() (bsc#1129138).

  - mac80211: do not attempt to rename ERR_PTR() debugfs
    dirs (bsc#1111666).

  - mac80211: do not call driver wake_tx_queue op during
    reconfig (bsc#1051510).

  - mac80211: fix memory accounting with A-MSDU aggregation
    (bsc#1051510).

  - mac80211: fix unaligned access in mesh table hash
    function (bsc#1051510).

  - mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP
    VLAN mode (bsc#1111666).

  - mac8390: Fix mmio access size probe (bsc#1051510).

  - md: batch flush requests (bsc#1119680).

  - md: Fix failed allocation of md_register_thread
    (git-fixes).

  - MD: fix invalid stored role for a disk (bsc#1051510).

  - md/raid1: do not clear bitmap bits on interrupted
    recovery (git-fixes).

  - md/raid5: fix 'out of memory' during raid cache recovery
    (git-fixes).

  - media: atmel: atmel-isc: fix INIT_WORK misplacement
    (bsc#1051510).

  - media: cx18: update *pos correctly in cx18_read_pos()
    (bsc#1051510).

  - media: cx23885: check allocation return (bsc#1051510).

  - media: davinci-isif: avoid uninitialized variable use
    (bsc#1051510).

  - media: davinci/vpbe: array underflow in
    vpbe_enum_outputs() (bsc#1051510).

  - media: ivtv: update *pos correctly in ivtv_read_pos()
    (bsc#1051510).

  - media: mt9m111: set initial frame size other than 0x0
    (bsc#1051510).

  - media: mtk-jpeg: Correct return type for mem2mem buffer
    helpers (bsc#1051510).

  - media: mx2_emmaprp: Correct return type for mem2mem
    buffer helpers (bsc#1051510).

  - media: omap_vout: potential buffer overflow in
    vidioc_dqbuf() (bsc#1051510).

  - media: ov2659: fix unbalanced mutex_lock/unlock
    (bsc#1051510).

  - media: pvrusb2: Prevent a buffer overflow (bsc#1129770).

  - media: s5p-g2d: Correct return type for mem2mem buffer
    helpers (bsc#1051510).

  - media: s5p-jpeg: Correct return type for mem2mem buffer
    helpers (bsc#1051510).

  - media: serial_ir: Fix use-after-free in
    serial_ir_init_module (bsc#1051510).

  - media: sh_veu: Correct return type for mem2mem buffer
    helpers (bsc#1051510).

  - media: tw5864: Fix possible NULL pointer dereference in
    tw5864_handle_frame (bsc#1051510).

  - media: vivid: use vfree() instead of kfree() for
    dev->bitmap_cap (bsc#1051510).

  - media: wl128x: Fix an error code in
    fm_download_firmware() (bsc#1051510).

  - media: wl128x: prevent two potential buffer overflows
    (bsc#1051510).

  - mISDN: Check address length before reading address
    family (bsc#1051510).

  - missing barriers in some of unix_sock ->addr and ->path
    accesses (networking-stable-19_03_15).

  - mmc: core: fix possible use after free of host
    (bsc#1051510).

  - mmc: core: Fix tag set memory leak (bsc#1111666).

  - mmc: davinci: remove extraneous __init annotation
    (bsc#1051510).

  - mm: create non-atomic version of SetPageReserved for
    init use (jsc#SLE-6647).

  - mmc: sdhci: Fix data command CRC error handling
    (bsc#1051510).

  - mmc: sdhci: Handle auto-command errors (bsc#1051510).

  - mmc: sdhci: Rename SDHCI_ACMD12_ERR and
    SDHCI_INT_ACMD12ERR (bsc#1051510).

  - mmc: tmio_mmc_core: do not claim spurious interrupts
    (bsc#1051510).

  - mm/debug.c: fix __dump_page when mapping->host is not
    set (bsc#1131934).

  - mm/huge_memory: fix vmf_insert_pfn_(pmd, pud)() crash,
    handle unaligned addresses (bsc#1135330).

  - mm/page_isolation.c: fix a wrong flag in
    set_migratetype_isolate() (bsc#1131935).

  - mm/vmalloc: fix size check for
    remap_vmalloc_range_partial() (bsc#1133825).

  - mpls: Return error for RTA_GATEWAY attribute
    (networking-stable-19_03_07).

  - mt7601u: bump supported EEPROM version (bsc#1051510).

  - mtd: docg3: fix a possible memory leak of mtd->name
    (bsc#1051510).

  - mtd: docg3: Fix passing zero to 'PTR_ERR' warning in
    doc_probe_device (bsc#1051510).

  - mtd: nand: omap: Fix comment in platform data using
    wrong Kconfig symbol (bsc#1051510).

  - mtd: part: fix incorrect format specifier for an
    unsigned long long (bsc#1051510).

  - mtd: spi-nor: intel-spi: Avoid crossing 4K address
    boundary on read/write (bsc#1129770).

  - mwifiex: do not advertise IBSS features without FW
    support (bsc#1129770).

  - mwifiex: Fix mem leak in mwifiex_tm_cmd (bsc#1051510).

  - mwifiex: Make resume actually do something useful again
    on SDIO cards (bsc#1111666).

  - mwifiex: prevent an array overflow (bsc#1051510).

  - mwl8k: Fix rate_idx underflow (bsc#1051510).

  - net: Add header for usage of fls64()
    (networking-stable-19_02_20).

  - net: Add __icmp_send helper
    (networking-stable-19_03_07).

  - net: aquantia: fix rx checksum offload for UDP/TCP over
    IPv6 (networking-stable-19_03_28).

  - net: avoid false positives in untrusted gso validation
    (git-fixes).

  - net: avoid skb_warn_bad_offload on IS_ERR (git-fixes).

  - net: avoid use IPCB in cipso_v4_error
    (networking-stable-19_03_07).

  - net: bridge: add vlan_tunnel to bridge port policies
    (git-fixes).

  - net: bridge: fix per-port af_packet sockets (git-fixes).

  - net: bridge: multicast: use rcu to access port list from
    br_multicast_start_querier (git-fixes).

  - net: datagram: fix unbounded loop in
    __skb_try_recv_datagram() (git-fixes).

  - net: Do not allocate page fragments that are not skb
    aligned (networking-stable-19_02_20).

  - net: dsa: legacy: do not unmask port bitmaps
    (git-fixes).

  - net: dsa: mv88e6xxx: Fix u64 statistics
    (networking-stable-19_03_07).

  - net: ethtool: not call vzalloc for zero sized memory
    request (networking-stable-19_04_10).

  - netfilter: bridge: Do not sabotage nf_hook calls from an
    l3mdev (git-fixes).

  - netfilter: bridge: ebt_among: add missing match size
    checks (git-fixes).

  - netfilter: bridge: ebt_among: add more missing match
    size checks (git-fixes).

  - netfilter: bridge: set skb transport_header before
    entering NF_INET_PRE_ROUTING (git-fixes).

  - netfilter: drop template ct when conntrack is skipped
    (git-fixes).

  - netfilter: ebtables: handle string from userspace with
    care (git-fixes).

  - netfilter: ebtables: reject non-bridge targets
    (git-fixes).

  - netfilter: ip6t_MASQUERADE: add dependency on conntrack
    module (git-fixes).

  - netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is
    added to ip_set_net_exit() (git-fixes).

  - netfilter: ipv6: fix use-after-free Write in
    nf_nat_ipv6_manip_pkt (git-fixes).

  - netfilter: nf_log: do not hold nf_log_mutex during user
    access (git-fixes).

  - netfilter: nf_log: fix uninit read in
    nf_log_proc_dostring (git-fixes).

  - netfilter: nf_socket: Fix out of bounds access in
    nf_sk_lookup_slow_v(4,6) (git-fixes).

  - netfilter: nf_tables: can't fail after linking rule into
    active rule list (git-fixes).

  - netfilter: nf_tables: check msg_type before
    nft_trans_set(trans) (git-fixes).

  - netfilter: nf_tables: fix NULL pointer dereference on
    nft_ct_helper_obj_dump() (git-fixes).

  - netfilter: nf_tables: release chain in flushing set
    (git-fixes).

  - netfilter: x_tables: avoid out-of-bounds reads in
    xt_request_find_(match|target) (git-fixes).

  - netfilter: x_tables: fix int overflow in
    xt_alloc_table_info() (git-fixes).

  - netfilter: x_tables: initialise match/target check
    parameter struct (git-fixes).

  - net: Fix a bug in removing queues from XPS map
    (git-fixes).

  - net: Fix for_each_netdev_feature on Big endian
    (networking-stable-19_02_20).

  - net: fix IPv6 prefix route residue
    (networking-stable-19_02_20).

  - net: fix uninit-value in __hw_addr_add_ex() (git-fixes).

  - net: Fix untag for vlan packets without ethernet header
    (git-fixes).

  - net: Fix vlan untag for bridge and vlan_dev with
    reorder_hdr off (git-fixes).

  - net-gro: Fix GRO flush when receiving a GSO packet
    (networking-stable-19_04_10).

  - net: hsr: fix memory leak in hsr_dev_finalize()
    (networking-stable-19_03_15).

  - net/hsr: fix possible crash in add_timer()
    (networking-stable-19_03_15).

  - net/ibmvnic: Update carrier state after link state
    change (bsc#1135100).

  - net/ibmvnic: Update MAC address settings after adapter
    reset (bsc#1134760).

  - net: initialize skb->peeked when cloning (git-fixes).

  - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on
    new inet6_dev (git-fixes).

  - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes).

  - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to
    devices (git-fixes).

  - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE
    (git-fixes).

  - netlabel: fix out-of-bounds memory accesses
    (networking-stable-19_03_07).

  - netlink: fix uninit-value in netlink_sendmsg
    (git-fixes).

  - net/mlx5: Decrease default mr cache size
    (networking-stable-19_04_10).

  - net/mlx5e: Add a lock on tir list
    (networking-stable-19_04_10).

  - net/mlx5e: Do not overwrite pedit action when multiple
    pedit used (networking-stable-19_02_24).

  - net/mlx5e: Fix error handling when refreshing TIRs
    (networking-stable-19_04_10).

  - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv
    fails (networking-stable-19_03_07).

  - net/packet: fix 4gb buffer limit due to overflow check
    (networking-stable-19_02_24).

  - net/packet: Set __GFP_NOWARN upon allocation in
    alloc_pg_vec (git-fixes).

  - net: rose: fix a possible stack overflow
    (networking-stable-19_03_28).

  - net/sched: act_sample: fix divide by zero in the traffic
    path (networking-stable-19_04_10).

  - net/sched: fix ->get helper of the matchall cls
    (networking-stable-19_04_10).

  - net_sched: fix two more memory leaks in cls_tcindex
    (networking-stable-19_02_24).

  - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for
    tables > 255 (networking-stable-19_03_15).

  - net: sit: fix memory leak in sit_init_net()
    (networking-stable-19_03_07).

  - net: sit: fix UBSAN Undefined behaviour in check_6rd
    (networking-stable-19_03_15).

  - net/smc: add pnet table namespace support (bsc#1129845
    LTC#176252).

  - net/smc: add smcd support to the pnet table (bsc#1129845
    LTC#176252).

  - net/smc: allow PCI IDs as ib device names in the pnet
    table (bsc#1129845 LTC#176252).

  - net/smc: allow pnetid-less configuration (bsc#1129845
    LTC#176252).

  - net/smc: check for ip prefix and subnet (bsc#1134607
    LTC#177518).

  - net/smc: cleanup for smcr_tx_sndbuf_nonempty
    (bsc#1129845 LTC#176252).

  - net/smc: cleanup of get vlan id (bsc#1134607
    LTC#177518).

  - net/smc: code cleanup smc_listen_work (bsc#1134607
    LTC#177518).

  - net/smc: consolidate function parameters (bsc#1134607
    LTC#177518).

  - net/smc: fallback to TCP after connect problems
    (bsc#1134607 LTC#177518).

  - net/smc: fix a NULL pointer dereference (bsc#1134607
    LTC#177518).

  - net/smc: fix return code from FLUSH command (bsc#1134607
    LTC#177518).

  - net/smc: improve smc_conn_create reason codes
    (bsc#1134607 LTC#177518).

  - net/smc: improve smc_listen_work reason codes
    (bsc#1134607 LTC#177518).

  - net/smc: move unhash before release of clcsock
    (bsc#1134607 LTC#177518).

  - net/smc: nonblocking connect rework (bsc#1134607
    LTC#177518).

  - net/smc: propagate file from SMC to TCP socket
    (bsc#1134607 LTC#177518).

  - net/smc: rework pnet table (bsc#1129845 LTC#176252).

  - net/smc: wait for pending work before clcsock
    release_sock (bsc#1134607 LTC#177518).

  - net: socket: fix potential spectre v1 gadget in
    socketcall (git-fixes).

  - net: socket: set sock->sk to NULL after calling
    proto_ops::release() (networking-stable-19_03_07).

  - net: stmmac: fix memory corruption with large MTUs
    (networking-stable-19_03_28).

  - net: test tailroom before appending to linear skb
    (git-fixes).

  - net: validate untrusted gso packets without csum offload
    (networking-stable-19_02_20).

  - net/x25: fix a race in x25_bind()
    (networking-stable-19_03_15).

  - net/x25: fix use-after-free in x25_device_event()
    (networking-stable-19_03_15).

  - net/x25: reset state in x25_connect()
    (networking-stable-19_03_15).

  - net: xfrm: use preempt-safe this_cpu_read() in
    ipcomp_alloc_tfms() (git-fixes).

  - NFC: nci: Add some bounds checking in
    nci_hci_cmd_received() (bsc#1051510).

  - nfs: Add missing encode / decode sequence_maxsz to v4.2
    operations (git-fixes).

  - nfsd4: catch some false session retries (git-fixes).

  - nfsd4: fix cached replies to solo SEQUENCE compounds
    (git-fixes).

  - nfs: Do not recoalesce on error in
    nfs_pageio_complete_mirror() (git-fixes).

  - nfs: Do not use page_file_mapping after removing the
    page (git-fixes).

  - nfs: Fix an I/O request leakage in nfs_do_recoalesce
    (git-fixes).

  - nfs: Fix a soft lockup in the delegation recovery code
    (git-fixes).

  - nfs: Fix a typo in nfs_init_timeout_values()
    (git-fixes).

  - nfs: Fix dentry revalidation on NFSv4 lookup
    (bsc#1132618).

  - nfs: Fix I/O request leakages (git-fixes).

  - nfs: fix mount/umount race in nlmclnt (git-fixes).

  - nfs/pnfs: Bulk destroy of layouts needs to be safe
    w.r.t. umount (git-fixes).

  - nfsv4.1 do not free interrupted slot on open
    (git-fixes).

  - nfsv4.1: Reinitialise sequence results before
    retransmitting a request (git-fixes).

  - nfsv4/flexfiles: Fix invalid deref in
    FF_LAYOUT_DEVID_NODE() (git-fixes).

  - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL
    commands (bsc#1051510).

  - nvme: add proper discard setup for the multipath device
    (bsc#1114638).

  - nvme-fc: use separate work queue to avoid warning
    (bsc#1131673).

  - nvme: fix the dangerous reference of namespaces list
    (bsc#1131673).

  - nvme: make sure ns head inherits underlying device
    limits (bsc#1131673).

  - nvme-multipath: avoid crash on invalid subsystem cntlid
    enumeration (bsc#1129273).

  - nvme-multipath: avoid crash on invalid subsystem cntlid
    enumeration (bsc#1130937).

  - nvme-multipath: split bios with the ns_head bio_set
    before submitting (bsc#1103259, bsc#1131673).

  - nvme: only reconfigure discard if necessary
    (bsc#1114638).

  - ocfs2: turn on OCFS2_FS_STATS setting(bsc#1134393) We
    need to turn on OCFS2_FS_STATS kernel configuration
    setting, to fix bsc#1134393.

  - omapfb: add missing of_node_put after
    of_device_is_available (bsc#1051510).

  - openvswitch: add seqadj extension when NAT is used
    (bsc#1051510).

  - openvswitch: fix flow actions reallocation
    (bsc#1051510).

  - overflow: Fix -Wtype-limits compilation warnings
    (bsc#1111666).

  - packet: fix reserve calculation (git-fixes).

  - packet: in packet_snd start writing at link layer
    allocation (git-fixes).

  - packet: refine ring v3 block size test to hold one frame
    (git-fixes).

  - packet: reset network header if packet shorter than ll
    reserved space (git-fixes).

  - packets: Always register packet sk in the same order
    (networking-stable-19_03_28).

  - packet: validate msg_namelen in send directly
    (git-fixes).

  - PCI: Add function 1 DMA alias quirk for Marvell 9170
    SATA controller (bsc#1051510).

  - PCI: designware-ep: Read-only registers need
    DBI_RO_WR_EN to be writable (bsc#1051510).

  - PCI: Init PCIe feature bits for managed host bridge
    alloc (bsc#1111666).

  - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken
    (bsc#1051510).

  - PCI: Mark Atheros AR9462 to avoid bus reset
    (bsc#1051510).

  - PCI: pciehp: Convert to threaded IRQ (bsc#1133005).

  - PCI: pciehp: Ignore Link State Changes after powering
    off a slot (bsc#1133005).

  - PCI: pciehp: Tolerate Presence Detect hardwired to zero
    (bsc#1133016).

  - perf tools: Add Hygon Dhyana support ().

  - perf tools: Add Hygon Dhyana support (fate#327735).

  - perf/x86/amd: Add event map for AMD Family 17h
    (bsc#1134223).

  - perf/x86/amd: Update generic hardware cache events for
    Family 17h (bsc#1134223).

  - phy: sun4i-usb: Make sure to disable PHY0 passby for
    peripheral mode (bsc#1051510).

  - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG
    PHYs (bsc#1051510).

  - platform/x86: alienware-wmi: printing the wrong error
    code (bsc#1051510).

  - platform/x86: dell-rbtn: Add missing #include
    (bsc#1051510).

  - platform/x86: intel_pmc_ipc: adding error handling
    (bsc#1051510).

  - platform/x86: intel_punit_ipc: Revert 'Fix resource
    ioremap warning' (bsc#1051510).

  - platform/x86: pmc_atom: Drop __initconst on dmi table
    (bsc#1051510).

  - platform/x86: sony-laptop: Fix unintentional
    fall-through (bsc#1051510).

  - powerpc64/ftrace: Include ftrace.h needed for
    enable/disable calls (bsc#1088804, git-fixes).

  - powerpc/64s: Fix logic when handling unknown CPU
    features (bsc#1055117).

  - powerpc/64s: Fix page table fragment refcount race vs
    speculative references (bsc#1131326, bsc#1108937).

  - powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer
    (bsc#1065729).

  - powerpc: consolidate -mno-sched-epilog into FTRACE flags
    (bsc#1065729).

  - powerpc: Fix 32-bit KVM-PR lockup and host crash with
    MacOS guest (bsc#1061840).

  - powerpc/hugetlb: Handle mmap_min_addr correctly in
    get_unmapped_area callback (bsc#1131900).

  - powerpc/kvm: Save and restore host AMR/IAMR/UAMOR
    (bsc#1061840).

  - powerpc/mm: Add missing tracepoint for tlbie
    (bsc#1055117, git-fixes).

  - powerpc/mm: Check secondary hash page table
    (bsc#1065729).

  - powerpc/mm: Fix page table dump to work on Radix
    (bsc#1055186, fate#323286, git-fixes).

  - powerpc/mm: Fix page table dump to work on Radix
    (bsc#1055186, git-fixes).

  - powerpc/mm/hash: Handle mmap_min_addr correctly in
    get_unmapped_area topdown search (bsc#1131900).

  - powerpc/mm/radix: Display if mappings are exec or not
    (bsc#1055186, fate#323286, git-fixes).

  - powerpc/mm/radix: Display if mappings are exec or not
    (bsc#1055186, git-fixes).

  - powerpc/mm/radix: Prettify mapped memory range print out
    (bsc#1055186, fate#323286, git-fixes).

  - powerpc/mm/radix: Prettify mapped memory range print out
    (bsc#1055186, git-fixes).

  - powerpc/numa: document topology_updates_enabled, disable
    by default (bsc#1133584).

  - powerpc/numa: improve control of topology updates
    (bsc#1133584).

  - powerpc/perf: Fix unit_sel/cache_sel checks
    (bsc#1053043).

  - powerpc/perf: Remove l2 bus events from HW cache event
    array (bsc#1053043).

  - powerpc/powernv/cpuidle: Init all present cpus for deep
    states (bsc#1055121).

  - powerpc/powernv: Do not reprogram SLW image on every KVM
    guest entry/exit (bsc#1061840).

  - powerpc/powernv/ioda2: Remove redundant free of TCE
    pages (bsc#1061840).

  - powerpc/powernv/ioda: Allocate indirect TCE levels of
    cached userspace addresses on demand (bsc#1061840).

  - powerpc/powernv/ioda: Fix locked_vm counting for memory
    used by IOMMU tables (bsc#1061840).

  - powerpc/powernv: Make opal log only readable by root
    (bsc#1065729).

  - powerpc/powernv: Remove never used pnv_power9_force_smt4
    (bsc#1061840).

  - powerpc/speculation: Support 'mitigations=' cmdline
    option (bsc#1112178).

  - powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64
    (bsc#1131587).

  - powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies
    across Y2038 (bsc#1131587).

  - power: supply: axp20x_usb_power: Fix typo in VBUS
    current limit macros (bsc#1051510).

  - power: supply: axp288_charger: Fix unchecked return
    value (bsc#1051510).

  - proc/kcore: do not bounds check against address 0
    (bsc#1051510).

  - proc: revalidate kernel thread inodes to root:root
    (bsc#1051510).

  - proc/sysctl: fix return error for
    proc_doulongvec_minmax() (bsc#1051510).

  - pwm: Fix deadlock warning when removing PWM device
    (bsc#1051510).

  - pwm: meson: Consider 128 a valid pre-divider
    (bsc#1051510).

  - pwm: meson: Do not disable PWM when setting duty
    repeatedly (bsc#1051510).

  - pwm: meson: Use the spin-lock only to protect register
    modifications (bsc#1051510).

  - pwm: tiehrpwm: Update shadow register for disabling PWMs
    (bsc#1051510).

  - qla2xxx: allow irqbalance control in non-MQ mode
    (bsc#1128971).

  - qla2xxx: allow irqbalance control in non-MQ mode
    (bsc#1128979).

  - qla2xxx: always allocate qla_tgt_wq (bsc#1131451).

  - qmi_wwan: add Olicard 600 (bsc#1051510).

  - qmi_wwan: Add support for Quectel EG12/EM12
    (networking-stable-19_03_07).

  - raid10: It's wrong to add len to sector_nr in raid10
    reshape twice (git-fixes).

  - RAS/CEC: Check the correct variable in the debugfs error
    handling (bsc#1085535).

  - ravb: Decrease TxFIFO depth of Q3 and Q2 to one
    (networking-stable-19_03_15).

  - rdma/cxgb4: Add support for 64Byte cqes (bsc#1127371).

  - rdma/cxgb4: Add support for kernel mode SRQ's
    (bsc#1127371).

  - rdma/cxgb4: Add support for srq functions & structs
    (bsc#1127371).

  - rdma/cxgb4: fix some info leaks (bsc#1127371).

  - rdma/cxgb4: Make c4iw_poll_cq_one() easier to analyze
    (bsc#1127371).

  - rdma/cxgb4: Remove a set-but-not-used variable
    (bsc#1127371).

  - rdma/iw_cxgb4: Drop __GFP_NOFAIL (bsc#1127371).

  - rdma/smc: Replace ib_query_gid with rdma_get_gid_attr
    (bsc#1131530 LTC#176717).

  - rds: fix refcount bug in rds_sock_addref (git-fixes).

  - rds: tcp: atomically purge entries from
    rds_tcp_conn_list during netns delete (git-fixes).

  - Re-enable nouveau for PCI device 10de:1cbb
    (bsc#1133593).

  - Re-export snd_cards for kABI compatibility
    (bsc#1051510).

  - regulator: tps65086: Fix tps65086_ldoa1_ranges for
    selector 0xB (bsc#1051510).

  - Revert 'alsa: seq: Protect in-kernel ioctl calls with
    mutex' (bsc#1051510).

  - Revert 'block: unexport DISK_EVENT_MEDIA_CHANGE for
    legacy/fringe drivers' (bsc#1110946, bsc#1119843).

  - Revert 'block: unexport DISK_EVENT_MEDIA_CHANGE for
    legacy/fringe drivers' (bsc#1110946, bsc#1119843).

  - Revert 'drm/sun4i: rgb: Change the pixel clock
    validation check (bnc#1113722)' The patch seems buggy,
    breaks the build for armv7hl/pae config.

  - Revert 'ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd
    and ide-cd' (bsc#1110946).

  - Revert 'ide: unexport DISK_EVENT_MEDIA_CHANGE for ide-gd
    and ide-cd' (bsc#1110946, bsc#1119843).

  - Revert 'tty: pty: Fix race condition between
    release_one_tty and pty_write' (bsc#1051510).

  - ring-buffer: Check if memory is available before
    allocation (bsc#1132531).

  - rt2x00: do not increment sequence number while
    re-transmitting (bsc#1051510).

  - rtlwifi: rtl8723ae: Fix missing break in switch
    statement (bsc#1051510).

  - rxrpc: Do not release call mutex on error pointer
    (git-fixes).

  - rxrpc: Do not treat call aborts as conn aborts
    (git-fixes).

  - rxrpc: Fix client call queueing, waiting for channel
    (networking-stable-19_03_15).

  - rxrpc: Fix error reception on AF_INET6 sockets
    (git-fixes).

  - rxrpc: Fix transport sockopts to get IPv4 errors on an
    IPv6 socket (git-fixes).

  - rxrpc: Fix Tx ring annotation after initial Tx failure
    (git-fixes).

  - s390/dasd: fix panic for failed online processing
    (bsc#1132589).

  - s390/pkey: move pckmo subfunction available checks away
    from module init (bsc#1128544).

  - s390/qdio: clear intparm during shutdown (bsc#1134597
    LTC#177516).

  - s390/speculation: Support 'mitigations=' cmdline option
    (bsc#1112178).

  - sc16is7xx: missing unregister/delete driver on error in
    sc16is7xx_init() (bsc#1051510).

  - sc16is7xx: move label 'err_spi' to correct section
    (bsc#1051510).

  - sc16is7xx: put err_spi and err_i2c into correct #ifdef
    (bsc#1051510).

  - scripts/git_sort/git_sort.py: remove old SCSI git
    branches

  - scripts: override locale from environment when running
    recordmcount.pl (bsc#1134354).

  - scsi: libsas: allocate sense buffer for bsg queue
    (bsc#1131467).

  - scsi: qla2xxx: Add new FC-NVMe enable BIT to enable
    FC-NVMe feature (bsc#1130579).

  - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show
    (bsc#1132044).

  - scsi: smartpqi: add H3C controller IDs (bsc#1133547).

  - scsi: smartpqi: add h3c ssid (bsc#1133547).

  - scsi: smartpqi: add no_write_same for logical volumes
    (bsc#1133547).

  - scsi: smartpqi: add ofa support (bsc#1133547).

  - scsi: smartpqi: Add retries for device reset
    (bsc#1133547).

  - scsi: smartpqi: add smp_utils support (bsc#1133547).

  - scsi: smartpqi: add spdx (bsc#1133547).

  - scsi: smartpqi: add support for huawei controllers
    (bsc#1133547).

  - scsi: smartpqi: add support for PQI Config Table
    handshake (bsc#1133547).

  - scsi: smartpqi: add sysfs attributes (bsc#1133547).

  - scsi: smartpqi: allow for larger raid maps
    (bsc#1133547).

  - scsi: smartpqi: bump driver version (bsc#1133547).

  - scsi: smartpqi: bump driver version (bsc#1133547).

  - scsi: smartpqi: call pqi_free_interrupts() in
    pqi_shutdown() (bsc#1133547).

  - scsi: smartpqi: check for null device pointers
    (bsc#1133547).

  - scsi: smartpqi: correct host serial num for ssa
    (bsc#1133547).

  - scsi: smartpqi: correct lun reset issues (bsc#1133547).

  - scsi: smartpqi: correct volume status (bsc#1133547).

  - scsi: smartpqi: do not offline disks for transient did
    no connect conditions (bsc#1133547).

  - scsi: smartpqi: enhance numa node detection
    (bsc#1133547).

  - scsi: smartpqi: fix build warnings (bsc#1133547).

  - scsi: smartpqi: fix disk name mount point (bsc#1133547).

  - scsi: smartpqi: fully convert to the generic DMA API
    (bsc#1133547).

  - scsi: smartpqi: increase fw status register read timeout
    (bsc#1133547).

  - scsi: smartpqi: increase LUN reset timeout
    (bsc#1133547).

  - scsi: smartpqi_init: fix boolean expression in
    pqi_device_remove_start (bsc#1133547).

  - scsi: smartpqi: refactor sending controller raid
    requests (bsc#1133547).

  - scsi: smartpqi: Reporting 'logical unit failure'
    (bsc#1133547).

  - scsi: smartpqi: turn off lun data caching for ptraid
    (bsc#1133547).

  - scsi: smartpqi: update copyright (bsc#1133547).

  - scsi: smartpqi: update driver version (bsc#1133547).

  - scsi: smartpqi: wake up drives after os resumes from
    suspend (bsc#1133547).

  - sctp: call gso_reset_checksum when computing checksum in
    sctp_gso_segment (networking-stable-19_02_24).

  - sctp: fix identification of new acks for SFR-CACC
    (git-fixes).

  - sctp: get sctphdr by offset in sctp_compute_cksum
    (networking-stable-19_03_28).

  - sctp: initialize _pad of sockaddr_in before copying to
    user memory (networking-stable-19_04_10).

  - sctp: only update outstanding_bytes for transmitted
    queue when doing prsctp_prune (git-fixes).

  - sctp: set frag_point in sctp_setsockopt_maxseg
    correctly` (git-fixes).

  - selinux: use kernel linux/socket.h for genheaders and
    mdp (bsc#1134810).

  - serial: 8250_pxa: honor the port number from devicetree
    (bsc#1051510).

  - serial: ar933x_uart: Fix build failure with disabled
    console (bsc#1051510).

  - serial: uartps: console_setup() can't be placed to init
    section (bsc#1051510).

  - sit: check if IPv6 enabled before calling
    ip6_err_gen_icmpv6_unreach()
    (networking-stable-19_02_24).

  - soc/fsl/qe: Fix an error code in qe_pin_request()
    (bsc#1051510).

  - SoC: imx-sgtl5000: add missing put_device()
    (bsc#1051510).

  - soc: qcom: gsbi: Fix error handling in gsbi_probe()
    (bsc#1051510).

  - soc/tegra: fuse: Fix illegal free of IO base address
    (bsc#1051510).

  - soc/tegra: pmc: Drop locking from
    tegra_powergate_is_powered() (bsc#1051510).

  - spi: a3700: Clear DATA_OUT when performing a read
    (bsc#1051510).

  - spi: Add missing pm_runtime_put_noidle() after failed
    get (bsc#1111666).

  - spi: bcm2835aux: fix driver to not allow 65535 (=-1)
    cs-gpios (bsc#1051510).

  - spi: bcm2835aux: setup gpio-cs to output and correct
    level during setup (bsc#1051510).

  - spi: bcm2835aux: warn in dmesg that native cs is not
    really supported (bsc#1051510).

  - spi-mem: fix kernel-doc for
    spi_mem_dirmap_(read|write)() (bsc#1111666).

  - spi: Micrel eth switch: declare missing of table
    (bsc#1051510).

  - spi: rspi: Fix sequencer reset during initialization
    (bsc#1051510).

  - spi: ST ST95HF NFC: declare missing of table
    (bsc#1051510).

  - ssb: Fix possible NULL pointer dereference in
    ssb_host_pcmcia_exit (bsc#1051510).

  - staging: comedi: ni_usb6501: Fix possible double-free of
    ->usb_rx_buf (bsc#1051510).

  - staging: comedi: ni_usb6501: Fix use of uninitialized
    mutex (bsc#1051510).

  - staging: comedi: vmk80xx: Fix possible double-free of
    ->usb_rx_buf (bsc#1051510).

  - staging: comedi: vmk80xx: Fix use of uninitialized
    semaphore (bsc#1051510).

  - staging: iio: ad7192: Fix ad7193 channel address
    (bsc#1051510).

  - staging: rtl8188eu: Fix potential NULL pointer
    dereference of kcalloc (bsc#1051510).

  - staging: rtl8712: uninitialized memory in
    read_bbreg_hdl() (bsc#1051510).

  - staging: rtlwifi: Fix potential NULL pointer dereference
    of kzalloc (bsc#1111666).

  - staging: rtlwifi: rtl8822b: fix to avoid potential NULL
    pointer dereference (bsc#1111666).

  - staging: vt6655: Fix interrupt race condition on device
    start up (bsc#1051510).

  - staging: vt6655: Remove vif check from vnt_interrupt
    (bsc#1051510).

  - stm class: Fix an endless loop in channel allocation
    (bsc#1051510).

  - stm class: Fix channel free in stm output free path
    (bsc#1051510).

  - stm class: Prevent division by zero (bsc#1051510).

  - sunrpc: fix 4 more call sites that were using stack
    memory with a scatterlist (git-fixes).

  - supported.conf: Add openvswitch to kernel-default-base
    (bsc#1124839).

  - supported.conf: Add openvswitch to kernel-default-base
    (bsc#1124839).

  - supported.conf: dw_mmc-bluefield is not needed in
    kernel-default-base (bsc#1131574).

  - svm/avic: Fix invalidate logical APIC id entry
    (bsc#1132726).

  - svm: Fix AVIC DFR and LDR handling (bsc#1132558).

  - sysctl: handle overflow for file-max (bsc#1051510).

  - tcp: do not use ipv6 header for ipv4 flow
    (networking-stable-19_03_28).

  - tcp: Ensure DCTCP reacts to losses
    (networking-stable-19_04_10).

  - tcp: fix TCP_REPAIR_QUEUE bound checking (git-fixes).

  - tcp: purge write queue in tcp_connect_init()
    (git-fixes).

  - tcp: tcp_v4_err() should be more careful
    (networking-stable-19_02_20).

  - team: set slave to promisc if team is already in promisc
    mode (bsc#1051510).

  - testing: nvdimm: provide SZ_4G constant (bsc#1132982).

  - thermal: cpu_cooling: Actually trace CPU load in
    thermal_power_cpu_get_power (bsc#1051510).

  - thermal/int340x_thermal: Add additional UUIDs
    (bsc#1051510).

  - thermal/int340x_thermal: fix mode setting (bsc#1051510).

  - thunderx: eliminate extra calls to put_page() for pages
    held for recycling (networking-stable-19_03_28).

  - thunderx: enable page recycling for non-XDP case
    (networking-stable-19_03_28).

  - tipc: fix race condition causing hung sendto
    (networking-stable-19_03_07).

  - tools/cpupower: Add Hygon Dhyana support ().

  - tools/cpupower: Add Hygon Dhyana support (fate#327735).

  - tools lib traceevent: Fix missing equality check for
    strcmp (bsc#1129770).

  - tpm: Fix the type of the return value in
    calc_tpm2_event_size() (bsc#1082555).

  - tracing: Fix a memory leak by early error exit in
    trace_pid_write() (bsc#1133702).

  - tracing: Fix buffer_ref pipe ops (bsc#1133698).

  - tracing/hrtimer: Fix tracing bugs by taking all clock
    bases and modes into account (bsc#1132527).

  - tty: increase the default flip buffer limit to 2*640K
    (bsc#1051510).

  - tty: pty: Fix race condition between release_one_tty and
    pty_write (bsc#1051510).

  - tty: serial_core, add ->install (bnc#1129693).

  - tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if
    blankinterval == 0 (bsc#1051510).

  - tun: add a missing rcu_read_unlock() in error path
    (networking-stable-19_03_28).

  - tun: fix blocking read (networking-stable-19_03_07).

  - tun: properly test for IFF_UP
    (networking-stable-19_03_28).

  - tun: remove unnecessary memory barrier
    (networking-stable-19_03_07).

  - uas: fix alignment of scatter/gather segments
    (bsc#1129770).

  - ufs: fix braino in ufs_get_inode_gid() for solaris UFS
    flavour (bsc#1135323).

  - Update config files. Debug kernel is not supported
    (bsc#1135492).

  - Update config files: disable CONFIG_IDE for ppc64le

  - usb: cdc-acm: fix unthrottle races (bsc#1051510).

  - usb: chipidea: Grab the (legacy) USB PHY by phandle
    first (bsc#1051510).

  - usb: core: Fix bug caused by duplicate interface PM
    usage counter (bsc#1051510).

  - usb: core: Fix unterminated string returned by
    usb_string() (bsc#1051510).

  - usb: dwc3: Fix default lpm_nyet_threshold value
    (bsc#1051510).

  - usb: f_fs: Avoid crash due to out-of-scope stack ptr
    access (bsc#1051510).

  - usb: gadget: net2272: Fix net2272_dequeue()
    (bsc#1051510).

  - usb: gadget: net2280: Fix net2280_dequeue()
    (bsc#1051510).

  - usb: gadget: net2280: Fix overrun of OUT messages
    (bsc#1051510).

  - usb: serial: cp210x: fix GPIO in autosuspend
    (bsc#1120902).

  - usb: serial: f81232: fix interrupt worker not stop
    (bsc#1051510).

  - usb: serial: fix unthrottle races (bsc#1051510).

  - usb-storage: Set virt_boundary_mask to avoid SG
    overflows (bsc#1051510).

  - usb: u132-hcd: fix resource leak (bsc#1051510).

  - usb: usb251xb: fix to avoid potential NULL pointer
    dereference (bsc#1051510).

  - usb: usbip: fix isoc packet num validation in get_pipe
    (bsc#1051510).

  - usb: w1 ds2490: Fix bug caused by improper use of
    altsetting array (bsc#1051510).

  - usb: yurex: Fix protection fault after device removal
    (bsc#1051510).

  - vfio/mdev: Avoid release parent reference during error
    path (bsc#1051510).

  - vfio/mdev: Fix aborting mdev child device removal if one
    fails (bsc#1051510).

  - vfio_pci: Enable memory accesses before calling
    pci_map_rom (bsc#1051510).

  - vfio/pci: use correct format characters (bsc#1051510).

  - vfs: allow dedupe of user owned read-only files
    (bsc#1133778, bsc#1132219).

  - vfs: avoid problematic remapping requests into partial
    EOF block (bsc#1133850, bsc#1132219).

  - vfs: dedupe: extract helper for a single dedup
    (bsc#1133769, bsc#1132219).

  - vfs: dedupe should return EPERM if permission is not
    granted (bsc#1133779, bsc#1132219).

  - vfs: exit early from zero length remap operations
    (bsc#1132411, bsc#1132219).

  - vfs: export vfs_dedupe_file_range_one() to modules
    (bsc#1133772, bsc#1132219).

  - vfs: limit size of dedupe (bsc#1132397, bsc#1132219).

  - vfs: rename clone_verify_area to remap_verify_area
    (bsc#1133852, bsc#1132219).

  - vfs: skip zero-length dedupe requests (bsc#1133851,
    bsc#1132219).

  - vfs: swap names of (do,vfs)_clone_file_range()
    (bsc#1133774, bsc#1132219).

  - vfs: vfs_clone_file_prep_inodes should return EINVAL for
    a clone from beyond EOF (bsc#1133780, bsc#1132219).

  - vhost/vsock: fix reset orphans race with close timeout
    (bsc#1051510).

  - virtio-blk: limit number of hw queues by nr_cpu_ids
    (bsc#1051510).

  - virtio: Honour 'may_reduce_num' in
    vring_create_virtqueue (bsc#1051510).

  - virtio_pci: fix a NULL pointer reference in vp_del_vqs
    (bsc#1051510).

  - vrf: check accept_source_route on the original netdevice
    (networking-stable-19_04_10).

  - vsock/virtio: fix kernel panic after device hot-unplug
    (bsc#1051510).

  - vsock/virtio: fix kernel panic from
    virtio_transport_reset_no_sock (bsc#1051510).

  - vsock/virtio: Initialize core virtio vsock before
    registering the driver (bsc#1051510).

  - vsock/virtio: reset connected sockets on device removal
    (bsc#1051510).

  - vt: always call notifier with the console lock held
    (bsc#1051510).

  - vxlan: Do not call gro_cells_destroy() before device is
    unregistered (networking-stable-19_03_28).

  - vxlan: test dev->flags & IFF_UP before calling
    netif_rx() (networking-stable-19_02_20).

  - wil6210: check NULL pointer in
    _wil_cfg80211_merge_extra_ies (bsc#1051510).

  - wlcore: Fix memory leak in case wl12xx_fetch_firmware
    failure (bsc#1051510).

  - x86/alternative: Init ideal_nops for Hygon Dhyana
    (fate#327735).

  - x86/amd_nb: Check vendor in AMD-only functions
    (fate#327735).

  - x86/apic: Add Hygon Dhyana support (fate#327735).

  - x86/bugs: Add Hygon Dhyana to the respective mitigation
    machinery (fate#327735).

  - x86/cpu: Create Hygon Dhyana architecture support file
    (fate#327735).

  - x86/cpu: Get cache info and setup cache cpumap for Hygon
    Dhyana ().

  - x86/cpu: Get cache info and setup cache cpumap for Hygon
    Dhyana (fate#327735).

  - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number
    (fate#327735).

  - x86/cpu: Sanitize FAM6_ATOM naming (bsc#1111331).

  - x86/events: Add Hygon Dhyana support to PMU
    infrastructure (fate#327735).

  - x86/kvm: Add Hygon Dhyana support to KVM (fate#327735).

  - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU
    init (bsc#1132572).

  - x86/mce: Add Hygon Dhyana support to the MCA
    infrastructure (fate#327735).

  - x86/MCE/AMD, EDAC/mce_amd: Add new error descriptions
    for some SMCA bank types (bsc#1128415).

  - x86/MCE/AMD, EDAC/mce_amd: Add new McaTypes for CS, PSP,
    and SMU units (bsc#1128415).

  - x86/MCE/AMD, EDAC/mce_amd: Add new MP5, NBIO, and PCIE
    SMCA bank types (bsc#1128415).

  - x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank
    type (bsc#1128415).

  - x86/mce/AMD: Pass the bank number to
    smca_get_bank_type() (bsc#1128415).

  - x86/mce: Do not disable MCA banks when offlining a CPU
    on AMD (fate#327735).

  - x86/MCE: Fix kABI for new AMD bank names (bsc#1128415).

  - x86/mce: Handle varying MCA bank counts (bsc#1128415).

  - x86/msr-index: Cleanup bit defines (bsc#1111331).

  - x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub
    (bsc#1120318).

  - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and
    northbridge (fate#327735).

  - x86/perf/amd: Remove need to check 'running' bit in NMI
    handler (bsc#1131438).

  - x86/perf/amd: Resolve NMI latency issues for active PMCs
    (bsc#1131438).

  - x86/perf/amd: Resolve race condition when disabling PMC
    (bsc#1131438).

  - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle
    on Dhyana (fate#327735).

  - x86/speculation/mds: Fix documentation typo
    (bsc#1135642).

  - x86/speculation: Prevent deadlock on ssb_state::lock
    (bsc#1114279).

  - x86/speculation: Support 'mitigations=' cmdline option
    (bsc#1112178).

  - x86/tsc: Force inlining of cyc2ns bits (bsc#1052904).

  - x86/xen: Add Hygon Dhyana support to Xen (fate#327735).

  - xen-netback: do not populate the hash cache on XenBus
    disconnect (networking-stable-19_03_07).

  - xen-netback: fix occasional leak of grant ref mappings
    under memory pressure (networking-stable-19_03_07).

  - xen: Prevent buffer overflow in privcmd ioctl
    (bsc#1065600).

  - xfrm6: avoid potential infinite loop in
    _decode_session6() (git-fixes).

  - xfrm6: call kfree_skb when skb is toobig (git-fixes).

  - xfrm: do not call rcu_read_unlock when afinfo is NULL in
    xfrm_get_tos (git-fixes).

  - xfrm: Fix ESN sequence number handling for IPsec GSO
    packets (git-fixes).

  - xfrm: fix missing dst_release() after policy blocking
    lbcast and multicast (git-fixes).

  - xfrm: fix 'passing zero to ERR_PTR()' warning
    (git-fixes).

  - xfrm: fix rcu_read_unlock usage in xfrm_local_error
    (git-fixes).

  - xfrm: Fix stack-out-of-bounds read on socket policy
    lookup (git-fixes).

  - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
    (git-fixes).

  - xfrm: reset crypto_done when iterating over multiple
    input xfrms (git-fixes).

  - xfrm: reset transport header back to network header
    after all input transforms ahave been applied
    (git-fixes).

  - xfrm: Return error on unknown encap_type in init_state
    (git-fixes).

  - xfrm_user: prevent leaking 2 bytes of kernel memory
    (git-fixes).

  - xfrm: Validate address prefix lengths in the xfrm
    selector (git-fixes).

  - xfs: add log item pinning error injection tag
    (bsc#1114427).

  - xfs: add the ability to join a held buffer to a
    defer_ops (bsc#1133674).

  - xfs: allow xfs_lock_two_inodes to take different
    EXCL/SHARED modes (bsc#1132370, bsc#1132219).

  - xfs: buffer lru reference count error injection tag
    (bsc#1114427).

  - xfs: call xfs_qm_dqattach before performing reflink
    operations (bsc#1132368, bsc#1132219).

  - xfs: cap the length of deduplication requests
    (bsc#1132373, bsc#1132219).

  - xfs: check _btree_check_block value (bsc#1123663).

  - xfs: clean up xfs_reflink_remap_blocks call site
    (bsc#1132413, bsc#1132219).

  - xfs: convert drop_writes to use the errortag mechanism
    (bsc#1114427).

  - xfs: create block pointer check functions (bsc#1123663).

  - xfs: create inode pointer verifiers (bsc#1114427).

  - xfs: detect and fix bad summary counts at mount
    (bsc#1114427).

  - xfs: export _inobt_btrec_to_irec and
    _ialloc_cluster_alignment for scrub (bsc#1114427).

  - xfs: export various function for the online scrubber
    (bsc#1123663).

  - xfs: expose errortag knobs via sysfs (bsc#1114427).

  - xfs: fix data corruption w/ unaligned dedupe ranges
    (bsc#1132405, bsc#1132219).

  - xfs: fix data corruption w/ unaligned reflink ranges
    (bsc#1132407, bsc#1132219).

  - xfs: fix pagecache truncation prior to reflink
    (bsc#1132412, bsc#1132219).

  - xfs: fix reporting supported extra file attributes for
    statx() (bsc#1133529).

  - xfs: fix unused variable warning in xfs_buf_set_ref()
    (bsc#1114427).

  - xfs: flush removing page cache in xfs_reflink_remap_prep
    (bsc#1132414, bsc#1132219).

  - xfs: force summary counter recalc at next mount
    (bsc#1114427).

  - xfs: hold xfs_buf locked between shortform->leaf
    conversion and the addition of an attribute
    (bsc#1133675).

  - xfs: kill meaningless variable 'zero' (bsc#1106011).

  - xfs: make errortag a per-mountpoint structure
    (bsc#1123663).

  - xfs: move error injection tags into their own file
    (bsc#1114427).

  - xfs: only grab shared inode locks for source file during
    reflink (bsc#1132372, bsc#1132219).

  - xfs: prepare xfs_break_layouts() for another layout type
    (bsc#1106011).

  - xfs: prepare xfs_break_layouts() to be called with
    XFS_MMAPLOCK_EXCL (bsc#1106011).

  - xfs: refactor btree block header checking functions
    (bsc#1123663).

  - xfs: refactor btree pointer checks (bsc#1123663).

  - xfs: refactor clonerange preparation into a separate
    helper (bsc#1132402, bsc#1132219).

  - xfs: refactor unmount record write (bsc#1114427).

  - xfs: refactor xfs_trans_roll (bsc#1133667).

  - xfs: reflink find shared should take a transaction
    (bsc#1132226, bsc#1132219).

  - xfs: reflink should break pnfs leases before sharing
    blocks (bsc#1132369, bsc#1132219).

  - xfs: remove dest file's post-eof preallocations before
    reflinking (bsc#1132365, bsc#1132219).

  - xfs: remove the ip argument to xfs_defer_finish
    (bsc#1133672).

  - xfs: remove unneeded parameter from XFS_TEST_ERROR
    (bsc#1123663).

  - xfs: remove xfs_zero_range (bsc#1106011).

  - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN
    (bsc#1123663).

  - xfs: rename xfs_defer_join to xfs_defer_ijoin
    (bsc#1133668).

  - xfs: replace log_badcrc_factor knob with error injection
    tag (bsc#1114427).

  - xfs: sanity-check the unused space before trying to use
    it (bsc#1123663).

  - xfs: update ctime and remove suid before cloning files
    (bsc#1132404, bsc#1132219).

  - xfs: zero posteof blocks when cloning above eof
    (bsc#1132403, bsc#1132219)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050549"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055117"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055186"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1063638"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1070872"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082555"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085535"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085536"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086657"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097584"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106011"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106284"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108193"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108937"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111331"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112063"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112128"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112178"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119680"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122776"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123663"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124839"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1127175"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1127371"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1127374"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128415"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128971"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128979"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129693"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129770"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129845"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130527"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130567"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130579"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131416"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131427"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131438"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131451"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131488"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131530"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131574"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131673"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131847"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131900"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131934"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132044"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132219"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132226"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132369"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132373"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132397"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132402"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132403"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132404"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132405"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132411"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132412"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132413"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132426"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132527"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132531"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132561"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132562"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132564"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132618"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132681"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132726"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132828"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132894"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133005"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133094"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133095"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133149"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133176"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133188"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133547"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133668"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133672"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133698"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133702"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133769"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133772"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133778"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133779"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133780"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133850"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133851"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133852"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133897"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134160"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134162"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134201"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134202"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134204"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134205"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134393"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134459"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134461"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134597"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134600"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134651"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134810"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134848"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135007"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135008"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135120"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135278"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135281"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135309"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135312"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135315"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135323"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135492"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135642"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected the Linux Kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-base-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-base-debuginfo-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-debuginfo-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-debugsource-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-devel-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-devel-debuginfo-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-base-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-base-debuginfo-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-debuginfo-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-debugsource-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-devel-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-devel-debuginfo-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-devel-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-docs-html-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-base-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-debugsource-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-devel-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-macros-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-obs-build-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-obs-build-debugsource-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-obs-qa-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-source-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-source-vanilla-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-syms-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-base-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-debuginfo-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-debugsource-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-devel-4.12.14-lp151.28.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.4.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc");
}
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1214.NASL
    descriptionA flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id125598
    published2019-05-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125598
    titleAmazon Linux 2 : kernel (ALAS-2019-1214)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4068-1.NASL
    descriptionAdam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126948
    published2019-07-23
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126948
    titleUbuntu 18.04 LTS : linux, linux-aws, linux-gcp, linux-kvm, linux-oracle, linux-raspi2, (USN-4068-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1404.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed : - CVE-2018-16880: A flaw was found in handle_rx() function in the vhost_net driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (bnc#1122767). - CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c had multiple race conditions (bnc#1133188). It has been disabled. - CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c. There is a race condition leading to a use-after-free, related to net namespace cleanup (bnc#1134537). - CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125243
    published2019-05-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125243
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-1404) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1534-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 kernel version 4.4.121 was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There is an unchecked kstrdup of fwstr, which may have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (bnc#1135603) CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check had a race condition when reading /proc/pid/stat. (bnc#1131543) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not have ended with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125995
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125995
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1534-1) (SACK Panic) (SACK Slowness)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-C36AFA818C.NASL
    descriptionThe 5.0.16 stable updates contain a number of important fixes across the tree. Most importantly, these updates address the kernel portion of the MDS CVEs. ---- The 5.0.14 update contains a number of important fixes across the tree. There is no kernel-headers or kernel-tools build this time. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125232
    published2019-05-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125232
    titleFedora 28 : kernel / kernel-headers (2019-c36afa818c) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-169-01.NASL
    descriptionNew kernel packages are available for Slackware 14.2 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126031
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126031
    titleSlackware 14.2 / current : kernel (SSA:2019-169-01) (SACK Panic) (SACK Slowness)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1823.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi (mwifiex) driver, which a local user could use to cause denial of service or the execution of arbitrary code. CVE-2019-5489 Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, and Anders Fogh discovered that local users could use the mincore() system call to obtain sensitive information from other processes that access the same memory-mapped file. CVE-2019-11477 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) allows a remotely triggerable kernel panic. CVE-2019-11478 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) will fragment the TCP retransmission queue, allowing an attacker to cause excessive resource usage. CVE-2019-11479 Jonathan Looney reported that an attacker could force the Linux kernel to segment its responses into multiple TCP segments, each of which contains only 8 bytes of data, drastically increasing the bandwidth required to deliver the same amount of data. This update introduces a new sysctl value to control the minimal MSS (net.ipv4.tcp_min_snd_mss), which by default uses the formerly hard- coded value of 48. We recommend raising this to 512 unless you know that your network requires a lower value. (This value applies to Linux 3.16 only.) CVE-2019-11810 It was discovered that the megaraid_sas driver did not correctly handle a failed memory allocation during initialisation, which could lead to a double-free. This might have some security impact, but it cannot be triggered by an unprivileged user. CVE-2019-11833 It was discovered that the ext4 filesystem implementation writes uninitialised data from kernel memory to new extent blocks. A local user able to write to an ext4 filesystem and then read the filesystem image, for example using a removable drive, might be able to use this to obtain sensitive information. CVE-2019-11884 It was discovered that the Bluetooth HIDP implementation did not ensure that new connection names were null-terminated. A local user with CAP_NET_ADMIN capability might be able to use this to obtain sensitive information from the kernel stack. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id125958
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125958
    titleDebian DLA-1823-1 : linux security update (SACK Panic) (SACK Slowness)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2430-1.NASL
    descriptionThe SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130: Microarchitectural Store Buffer Data Sampling (MSBDS): Stored buffers on some microprocessors utilizing speculative execution which may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here : https://www.intel.com/content/dam/www/public/us/en/documents/corporate -info rmation/SA00233-microcode-update-guidance_05132019. (bsc#1103186)CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here : https://www.intel.com/content/dam/www/public/us/en/documents/corporate -info rmation/SA00233-microcode-update-guidance_05132019. (bsc#1111331)CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bsc#1136586) CVE-2019-10124: An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker could cause a denial of service (bsc#1130699). CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel has multiple race conditions. (bsc#1133188) CVE-2019-11811: An issue was discovered in the Linux kernel There was a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module was removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (bsc#1134397) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests. (bsc#1133190) CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This used to affect nfc_llcp_build_gb in net/nfc/llcp_core.c. (bsc#1138293) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bsc#1135281) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bsc#1120843) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bsc#1135603) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a
    last seen2020-05-12
    modified2019-09-24
    plugin id129284
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129284
    titleSUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4685.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id125964
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125964
    titleOracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4685) (SACK Panic) (SACK Slowness)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1536-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel was updated to 4.12.14 to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125997
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125997
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1536-1) (SACK Panic) (SACK Slowness)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-1016.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1016 advisory. - kernel: out of bound read in DVB connexant driver. (CVE-2015-9289) - kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission (CVE-2017-17807) - kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) - kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191) - kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) - Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) - kernel: ASLR bypass for setuid binaries due to late install_exec_creds() (CVE-2019-11190) - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) - kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382) - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) - kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call (CVE-2019-13648) - kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283) - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) - kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746) - kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660) - kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901) - kernel: brcmfmac frame validation bypass (CVE-2019-9503) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-04-10
    plugin id135316
    published2020-04-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135316
    titleCentOS 7 : kernel (CESA-2020:1016)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-E6BF55E821.NASL
    descriptionThe 5.0.16 stable updates contain a number of important fixes across the tree. Most importantly, these updates address the kernel portion of the MDS CVEs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125185
    published2019-05-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125185
    titleFedora 29 : kernel / kernel-headers (2019-e6bf55e821) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4076-1.NASL
    descriptionIt was discovered that a race condition existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-20836) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884) It was discovered that the Linux kernel on ARM processors allowed a tracing process to modify a syscall after a seccomp decision had been made on that syscall. A local attacker could possibly use this to bypass seccomp restrictions. (CVE-2019-2054) Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel did not properly prevent remote firmware events from being processed for USB Wifi devices. A physically proximate attacker could use this to send firmware events to the device. (CVE-2019-9503) It was discovered that an integer overflow existed in the Freescale (PowerPC) hypervisor manager in the Linux kernel. A local attacker with write access to /dev/fsl-hv could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10142). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127097
    published2019-07-26
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127097
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2 vulnerabilities (USN-4076-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1824.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi (mwifiex) driver, which a local user could use to cause denial of service or the execution of arbitrary code. CVE-2019-5489 Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, and Anders Fogh discovered that local users could use the mincore() system call to obtain sensitive information from other processes that access the same memory-mapped file. CVE-2019-9500, CVE-2019-9503 Hugues Anguelkov discovered a buffer overflow and missing access validation in the Broadcom FullMAC wifi driver (brcmfmac), which a attacker on the same wifi network could use to cause denial of service or the execution of arbitrary code. CVE-2019-11477 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) allows a remotely triggerable kernel panic. CVE-2019-11478 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) will fragment the TCP retransmission queue, allowing an attacker to cause excessive resource usage. CVE-2019-11479 Jonathan Looney reported that an attacker could force the Linux kernel to segment its responses into multiple TCP segments, each of which contains only 8 bytes of data, drastically increasing the bandwidth required to deliver the same amount of data. This update introduces a new sysctl value to control the minimal MSS (net.ipv4.tcp_min_snd_mss), which by default uses the formerly hard- coded value of 48. We recommend raising this to 536 unless you know that your network requires a lower value. CVE-2019-11486 Jann Horn of Google reported numerous race conditions in the Siemens R3964 line discipline. A local user could use these to cause unspecified security impact. This module has therefore been disabled. CVE-2019-11599 Jann Horn of Google reported a race condition in the core dump implementation which could lead to a use-after-free. A local user could use this to read sensitive information, to cause a denial of service (memory corruption), or for privilege escalation. CVE-2019-11815 It was discovered that a use-after-free in the Reliable Datagram Sockets protocol could result in denial of service and potentially privilege escalation. This protocol module (rds) is not auto- loaded on Debian systems, so this issue only affects systems where it is explicitly loaded. CVE-2019-11833 It was discovered that the ext4 filesystem implementation writes uninitialised data from kernel memory to new extent blocks. A local user able to write to an ext4 filesystem and then read the filesystem image, for example using a removable drive, might be able to use this to obtain sensitive information. CVE-2019-11884 It was discovered that the Bluetooth HIDP implementation did not ensure that new connection names were null-terminated. A local user with CAP_NET_ADMIN capability might be able to use this to obtain sensitive information from the kernel stack. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id126009
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126009
    titleDebian DLA-1824-1 : linux-4.9 security update (SACK Panic) (SACK Slowness)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0266_KERNEL-RT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a
    last seen2020-06-01
    modified2020-06-02
    plugin id132499
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132499
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0266)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4670.NASL
    descriptionDescription of changes: [4.1.12-124.28.1.el7uek] - hugetlbfs: don
    last seen2020-06-01
    modified2020-06-02
    plugin id125755
    published2019-06-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125755
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4670)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2068.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.(CVE-2018-20856) - In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.(CVE-2019-10638) - The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker
    last seen2020-05-08
    modified2019-09-24
    plugin id129261
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129261
    titleEulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2068)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1535-1.NASL
    descriptionThe SUSE Linux Enterprise 15 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125996
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125996
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1535-1) (SACK Panic) (SACK Slowness)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4675.NASL
    descriptionDescription of changes: [2.6.39-400.312.1.el6uek] - Bluetooth: hidp: fix buffer overflow (Young Xiao) [Orabug: 29786788] {CVE-2019-11884} - x86/speculation/mds: Fix verw usage to use memory operand (Patrick Colp) [Orabug: 29791037] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091} - x86/speculation/mds: Make cpu_vuln_whitelist __cpuinitconst (Patrick Colp) [Orabug: 29792027] - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [Orabug: 29792064] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091} - x86/speculation/mds: Call VERW on NMI path when returning to user (Patrick Colp) [Orabug: 29792097] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091} - x86/speculation/mds: Fix incorrect check against MSR_IA32_ARCH_CAPABILITIES (Patrick Colp) [Orabug: 29820653]
    last seen2020-06-01
    modified2020-06-02
    plugin id125804
    published2019-06-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125804
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4675) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4672.NASL
    descriptionDescription of changes: kernel-uek kernel-uek [3.8.13-118.35.1.el6uek] - Bluetooth: hidp: fix buffer overflow (Young Xiao) [Orabug: 29786787] {CVE-2019-11884} - x86/speculation/mds: Fix verw usage to use memory operand (Patrick Colp) [Orabug: 29791038] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091} - x86/speculation/mds: Make cpu_vuln_whitelist __cpuinitconst (Patrick Colp) [Orabug: 29792023] - x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [Orabug: 29792061] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
    last seen2020-06-01
    modified2020-06-02
    plugin id125792
    published2019-06-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125792
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4672) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0264_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a
    last seen2020-06-01
    modified2020-06-02
    plugin id132490
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132490
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0264)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3309.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126) * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854) * kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874) * kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882) * kernel: NULL pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) * kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) * Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222) * Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-05-08
    modified2019-11-06
    plugin id130526
    published2019-11-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130526
    titleRHEL 8 : kernel-rt (RHSA-2019:3309)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4069-2.NASL
    descriptionUSN-4069-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS. It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127792
    published2019-08-12
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127792
    titleUbuntu 18.04 LTS : linux-hwe vulnerabilities (USN-4069-2)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1214.NASL
    descriptionA flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id125605
    published2019-05-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125605
    titleAmazon Linux AMI : kernel (ALAS-2019-1214)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-640F8D8DD1.NASL
    descriptionThe 5.0.16 stable updates contain a number of important fixes across the tree. Most importantly, these updates address the kernel portion of the MDS CVEs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125182
    published2019-05-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125182
    titleFedora 30 : kernel / kernel-headers (2019-640f8d8dd1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4069-1.NASL
    descriptionIt was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126950
    published2019-07-23
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126950
    titleUbuntu 19.04 : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, (USN-4069-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1533-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 kernel version 3.12.74 was updated to to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). CVE-2019-11478: It is possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. A remote attacker may be able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: It was possible to send a crafted sequence of SACKs which will fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. (bnc#1131543) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125994
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125994
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1533-1) (SACK Panic) (SACK Slowness)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2019-0024.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - hugetlbfs: don
    last seen2020-06-01
    modified2020-06-02
    plugin id125754
    published2019-06-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125754
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0024)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1016.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1016 advisory. - kernel: out of bound read in DVB connexant driver. (CVE-2015-9289) - kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission (CVE-2017-17807) - kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) - kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191) - kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) - Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) - kernel: ASLR bypass for setuid binaries due to late install_exec_creds() (CVE-2019-11190) - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) - kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382) - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) - kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call (CVE-2019-13648) - kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283) - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) - kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746) - kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660) - kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901) - kernel: brcmfmac frame validation bypass (CVE-2019-9503) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135080
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135080
    titleRHEL 7 : kernel (RHSA-2020:1016)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1070.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1070 advisory. - kernel: out of bound read in DVB connexant driver. (CVE-2015-9289) - kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission (CVE-2017-17807) - kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) - kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191) - kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) - Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) - kernel: ASLR bypass for setuid binaries due to late install_exec_creds() (CVE-2019-11190) - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) - kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382) - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) - kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283) - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) - kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746) - kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901) - kernel: brcmfmac frame validation bypass (CVE-2019-9503) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135078
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135078
    titleRHEL 7 : kernel-rt (RHSA-2020:1070)

Redhat

advisories
  • rhsa
    idRHSA-2019:3309
  • rhsa
    idRHSA-2019:3517
  • rhsa
    idRHSA-2020:0740
rpms
  • kernel-rt-0:4.18.0-147.rt24.93.el8
  • kernel-rt-core-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-core-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-debuginfo-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-devel-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-kvm-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-kvm-debuginfo-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-modules-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-modules-extra-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debuginfo-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debuginfo-common-x86_64-0:4.18.0-147.rt24.93.el8
  • kernel-rt-devel-0:4.18.0-147.rt24.93.el8
  • kernel-rt-kvm-0:4.18.0-147.rt24.93.el8
  • kernel-rt-kvm-debuginfo-0:4.18.0-147.rt24.93.el8
  • kernel-rt-modules-0:4.18.0-147.rt24.93.el8
  • kernel-rt-modules-extra-0:4.18.0-147.rt24.93.el8
  • bpftool-0:4.18.0-147.el8
  • bpftool-debuginfo-0:4.18.0-147.el8
  • kernel-0:4.18.0-147.el8
  • kernel-abi-whitelists-0:4.18.0-147.el8
  • kernel-core-0:4.18.0-147.el8
  • kernel-cross-headers-0:4.18.0-147.el8
  • kernel-debug-0:4.18.0-147.el8
  • kernel-debug-core-0:4.18.0-147.el8
  • kernel-debug-debuginfo-0:4.18.0-147.el8
  • kernel-debug-devel-0:4.18.0-147.el8
  • kernel-debug-modules-0:4.18.0-147.el8
  • kernel-debug-modules-extra-0:4.18.0-147.el8
  • kernel-debuginfo-0:4.18.0-147.el8
  • kernel-debuginfo-common-aarch64-0:4.18.0-147.el8
  • kernel-debuginfo-common-ppc64le-0:4.18.0-147.el8
  • kernel-debuginfo-common-s390x-0:4.18.0-147.el8
  • kernel-debuginfo-common-x86_64-0:4.18.0-147.el8
  • kernel-devel-0:4.18.0-147.el8
  • kernel-doc-0:4.18.0-147.el8
  • kernel-headers-0:4.18.0-147.el8
  • kernel-modules-0:4.18.0-147.el8
  • kernel-modules-extra-0:4.18.0-147.el8
  • kernel-tools-0:4.18.0-147.el8
  • kernel-tools-debuginfo-0:4.18.0-147.el8
  • kernel-tools-libs-0:4.18.0-147.el8
  • kernel-tools-libs-devel-0:4.18.0-147.el8
  • kernel-zfcpdump-0:4.18.0-147.el8
  • kernel-zfcpdump-core-0:4.18.0-147.el8
  • kernel-zfcpdump-debuginfo-0:4.18.0-147.el8
  • kernel-zfcpdump-devel-0:4.18.0-147.el8
  • kernel-zfcpdump-modules-0:4.18.0-147.el8
  • kernel-zfcpdump-modules-extra-0:4.18.0-147.el8
  • perf-0:4.18.0-147.el8
  • perf-debuginfo-0:4.18.0-147.el8
  • python3-perf-0:4.18.0-147.el8
  • python3-perf-debuginfo-0:4.18.0-147.el8
  • kernel-0:4.14.0-115.18.1.el7a
  • kernel-abi-whitelists-0:4.14.0-115.18.1.el7a
  • kernel-bootwrapper-0:4.14.0-115.18.1.el7a
  • kernel-debug-0:4.14.0-115.18.1.el7a
  • kernel-debug-debuginfo-0:4.14.0-115.18.1.el7a
  • kernel-debug-devel-0:4.14.0-115.18.1.el7a
  • kernel-debuginfo-0:4.14.0-115.18.1.el7a
  • kernel-debuginfo-common-aarch64-0:4.14.0-115.18.1.el7a
  • kernel-debuginfo-common-ppc64le-0:4.14.0-115.18.1.el7a
  • kernel-debuginfo-common-s390x-0:4.14.0-115.18.1.el7a
  • kernel-devel-0:4.14.0-115.18.1.el7a
  • kernel-doc-0:4.14.0-115.18.1.el7a
  • kernel-headers-0:4.14.0-115.18.1.el7a
  • kernel-kdump-0:4.14.0-115.18.1.el7a
  • kernel-kdump-debuginfo-0:4.14.0-115.18.1.el7a
  • kernel-kdump-devel-0:4.14.0-115.18.1.el7a
  • kernel-tools-0:4.14.0-115.18.1.el7a
  • kernel-tools-debuginfo-0:4.14.0-115.18.1.el7a
  • kernel-tools-libs-0:4.14.0-115.18.1.el7a
  • kernel-tools-libs-devel-0:4.14.0-115.18.1.el7a
  • perf-0:4.14.0-115.18.1.el7a
  • perf-debuginfo-0:4.14.0-115.18.1.el7a
  • python-perf-0:4.14.0-115.18.1.el7a
  • python-perf-debuginfo-0:4.14.0-115.18.1.el7a
  • bpftool-0:3.10.0-1127.el7
  • bpftool-debuginfo-0:3.10.0-1127.el7
  • kernel-0:3.10.0-1127.el7
  • kernel-abi-whitelists-0:3.10.0-1127.el7
  • kernel-bootwrapper-0:3.10.0-1127.el7
  • kernel-debug-0:3.10.0-1127.el7
  • kernel-debug-debuginfo-0:3.10.0-1127.el7
  • kernel-debug-devel-0:3.10.0-1127.el7
  • kernel-debuginfo-0:3.10.0-1127.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-1127.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-1127.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-1127.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-1127.el7
  • kernel-devel-0:3.10.0-1127.el7
  • kernel-doc-0:3.10.0-1127.el7
  • kernel-headers-0:3.10.0-1127.el7
  • kernel-kdump-0:3.10.0-1127.el7
  • kernel-kdump-debuginfo-0:3.10.0-1127.el7
  • kernel-kdump-devel-0:3.10.0-1127.el7
  • kernel-tools-0:3.10.0-1127.el7
  • kernel-tools-debuginfo-0:3.10.0-1127.el7
  • kernel-tools-libs-0:3.10.0-1127.el7
  • kernel-tools-libs-devel-0:3.10.0-1127.el7
  • perf-0:3.10.0-1127.el7
  • perf-debuginfo-0:3.10.0-1127.el7
  • python-perf-0:3.10.0-1127.el7
  • python-perf-debuginfo-0:3.10.0-1127.el7
  • kernel-rt-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-debug-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-debug-devel-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-debug-kvm-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-debuginfo-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-devel-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-doc-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-kvm-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-trace-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-trace-devel-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-trace-kvm-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-1127.rt56.1093.el7

References